​​​​​​Legal Framework for Personal Data Protection

Charter of Fundamental Rights

The right to personal data protection is a fundament​​​al right and one of the core values of the European Union (‘EU’). It is enshrined in the EU’s Charter of Fundamental Rights (the ‘Charter’). Under the Charter, everyone has the right to the protection of their personal data (Article 8(1)).

The Charter became legally binding with the entry into force of the Treaty of Lisbon on , which gave the Charter the same legal value as the constitutional treaties of the EU.

Treaty on the Functioning of the European Union

Article 16(1) of the Treaty on the Functioning of the European Union (‘TFEU’) provides that everyone has the right to the protection of their personal data. The EU is unique in providing a constitutional obligation to lay down data protection rules for processing personal data.

EU Data Protection Regulation

Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, repealing Regulation (EC) 45/2001 and Decision № 1247/2002/EC (‘EUDPR’).

European Court of Auditors: Internal Rules

  1. Restrictions of certain data subjects rights

    Decision № 42/2021 of the European Court of Auditors of 20 May 2021 adopting internal rules concerning restrictions of certain rights of data subjects in relation to the processing of personal data in the framework of activities carried out by the European Court of Auditors.

  2. DPO implementing rules

    Decision № 40/2021 adopting implementing rules concerning the Data Protection Officer pursuant to Article 45(3) EUDPR.

Other relevant references regarding the protection of privacy and personal data

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or ‘GDPR’).

  • Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, repealing Council framework Decision 2008/977/JH (‘LED Directive’).

  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (‘ePrivacy Directive’).

  • European Convention for the Protection of Human Rights and Fundamental Freedoms and in particular Article 8, considering that the aim of the Council of Europe is to recognise, maintain and protect human rights and fundamental freedoms such as the right to respect for private life.

  • Convention 108 of the Council of Europe of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data. In 2018, the Council of Europe modernised the convention, adopting Convention 108+.


Български  
Español  
Čeština  
Dansk  
Deutsch  
Eesti keel  
Ελληνικά  
Français  
Gaeilge  
Hrvatski  
Italiano  
Latviešu valoda  
Lietuvių kalba  
Magyar  
Malti  
Nederlands  
Polski  
Português  
Română  
Slovenčina  
Slovenščina  
Suomi  
Svenska  

European Court of Auditors - 12, rue Alcide De Gasperi - 1615 LUXEMBOURG - Tel. : +352 4398-1