Law
Read books online » Law » GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (best novels to read for beginners txt) 📖

Book online «GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (best novels to read for beginners txt) 📖». Author Adv. Prashant Mali



1 ... 52 53 54 55 56 57 58 59 60 ... 71
Go to page:
a third party, even another EU institution, is an interference with that right, whatever the final use. Such interference may be justified if it is “in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”

Regulation 45/2001 establishes that inter-institutional transfers are foreseen. However, Article 7 is very general. Further, Article 6 states that personal data shall only be processed for purposes other than those for which they were collected if the change of purpose has been expressly foreseen by the rules of the EU institution, which was not the case here.

The criterion “necessary in a democratic society” is met if it is necessary to respond to a social imperative, and if it is proportionate to the legitimate end and the reasons specified are relevant and sufficient. The national authority has a limited margin of discretion. The right to privacy of medical data is protected by the EU juridical order, not only to protect the private life of the sick but also to preserve their confidence in the medical body and the medical services in general. The possibility to transfer such data to another institution calls for a particularly rigorous examination. Thus the interest of the Parliament to recruit a person able to exercise his duties must be balanced against the gravity of the interference of the right of the person concerned. The interest of the Parliament to conduct the medical examination does not justify the transfer without the consent of the person concerned. The data are very sensitive, were collected nearly two years before, for a specified purpose, by an institution for which the applicant did not work. The need of the Parliament could have been met by less intrusive means.

Article 1 specifies that EU institutions protect the fundamental rights of natural persons, in particular their right to privacy with respect to processing their personal data. Thus, the provisions of the Regulation may not be read as legitimising an interference to the right to privacy. The purpose for the Commission's collection of the data was to determine the applicant's fitness to perform the duties in the Commission's post. Using them to determine her fitness for the post with the Parliament constituted a change of purpose. Each institution is an independent employer, and is autonomous in the management of its personnel. The change of purpose was not foreseen in any legal text.

* * *

APPENDIX 1: RECITALS [1 to 173]

Data protection as a fundamental right

The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.

 

Respect of the fundamental rights and freedoms

The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

 

Directive 95/46/EC harmonization

Directive 95/46/EC of the European Parliament and of the Council seeks to harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States.

 

Data protection in balance with other fundamental rights

The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.

 

Cooperation between Member States to exchange personal data

The economic and social integration resulting from the functioning of the internal market has led to a substantial increase in cross-border flows of personal data. The exchange of personal data between public and private actors, including

 

 

natural persons, associations and undertakings across the Union has increased. National authorities in the Member States are being called upon by Union law to cooperate and exchange personal data so as to be able to perform their duties or carry out tasks on behalf of an authority in another Member State.

 

Ensuring a high level of data protection despite the increased exchange of data

Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.

 

The framework is based on control and certainty

Those developments require a strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market. Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced.

 

Adoption into national law

Where this Regulation provides for specifications or restrictions of its rules by Member State law, Member States may, as far as necessary for coherence and for making the national provisions comprehensible to the persons to whom they apply, incorporate elements of this Regulation into their national law.

 

Different standards of protection by the Directive 95/46/EC

The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the implementation of data protection across the Union, legal uncertainty or a widespread public perception that there are significant risks to the protection of natural persons, in particular with regard to online activity. Differences in the level of protection of the rights and freedoms of natural persons, in particular the right to the protection of personal data, with regard to the processing of personal data in the Member States may prevent the free flow of personal data throughout the Union. Those differences may therefore constitute an

 

obstacle to the pursuit of economic activities at the level of the Union, distort competition and impede authorities in the discharge of their responsibilities under Union law. Such a difference in levels of protection is due to the existence of differences in the implementation and application of Directive 95/46/EC.

 

Harmonised level of data protection despite national scope

In order to ensure a consistent and high level of protection of natural persons and to remove the obstacles to flows of personal data within the Union, the level of protection of the rights and freedoms of natural persons with regard to the processing of such data should be equivalent in all Member States. Consistent and homogenous application of the rules for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data should be ensured throughout the Union. Regarding the processing of personal data for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Member States should be allowed to maintain or introduce national provisions to further specify the application of the rules of this Regulation. In conjunction with the general and horizontal law on data protection implementing Directive 95/46/EC, Member States have several sector-specific laws in areas that need more specific provisions. This Regulation also provides a margin of manoeuvre for Member States to specify its rules, including for the processing of special categories of personal data (‘sensitive data’). To that extent, this Regulation does not exclude Member State law that sets out the circumstances for specific processing situations, including determining more precisely the conditions under which the processing of personal data is lawful.

 

Harmonisation of the powers and sanctions

Effective protection of personal data throughout the Union requires the strengthening and setting out in detail of the rights of data subjects and the obligations of those who process and determine the processing of personal data, as well as equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data and equivalent sanctions for infringements in the Member States.

 

Authorization of the European Parliament and the Council

Article 16(2) TFEU mandates the European Parliament and the Council to lay down the rules relating to the protection of natural persons with regard to the processing of personal data and the rules relating to the free movement of personal data.

 

Taking account of micro, small and medium-sized enterprises

In order to ensure a consistent level of protection for natural persons throughout the Union and to prevent divergences hampering the free movement of personal data within the internal market, a Regulation is necessary to provide legal certainty and transparency for economic operators, including micro, small and medium-sized enterprises, and to provide natural persons in all Member States with the same level of legally enforceable rights and obligations and responsibilities for controllers and processors, to ensure consistent monitoring of the processing of personal data, and equivalent sanctions in all Member States as well as effective cooperation between the supervisory authorities of different Member States. The proper functioning of the internal market requires that the free movement of personal data within the Union is not restricted or prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. To take account of the specific situation of micro, small and medium-sized enterprises, this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping. In addition, the Union institutions and bodies, and Member States and their supervisory authorities, are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of this Regulation. The notion of micro, small and medium-sized enterprises should draw from Article 2 of the Annex to Commission Recommendation 2003/361/EC

 

Not applicable to legal persons

In order to prevent creating a serious risk of circumvention, the protection of natural persons should be technologically neutral and should not depend on the techniques used. The protection of natural persons should apply to the processing of personal data by automated means, as well as to manual processing, if the personal data are contained or are intended to be contained in a filing system. Files or sets of files, as well as their cover pages, which are not structured according to specific criteria should not fall within the scope of this Regulation.

 

Technology neutrality

In order to prevent creating a serious risk of circumvention, the protection of natural persons should be technologically neutral and should not depend on the techniques used. The protection of natural persons should apply to the processing of personal data by automated means, as well as to manual processing, if the personal data are contained or are intended to be contained in a filing system. Files or sets of

1 ... 52 53 54 55 56 57 58 59 60 ... 71
Go to page:

Free ebook «GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (best novels to read for beginners txt) 📖» - read online now

Comments (0)

There are no comments yet. You can be the first!
Add a comment