Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Ensuring citizens’ privacy: the European Data Protection Supervisor

Legal status of the document This summary has been archived and will not be updated. See 'Protection of individuals with regard to the processing of personal data by EU institutions, bodies, offices and agencies' for an updated information about the subject.

Ensuring citizens’ privacy: the European Data Protection Supervisor

This European Union law sets out to ensure that citizens’ fundamental rights and freedoms, in particular the right to privacy with respect to the processing of personal data* by EU institutions and bodies, is respected.

ACT

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data.

SUMMARY

This European Union law sets out to ensure that citizens’ fundamental rights and freedoms, in particular the right to privacy with respect to the processing of personal data* by EU institutions and bodies, is respected.

WHAT DOES THE REGULATION DO?

It establishes the European Data Protection Supervisor (EDPS). It sets out the rules to ensure that personal data managed by EU institutions and bodies is respected and defines citizens’ rights in this respect.

KEY POINTS

The European Data Protection Supervisor

This regulation provides for the establishment of an EDPS, the authority responsible for monitoring the application of the data protection rules by EU institutions and bodies. Citizens can lodge complaints directly with the EDPS if they consider their data protection rights under the regulation have not been respected.

Each EU institution and body must appoint at least one data protection officer with the task of cooperating with the EDPS and ensuring that the rights and freedoms of data subjects are not compromised through data processing.

Personal data and data processing

Under the regulation, and for the purpose for which they were collected, personal data must be:

  • processed fairly and lawfully;
  • for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • kept in a form which identifies the subject no longer than necessary.

Further processing of personal data for historical, statistical or scientific purposes is permitted if there are appropriate safeguards about anonymity.

Personal data may be processed only if it is:

  • necessary for a task carried out in the public interest;
  • in compliance with a legal obligation;
  • a case where unambiguous consent has been given;
  • to protect the vital interests of the data subject.

Citizens’ rights

The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and of data concerning health or sex life, as well as data relating to criminal offences, is in principle prohibited, unless for the reasons expressly authorised by law.

Citizens enjoy legally enforceable rights under the regulation, such as the right to access, rectify, block or erase personal data held by EU institutions and bodies.

WHEN DOES THE REGULATION APPLY?

From 1 February 2001.

KEY TERMS

* Personal data: any information relating to an identifiable person or ‘data subject’ in terms of such attributes as physical, mental, economic, cultural or social identity.

* Processing of personal data: an operation performed on personal data, such as collection, storage, use, alteration, transmission, dissemination or erasure.

For more information see the European Data Protection Supervisor website.

REFERENCES

Act

Entry into force

Deadline for transposition in the Member States

Official Journal

Regulation (EC) No 45/2001

1.2.2001

-

OJ L 8, 12.1.2001, pp. 1-22

Corrigendum

-

-

OJ L 164, 26.6.2007, pp. 36-36

RELATED ACTS

Commission Decision 2008/597/EC of 3 June 2008 adopting implementing rules concerning the Data Protection Officer pursuant to Article 24(8) of Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (Official Journal L 193, 22.7.2008, pp. 7-11).

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Official Journal L 281, 23.11.1995, pp. 31-50).

last update 12.06.2015

Top