The sources of Data Protection Law
Data Protection law has various sources, which are discussed in further detail in Chapter 6 of Privacy and Data protection Law in Ireland. was recognised as a fundamental right by the EU Charter of Fundamental Rights, which entered into force in 2009.However the seminal source of Europe’s data protection laws is the Strasbourg Convention from 1981. This Convention remains in force and the Council continues to take an active interest in the field. The Data Protection Act 1988 gave effect to the Convention in Ireland.
The EU then enacted the Data Protection Directive in 1995 (also known as Directive 95/46); this was implemented by the Data Protection Act 2003 which amended the Data Protection Act 1988 to create the Data Protection Acts .
This was then followed by the ePrivacy Directive in 2002, which was subsequently updated in 2009 and is now implemented by SI 336/2001. These laws are specifically focused upon data protection on electronic communications networks.
The Lisbon Treaty came into force on 1st December 2009. It changed inserted data protection into the EU Treaties in two ways. Firstly Article 8 of the EU Charter of Fundamental Rights provides for the protection of personal data:
- “Everyone has the right to the protection of personal data concerning him or her.
- “Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- “Compliance with these rules shall be subject to control by an independent authority.
Secondly, Article 16 of the Treaty on the Functioning of the EU provides:
- “Everyone has the right to the protection of personal data concerning them.
- “The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. Compliance with these rules shall be subject to the control of independent authorities…”
The EU’s legislature is currently considering proposals for data protection reform.