The EU General Data Protection Regulation (GDPR) corvina logo

Szerkesztők: Christopher Kuner; Laura Drechsler; Lee A. Bygrave; Christopher Docksey
Cím: The EU General Data Protection Regulation (GDPR)
Alcím: A commentary
Megjelenési adatok: Oxford University Press, Oxford - New York, 2020. | ISBN: 978-0-19-882649-1

coverimage It is a truism that the law lags behind technology. The British Statute of Anne enacted in 1710, considered to be the world’s first legislation to grant copyright under public law, appeared over 250 years after Gutenberg introduced the movable type printing press. By that reckoning, data protection law has reacted with nimble vigour to the digitalisation of society and the economy. The EU’s General Data Protection Regulation (‘GDPR’) must be viewed in the context of the worldwide trend to adopt similar laws, a trend inspired by the EU itself. On the adoption of the GDPR’s predecessor, Directive 95/​46/​EC, around 30 countries had similar rules, and the bulk of these were within Western Europe; now there are almost 130, across all continents. The EU remains, however, wholly unique in one sense—​it is the only jurisdiction whose own constitution, in the form of Article 8 of the Charter of Fundamental Rights and Article 16 of the Treaty on the Functioning of the European Union, obliges the adoption of comprehensive rules for the protection of personal data. The GDPR is indeed comprehensive: its material and territorial scope matches the depth and breadth of digital technologies’ encroachment (welcome or not) into our lives; updated or brand new rights and obligations with regards to profiling, automated decision-​making, portability, erasure and other areas take aim at standard practices which potentially harm the individual; and the powers of independent supervisory authorities are expanded at the same time as the requirements for them to cooperate and apply the law consistently are set down in remarkable detail. This towering new Commentary unfolds, in thoughtful and erudite detail, the context, significance and interplay of each of the GDPR’s 173 recitals and 99 articles. It will become indispensable to anyone expected to engage actively with the Regulation and its counterparts beyond the EU. By implication the Commentary also illustrates the massive scale of the challenge facing all of us in the data protection and human rights community. The GDPR is an extraordinary legislative achievement, and yet it is only one piece of a much bigger puzzle. Enforcement will be contested and loopholes explored. On the one hand, it has already had an enormous impact on the perception of privacy by individuals, companies and governments, and its influence—​combined with the Charter—​can be seen in the increasingly positive and expert jurisprudence of the CJEU and national courts. On the other hand, its limits will inevitably be challenged as machine learning, ubiquitous and covert surveillance, genetic engineering and other techniques expand against a backdrop of ever starker global inequalities. These technologies will have a profound impact—​one that is already being felt—​on the dignity not only of individuals but also of groups and whole societies. That is why I expect the next generation will see the GDPR as a staging post, important but incomplete, in humanity’s endless grappling with what is possible, what is lawful and what is right—​in other words, with the legal and ethical challenges that we are confronted with in our digitised world...
Kategóriák: Jogtudomány
Tárgyszavak: Európai Unió, Kommentár, Adatvédelem, GDPR, Jog és jogalkotás, Adatvédelem szabályozás, Európai Unió országai
Formátum: OCR szöveg
Típus: könyv

Védett tartalom, csak terminálról érhető el.

Tartalomjegyzék

Cover
Titlepage
Impressum
Foreword
[V]-VI
Editors' Preface
[VII]-IX
Contents
[XI]-XVI
Table of Cases
[XVII]-XXVIII
Table of Instruments
[XXXIX]-LXXXV
List of Abbreviations
[LXXXVII]-LXXXVIII
List of Contributors
[LXXXIX]-XCI
Background and Evolution of the EU General Data Protection Regulation (GDPR) (Christopher Kuner, Lee A. Bygrave and Christopher Docksey)
[1]-2
I. Introduction
2-3
II. The legislative history
3-10
III. The evolution of the text
10-47
Chapter I: General Provisions (Articles 1–​4)
48-308
   Article 1 Subject-​matter and objectives (Hielke Hijmans)
48-59
   Article 2 Material scope (Herke Kranenborg)
60-73
   Article 3 Territorial scope (Dan Jerker B. Svantesson)
74-99
   Article 4 Definitions (Luca Tosoni and Lee A. Bygrave)
100-308
      Article 4(1) Personal data (Lee A. Bygrave and Luca Tosoni)
103-115
      Article 4(2) Processing (Luca Tosoni and Lee A. Bygrave)
116-122
      Article 4(3) Restriction of processing (Luca Tosoni)
123-126
      Article 4(4) Profiling (Lee A. Bygrave)
127-131
      Article 4(5) Pseudonymisation (Luca Tosoni)
132-137
      Article 4(6) Filing system (Luca Tosoni)
138-144
      Article 4(7) Controller (Lee A. Bygrave and Luca Tosoni)
145-156
      Article 4(8) Processor (Lee A. Bygrave and Luca Tosoni)
157-162
      Article 4(9) Recipient (Luca Tosoni)
163-169
      Article 4(10) Third party (Luca Tosoni)
170-173
      Article 4(11) Consent (Lee A. Bygrave and Luca Tosoni)
174-187
      Article 4(12) Personal data breach (Luca Tosoni)
188-195
      Article 4(13) Genetic data (Lee A. Bygrave and Luca Tosoni)
196-206
      Article 4(14) Biometric data (Lee A. Bygrave and Luca Tosoni)
207-216
      Article 4(15) Data concerning health (Lee A. Bygrave and Luca Tosoni)
217-224
      Article 4(16) Main establishment (Luca Tosoni)
225-237
      Article 4(17) Representative (Luca Tosoni)
238-245
      Article 4(18) Enterprise (Lee A. Bygrave and Luca Tosoni)
246-252
      Article 4(19) Group of undertakings (Luca Tosoni)
253-256
      Article 4(20) Binding corporate rules (Luca Tosoni)
257-264
      Article 4(21) Supervisory authority (Lee A. Bygrave)
265-271
      Article 4(22) Supervisory authority concerned (Luca Tosoni)
272-278
      Article 4(23) Cross-​border processing (Luca Tosoni)
279-287
      Article 4(24) Relevant and reasoned objection (Luca Tosoni)
288-291
      Article 4(25) Information society service (Luca Tosoni)
292-302
      Article 4(26) International organisation (Lee A. Bygrave and Luca Tosoni)
303-308
Chapter II: Principles (Articles 5–​11)
309-397
   Article 5 Principles relating to processing of personal data (Cécile de Terwangne)
309-320
   Article 6 Lawfulness of processing (Waltraut Kotschy)
321-344
   Article 7 Conditions for consent (Eleni Kosta)
345-354
   Article 8 Conditions applicable to child’s consent in relation to information society services (Eleni Kosta)
355-364
   Article 9 Processing of special categories of personal data (Ludmila Georgieva and Christopher Kuner)
365-384
   Article 10 Processing of personal data relating to criminal convictions and offences (Ludmila Georgieva)
385-390
   Article 11 Processing which does not require identification (Ludmila Georgieva)
391-397
Chapter III: Rights of the Data Subject (Articles 12–​23)
398-554
   Section 1 Transparency and modalities
398-412
      Article 12 Transparent information, communication and modalities for the exercise of the rights of the data subject (Radim Polčák)
398-412
   Section 2 Information and access to personal data
413-468
      Article 13 Information to be provided where personal data are collected from the data subject (Gabriela Zanfir-​Fortuna)
413-433
      Article 14 Information to be provided where personal data have not been obtained from the data subject (Gabriela Zanfir-​Fortuna)
434-448
      Article 15 Right of access by the data subject (Gabriela Zanfir-​Fortuna)
449-468
   Section 3 Rectification and erasure
469-507
      Article 16 Right to rectification (Cécile de Terwangne)
469-474
      Article 17 Right to erasure (‘right to be forgotten’) (Herke Kranenborg)
475-484
      Article 18 Right to restriction of processing (Gloria González Fuster)
485-491
      Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing (Gloria González Fuster)
492-496
      Article 20 Right to data portability (Orla Lynskey)
497-507
   Section 4 Right to object and automated individual decision-making
508-
      Article 21 Right to object (Gabriela Zanfir-​Fortuna)
508-521
      Article 22 Automated individual decision-​making, including profiling (Lee A. Bygrave)
522-542
   Section 5 Restrictions
543-554
      Article 23 Restrictions (Dominique Moore)
543-554
Chapter IV: Controller and Processor (Articles 24–​43)
555-754
   Section 1 General obligations
555-629
      Article 24 Responsibility of the controller (Christopher Docksey)
555-570
      Article 25 Data protection by design and by default (Lee A. Bygrave)
571-581
      Article 26 Joint controllers (Christopher Millard and Dimitra Kamarinou)
582-588
      Article 27 Representatives of controllers or processors not established in the Union (Christopher Millard and Dimitra Kamarinou)
589-598
      Article 28 Processor (Christopher Millard and Dimitra Kamarinou)
599-611
      Article 29 Processing under the authority of the controller or processor (Christopher Millard and Dimitra Kamarinou)
612-615
      Article 30 Records of processing activities (Waltraut Kotschy)
616-624
      Article 31 Cooperation with the supervisory authority (Waltraut Kotschy)
625-629
   Section 2 Security of personal data
630-664
      Article 32 Security of processing (Cédric Burton)
630-639
      Article 33 Notification of a personal data breach to the supervisory authority (Cédric Burton)
640-653
      Article 34 Communication of a personal data breach to the data subject (Cédric Burton)
654-664
   Section 3 Data protection impact assessment and prior consultation
665-687
      Article 35 Data protection impact assessment (Eleni Kosta)
665-679
      Article 36 Prior consultation (Cecilia Alvarez Rigaudias and Alessandro Spina)
680-687
   Section 4 Data protection officer
688-715
      Article 37 Designation of the data protection officer (Cecilia Alvarez Rigaudias and Alessandro Spina)
688-699
      Article 38 Position of the data protection officer (Cecilia Alvarez Rigaudias and Alessandro Spina)
700-708
      Article 39 Tasks of the data protection officer (Cecilia Alvarez Rigaudias and Alessandro Spina)
709-715
   Section 5 Codes of conduct and certification
716-754
      Article 40 Codes of conduct (Irene Kamara)
716-724
      Article 41 Monitoring of approved codes of conduct (Irene Kamara)
725-731
      Article 42 Certification (Ronald Leenes)
732-743
      Article 43 Certification bodies (Ronald Leenes)
744-754
Chapter V: Transfers of Personal Data to Third Countries or International Organisations (Articles 44–​50)
755-862
   Article 44 General principle for transfers (Christopher Kuner)
755-770
   Article 45 Transfers on the basis of an adequacy decision (Christopher Kuner)
771-796
   Article 46 Transfers subject to appropriate safeguards (Christopher Kuner)
797-812
   Article 47 Binding corporate rules (Christopher Kuner)
813-824
   Article 48 Transfers or disclosures not authorised by Union law (Christopher Kuner)
825-840
   Article 49 Derogations for specific situations (Christopher Kuner)
841-856
   Article 50 International cooperation for the protection of personal data (Christopher Kuner)
857-862
Chapter VI: Independent Supervisory Authorities (Articles 51–​59)
863-952
   Section 1 Independent status
863-901
      Article 51 Supervisory authority (Hielke Hijmans)
863-872
      Article 52 Independence (Thomas Zerdick)
873-883
      Article 53 General conditions for the members of the supervisory authority (Hielke Hijmans)
884-892
      Article 54 Rules on the establishment of the supervisory authority (Hielke Hijmans)
893-901
   Section 2 Competence, tasks and powers
902-952
      Article 55 Competence (Hielke Hijmans)
902-912
      Article 56 Competence of the lead supervisory authority (Hielke Hijmans)
913-926
      Article 57 Tasks (Hielke Hijmans)
927-938
      Article 58 Powers (Ludmila Georgieva and Matthias Schmidl)
939-948
      Article 59 Activity reports (Hielke Hijmans)
949-952
Chapter VII: Cooperation and Consistency (Articles 60–​76)
953-1116
   Section 1 Cooperation
953-994
      Article 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned (Luca Tosoni)
953-972
      Article 61 Mutual assistance (Peter Blume)
973-985
      Article 62 Joint operations of supervisory authorities (Peter Blume)
986-994
   Section 2 Consistency
995-1040
      Article 63 Consistency mechanism (Patrick Van Eecke and Anrijs Šimkus)
995-1004
      Article 64 Opinion of the Board (Patrick Van Eecke and Anrijs Šimkus)
1005-1013
      Article 65 Dispute resolution by the Board (Hielke Hijmans)
1014-1026
      Article 66 Urgency procedure (Ludmila Georgieva)
1027-1031
      Article 67 Exchange of information (Patrick Van Eecke and Anrijs Šimkus)
1032-1040
   Section 3 European Data Protection Board
1041-1116
      Article 68 European Data Protection Board (Christopher Docksey)
1041-1054
      Article 69 Independence (Christopher Docksey)
1055-1068
      Article 70 Tasks of the Board (Christopher Docksey)
1069-1084
      Article 71 Reports (Christopher Docksey)
1085-1089
      Article 72 Procedure (Christopher Docksey)
1090-1094
      Article 73 Chair (Christopher Docksey)
1095-1097
      Article 74 Tasks of the Chair (Christopher Docksey)
1098-1101
      Article 75 Secretariat (Christopher Docksey)
1102-1110
      Article 76 Confidentiality (Christopher Docksey)
1111-116
Chapter VIII: Remedies, Liability and Penalties (Articles 77–​84)
1117-1201
   Article 77 Right to lodge a complaint with a supervisory authority (Waltraut Kotschy)
1117-1124
   Article 78 Right to an effective judicial remedy against a supervisory authority (Waltraut Kotschy)
1125-1132
   Article 79 Right to an effective judicial remedy against a controller or processor (Waltraut Kotschy)
1133-1141
   Article 80 Representation of data subjects (Gloria González Fuster)
1142-1152
   Article 81 Suspension of proceedings (Waltraut Kotschy)
1153-1159
   Article 82 Right to compensation and liability (Gabriela Zanfir-​Fortuna)
1160-1179
   Article 83 General conditions for imposing administrative fines (Waltraut Kotschy)
1180-1193
   Article 84 Penalties (Orla Lynskey)
1194-1201
Chapter IX: Provisions Relating to Specific Processing
1202-1267
   Situations (Articles 85–​91)
1202-1267
      Article 85 Processing and freedom of expression and information (Herke Kranenborg)
1202-1212
      Article 86 Processing and public access to official documents (Herke Kranenborg)
1213-1222
      Article 87 Processing of the national identification number (Patrick Van Eecke and Anrijs Šimkus)
1223-1228
      Article 88 Processing in the context of employment (Patrick Van Eecke and Anrijs Šimkus)
1229-1239
      Article 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Christian Wiese Svanberg)
1240-1251
      Article 90 Obligations of secrecy (Christian Wiese Svanberg)
1252-1256
      Article 91 Existing data protection rules of churches and religious associations (Luca Tosoni)
1257-1267
Chapter X: Delegated Acts and Implementing Acts (Articles 92–​93)
1268-1290
   Article 92 Exercise of the delegation (Luca Tosoni)
1268-1277
   Article 93 Committee procedure (Luca Tosoni)
1278-1290
Chapter XI: Final Provisions (Articles 94–​99)
1291-1321
   Article 94 Repeal of Directive 95/​46/​EC (Dominique Moore)
1291-1293
   Article 95 Relationship with Directive 2002/​58/​EC (Piedade Costa de Oliveira)
1294-1301
   Article 96 Relationship with previously concluded Agreements (Dominique Moore)
1302-1307
   Article 97 Commission reports (Thomas Zerdick)
1308-1311
   Article 98 Review of other Union legal acts on data protection (Luca Tosoni)
1312-1319
   Article 99 Entry into force and application (Dominique Moore)
1320-1321
Index
1323-1393