Tải bản đầy đủ - 0trang
18 The CJEU Also Promotes Integration and Acts as an Umpire Where Other Public Interests or Other Governmental Actors Have an Impact on the Exercise of Article 16 (1) TFEU
5 Understanding and Assessing the Contribution of the CJEU to the Mandate Under…
An integrationist approach of the Court prevents Member States from deviating
from the harmonised level of data protection, and, at the same time, means that the
Member States are limited in the exercise of competences which compete with
Article 16 TFEU. The function of integration may also prevent a Member State
from requiring – in the national context – a level of data protection that is higher
than the level of protection agreed for the European Union.
The Court of Justice also adjudicates – as umpire – on disputes on competences
between the European institutions, which have nothing to do with integration. The
dispute before the Court on passenger name records (PNR) between, on the one
hand, the European Parliament and, on the other hand, the Commission and the
Council on the occasion of the first PNR agreement between the EU and the US is
an example of the latter. In this case, the European Parliament successfully challenged the competence of the Commission and the Council to enter into an agreement with the US on the transfer and use of passenger name records of air passengers,
but not because the European Parliament disagreed that the subject matter should be
dealt with at EU level.406
arket Integration: An Additional Interest to Be Taken
into Account by the CJEU
The function of market integration is important in data protection, if only because
EU data protection law is also in the interest of the internal market. Recital (3) of
Directive 95/46 emphasises the free flow of personal data. Although after the Lisbon
Treaty the internal market component lost importance,407 the reform of the legislative framework for data protection is closely linked to the creation of a digital single
market,408 which requires for instance a more coherent framework.409 Market integration played a role in ASNEF and FEMCED where the European Court of Justice
ruled that Member States did not have discretion to specify a specific provision of
European data protection law, namely Article 7(f) of Directive 95/46. The Court
referred to the impact of national data protection rules on the internal market,
: Joined cases C-317/04 and C-318/04, European Parliament v Council Union (C-317/04) and
Commission (C-318/04), EU:C:2006:346. Summary in: Paul Craig and Grainne de Búrca, EU
Law, Text, Cases and Material (Fifth Edition) Oxford University Press, 2011, at 308. See on the
case: C. Docksey in Data protection anno 2014: how to restore trust? Contributions in honour of
Peter Hustinx, European Data Protection Supervisor (2004–2014), Hielke Hijmans and Herke
Kranenborg (eds), Intersentia 2014, at 100–106.
As explained in Chap. 7, Sect. 7.9, in relation to the CJEU’s case law on the independence of the
data protection authorities.
See, e.g., the Conclusions of the European Council of 24 and 25 October 2013, www.consilium.
europa.eu/uedocs/cms_data/docs/pressdata/en/ec/139197.pdf, at 8.
Commission Proposal for a General Data Protection Regulation, COM (2012), 11 final,
Explanatory Memorandum, at 1.
5.18 The CJEU Also Promotes Integration and Acts as an Umpire Where Other Public… 253
emphasising that the directive intends to ensure an equivalent level of data protection in all Member States.410
The exercise of the rights to privacy and data protection influences other public
interests. This is recognised in Directive 95/46 itself. The directive contains exemptions and restrictions for a wide, but exhaustively listed number of interests.411
Moreover, the directive allows the processing of personal data if this is necessary for
the performance of a task carried out in the public interest,412 without specifying the
public interests at stake. The use of these exemptions and restrictions – quite often
at national level – does not only affect the level of fundamental rights protection but
also EU integration.
By way of example reference is made to the exemptions and restrictions on the
harmonised level of data protection in relation to national concerns of public health.
Public health is also mentioned in Article 36 TFEU, as a ground for justifying measures of Member States prohibiting or restricting the free movement of goods in the
European Union. A high level of health protection is furthermore recognised under
EU law in Article 168 TFEU and in Article 35 Charter413 as an objective to be pursued in all EU policies. Processing of personal data in the interest of a high level of
health protection may take place in a great variety of situations, from prevention and
the combat of serious cross-border health threats to medical research.414 A more
targeted use of personal data may take place if this “is necessary in order to protect
the vital interests of the data subject”, which, under Directive 95/46, is recognised
as a ground for the lawful processing of personal data. Vital interests are closely
related to the survival of the data subject.415 However, in the context of health protection quite often medical data of individuals are processed. They are special categories of data and, therefore, enjoy specific protection.416
In short, public health is a complicated area, where national policies interact with
the harmonised level of privacy and data protection under Article 16 TFEU. It
exemplifies that the use of national competences for public interests, like health,
adversely affects the level of integration reached under Article 16 TFEU. Market
integration is an additional interest to be taken into account by the Court of Justice,
where it rules on the basis of Article 16 TFEU, because of the close link between
privacy and data protection and the digital single market.
Joined cases C-468/10 and C-469/10, ASNEF and FECEMD, EU:C:2011:777, at 27–28.
Article 13 of the Directive.
Article 7(e) of the Directive.
Article 35 Charter also establishes a fundamental right of access to preventive health care and
the right to benefit from medical treatment, but that right is not directly relevant for the subject of
As illustrated by Article 89 (2) GDPR opening up for derogations under national law for research
Fundamental Rights Agency, Handbook on European data protection law (2nd edition) at 83.
Case C-101/01, Lindqvist, EU:C:2003:596, at 51. See also: I. v Finland, Application No.
20511/03, 17 July 2008.
5 Understanding and Assessing the Contribution of the CJEU to the Mandate Under…
he CJEU as an Umpire Between Different Powers:
Precise Answers by the CJEU Are Required, Where
the CJEU Adjudicates on Article 16 TFEU
and Relating Competences
Article 16 TFEU impacts on other public interests, such as security, that may require
exceptions or limitations to fundamental rights protection. Article 52(1) Charter
allows limitations to fundamental rights such as the rights to privacy and data protection “if they are necessary and genuinely meet objectives of general interest recognised by the Union”. Article 52(1) Charter encompasses a wide range of interests,
covering, for instance, the interests listed in Article 36 TFEU as possible exceptions
of free movement under EU law.417 Article 52(1) does not contain an exhaustive list
of interests, but it is defendable that the interests to which the Explanations refer
must considered to be exhaustive, in the light of the general requirement to interpret
limitations to fundamental rights restrictively.418 However, this exhaustive listing
does not give much guidance, since the Explanations refer to a wide range of interests and objectives. Moreover, the example of public health shows that applying
exceptions and limitations to data protection is complicated.
The restriction of the use of Article 52(1) Charter can, therefore, better be found
in the test of the seriousness of the invoked public interest. In this respect, there is a
similarity with the exceptions to free movement as developed in the case law of the
Court of Justice on free movement under the rule of reason, opening the door for
reasonable national measures restricting free movement.419
Often, the competence of the European Union under Article 16 TFEU impacts
on other competences of the Union or the Member States. The absence of EU competence or the limits posed on EU competence by competing competences can be
invoked by EU institutions420 or by the Member States. This interaction between the
Union and the Member States – which is most relevant for this book – is related to
managing centralisation, an inherent effect of the exercise of the Union’s mandate
under Article 16 TFEU, in connection with the competences of the Member States.421
Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, on Article 52.
In this sense, Peers and Prechal in: “The EU Charter of Fundamental Rights, A Commentary,”
Edited by Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing 2014, at
As developed in the case law on the free movement of goods, with as the leading case 120/78,
Rewe-Zentral, EU:C:1979:42 (better known as ‘Cassis de Dijon’); see: Koen Lenaerts and Piet van
Nuffel, European Union Law (Third edition) Sweet & Maxwell, 2010, at 9-039. See also: Peers
and Prechal in: “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers,
Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1455–1523.
An example in data protection is: Joined cases C-317/04 and C-318/04, European Parliament v
Council (C-317/04) and Commission (C-318/04), EU:C:2006:346. See also literature quoted in
This subject is mainly addressed in respect of the contributions of the legislator and of the DPAs.
The Court of Justice deals with the interaction with the Member States in a direct
manner, when the Union’s competence is challenged by a Member State because of
the absence of a sound legal basis,422 but also in more indirect ways in preliminary
procedures. An important parameter for measuring how the Court deals with the
discretionary powers of Member States is its preciseness in the answering of preliminary questions. It may apply a “doctrine of deference” leaving national judges
discretion in solving the cases or it may take an approach based on integration and
hierarchy, solving conflicts of law itself.423 A strong defender of a “doctrine of deference” is Gerards, who argues that leaving a wide margin of appreciation by the
Court to national instances enhances the legitimacy of the European Union.424
However, she accepts that a clear and serious impairment of a central objective of
the Treaties justifies an intensified judicial review.
Above we argued that effectively protecting privacy and data protection requires
that the Court of Justice answers preliminary questions in a precise manner. Precise
answers are also important where the Court adjudicates on the competences under
Article 16 TFEU and relating competences. The contrary view would prejudice a
harmonised and effective privacy and data protection, under the rule of law.
The judicial review of the fundamental rights to privacy and data protection by the
Court of Justice of the European Union is essential in making the Union’s mandate
under Article 16(1) TFEU work. The Court of Justice fulfils its role, for instance, by
systematically interpreting Directive 95/46 in the light of Articles 7 and 8 Charter.
The extensive role of the Court compensates to a certain extent for the democratic
deficit of the Union. Where the EU structures do not provide for satisfactory democratic control on the EU institutions and structures, individuals enjoy judicial protection, ultimately guaranteed by the Court.
The Court of Justice must deal with the remarkable features of Article 16 TFEU
and Article 8 Charter. As an example, the interpretation of the right to data protection under Article 8(2) Charter draws on the acquis laid down in Directive 95/46.
This reasoning is circular, since the Court interprets Directive 95/46 in the light of
the Articles 7 and 8 Charter (Sect. 5.2).
Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition) Sweet & Maxwell
2010, at 7-009 to 7-012 (and the cases mentioned there). In data protection, Case C-301/06, Ireland
v Parliament and Council, EU:C:2009:68.
Dóra Guðmundsdóttir, ‘A renewed emphasis on the Charter’s distinction between rights and
principles: Is a doctrine of judicial restraint more appropriate?’, CMLR, 52, Issue 3, pp. 685–719,
2015, at 709–718.
J.H. Gerards, Pluralism, Deference and the Margin of Appreciation Doctrine’, European Law
Journal, vol. 17–1, pp. 80–120, 2011, at 115–120.
5 Understanding and Assessing the Contribution of the CJEU to the Mandate Under…
The Court of Justice does not just interpret the law by solving the disputes
brought before it or by answering preliminary questions of national courts. In the
exercise of its tasks, the Court also acts as a constitutional court with three functions: the review of fundamental rights, market integration and umpire between the
various powers. The – perceived – activist role the Court plays qualifies it as a suitable actor for privacy and data protection on the internet. The preliminary ruling
procedure is a success, also in the field of privacy and data protection. However, the
case law of the Court is by definition incremental. The Court cannot develop a comprehensive policy for better protection (Sect. 5.3).
As explained, the extensive role of the Court of Justice compensates for the democratic deficit of the European Union, yet the Court has further legitimacy because
of its close link with national courts, in particular through the preliminary ruling
procedure. It enhances its legitimacy by properly balancing the interest of EU integration and national interests. The Court gives guidance, by adjudicating in cases
interpreting EU data protection legislation in the light of Articles 7 and 8 Charter.
Guidance by the Court is not sufficient for bridging the gap between general principles and practice; other mechanisms are also needed (Sect. 5.4).
Until the Lisbon Treaty, the Court of Justice referred to fundamental rights as
principles under Member States’ law and took account of the European Convention
on Human Rights. The Court ruled itself on possible infringements of fundamental
rights, as part of its task of ensuring a uniform interpretation of EU law. Over the
years, the importance of fundamental rights increased in the case law, but Articles 7
and 8 Charter were only mentioned once (Sect. 5.5).
The entry into force of the Lisbon Treaty prompted the Court of Justice to fundamentally change its approach in relation to fundamental rights. The Court’s assessment of limitations of a fundamental right focuses on proportionality. The Charter
has become the yardstick and has a wide scope, but with limits (Sect 5.6).
The test under the Charter is stringent, depending on a number of factors. The
nature of the fundamental right is such a factor. This factor is analysed in more
detail in this book, focusing on the question whether meaningful distinctions can be
made between fundamental rights, in order to improve the protection of the most
essential rights on the internet (Sect. 5.7).
Various methods of defining fundamental rights are useful for understanding
fundamental rights: a positive method, a method based on the nature of the right and
a method based on the historical background. All three methods have advantages in
understanding privacy and data protection in relation to other fundamental rights
The Charter does not establish any hierarchy between fundamental rights. This
book proposes a simple taxonomy enabling a difference in the standard of review
for fundamental rights protection on the internet, without creating a hierarchy. This
taxonomy has a number of purposes. Thus, it should prevent any weakening of privacy and data protection (and other fundamental rights that are most crucial for our
democracies), resulting from the equal protection of all rights. In addition, it should
assist in compensating for the particular challenges of certain rights on the internet,
and enable an efficient use of resources. Finally, it would allow a focus on extrater-
ritorial application of fundamental rights, taking into consideration legitimate
claims of third countries or international organisations (Sect. 5.9).
The book suggests that the legitimacy of the Court’s role would further improve,
were the Court to assess the application of the rights to privacy and data protection,
taking this simple taxonomy into account. Privacy and data protection fall within
the second category of fundamental rights, with a high impact on human dignity.
This means more concretely: (1) there is a necessity of protection in an online environment; (2) where needed, extraterritorial application of the rights must be safeguarded; (3) the rights should be applicable in horizontal relations; (4) restrictions
and limitations of these rights are subject to a strict test; (5) where a balance is
needed with other fundamental rights and public interests, the essential nature of the
rights to privacy and data protection should be taken into account; and (6) this may
lead to an approach where the Court adjudicates itself, and does not defer the matter
to the national courts (in preliminary ruling procedures). These requirements are in
line with the strict approach the Court already takes on privacy and data protection
The case law of the US Supreme Court differs from that of the EU Court of
Justice in respect of the balancing with free speech. It is therefore not surprising that
Google Spain and Google Inc. was heavily criticised in the US, because of its presumed impact on free speech. However, where privacy and data protection need to
be balanced with the public interest of security, there is synergy with the approach
of the US Supreme Court. Both Courts contributed to the legal development in relation to privacy and data protection in law enforcement, by taking account of the
intrusive consequences of the information society. For instance, the US Supreme
Court decided that, generally, a warrant is needed for searching a smartphone (Sect.
The link between the fundamental rights of privacy and data protection, on the
one hand, and freedom of expression and information, on the other hand, is changing and intensifying due to internet related developments. The dividing line between
private and public speech is becoming blurred, changes are caused by the impact of
a free and open internet, and new intermediaries, like search engines, play a role in
promoting freedom. The debate on the right to be forgotten demonstrates that,
where an individual is entitled to request deletion of personal data, this automatically impacts on the right to receive information under Article 11 Charter (Sect.
In Google Spain and Google Inc., the European Court of Justice takes into consideration the changed reality in the information society, which has an impact on
privacy and data protection and on the balancing between fundamental rights. The
ubiquitous availability of information implies a lack of control on the part of the
data subjects and potentially restricts their autonomy. The Court no longer takes a
deferential approach and gives search engines a social responsibility, giving them
the task of balancing between fundamental rights, a task close to the core tasks of
government (Sect. 5.13).
The right of access to documents gives effect to core values in society such as
transparency and democratic control. The Court of Justice scrutinises strictly, but
5 Understanding and Assessing the Contribution of the CJEU to the Mandate Under…
not where balancing is needed with privacy and data protection. Applicants invoking transparency must demonstrate the necessity of having access to documents if
these documents include personal data. The Court does not seem to balance privacy
and data protection on an equal footing with public access to documents (Sect.
There are different scholarly views on the status of the right to property as an
essential value in a democratic society. The right to property is not included in all
fundamental rights treaties. The enforcement of intellectual property is becoming
more complex in the information society and copyright is the example of a right
which is difficult to enforce. However, if intellectual property is balanced against
privacy and data protection on an equal footing, this may weaken the level of data
protection, resulting from accepting internet monitoring of individuals by copyright
holders (Sect. 5.15).
The relationship between privacy and data protection and security has elements
of a trade-off. Privacy is, on the one hand, seen as inhibiting the appropriate protection of our societies against threats caused by terrorist attacks or by serious crime,
yet, on the other hand, it is considered a value that should prevail against risks of
unconditioned surveillance. The Court of Justice builds on the case law of the
European Court of Human Rights on privacy and security, which includes a strict
review of measures that aim at creating a high level of security, but have an impact
on privacy and data protection (Sect. 5.16).
Digital Rights Ireland and Seitlinger gives indications for balancing privacy and
security. First, the outcome is determined by trends in these two areas, the ubiquitous connectivity and the security threats for society. Second, objectively measuring
the effects of a legislative instrument and making comparisons is not easy. Third,
privacy should not depend on political preferences of a majoritarian body. Fourth,
strong privacy and data protection can benefit law enforcement. The challenge is to
find synergies (Sect. 5.17).
The Court of Justice of the European Union also promotes market integration
and acts as an umpire where other public interests or other governmental actors
impact on the exercise of Article 16(1) TFEU. The integration of the Union in general and of EU markets in particular is an additional interest to be taken into account
by the Court, where it rules on the basis of Article 16 TFEU. Moreover, insofar as
the Court acts as an umpire between various powers, precise answers by the Court
are required, particularly where it adjudicates on the competences under Article 16
TFEU and relating competences (Sect. 5.18).
This chapter outlined the contribution of the Court of Justice of the European
Union to the mandate under Article 16 TFEU. A taxonomy of fundamental rights
has been proposed, as a specific tool for further improving the level of protection.
This taxonomy divides fundamental rights into the following categories: (1) non-
derogable or absolute fundamental rights, corresponding to the rights included in
Title I of the Charter, entitled ‘dignity’; (2) the rights with a huge impact on human
dignity, but not qualified as non-derogable; and (3) the social, cultural and economic
rights. Further categories include: principles in the Charter (as meant in Articles
51(1) and 52(5) thereof); the fundamental freedoms of the Treaties, relating to free
movement; and the undefined species of public and general interests.
Abazi, V., and M. Hillebrandt. 2015. The legal limits to confidential negotiations: Recent case law
developments in council transparency: Access info Europe and In’t Veld. Common Market Law
Review 52: 825–845.
Barak, Aharon. 2012. Proportionality; constitutional lights and their limitations. Cambridge
Bignami, Francesca E. 2007. Privacy and law enforcement in the European Union: The data retention directive. Chicago Journal of International Law 8: 233–255.
Boehm, Franziska, and Mark D. Cole. 2014. Data retention after the judgement of the court of
justice of the European Union. Available on http://www.janalbrecht.eu/fileadmin/material/
Centre for Information Policy Leadership. 2014. An initial issues paper for privacy risk framework
and risk-based approach to privacy project workshop I. Paris, France, 20 March 2014. Available
Bygrave, Lee A. 2014. Data privacy law, an international perspective. Oxford University Press.
Court of Justice of the European Union. 2012. The Court of justice and the construction of Europe:
Analyses and perspectives on sixty years of case-law – La Cour de Justice et la Construction
de l’Europe: Analyses et Perspectives de Soixante Ans de Jurisprudence, Published on the
unique occasion of its 60th anniversary. Asser Press.
Craig, Paul, and Grainne de Búrca. 2011a. EU law: Text, cases and material, 5th ed. Oxford
Craig, Paul, and Grainne de Búrca (eds.). 2011b. The evolution of EU law, 2nd ed. Oxford
de Búrca, G. 2013. After the EU charter of fundamental rights: The court of justice as a human
rights adjudicator? Maastricht Journal of European and Comparative Law 20(2): 168–184.
de Búrca, Gráinne, and J.H.H. Weiler (eds.). 2001. The European Court of Justice. Oxford
De Hert, Paul, and Vagelis Papakonstantinou. 2015. Google Spain: Addressing critiques and misunderstandings one year later. Maastricht Journal of European and Comparative Law 22(4):
Dougan, Michael. 2015. Judicial review of member state action under the general principles and
the charter: Defining the ‘scope of union law’. Common Market Law Review 52: 1201–1245.
Fabre, C. 1998. Constitutionalising social rights. The Journal of Political Philosophy 6(3):
Ferretti, Federico. 2014. Data protection and the legitimate interest of data controllers: Much ado
about nothing or the winter of rights? Common Market Law Review 51: 843–868.
FIDE Congress. 2012. Reports of the FIDE Congress in Tallinn, volume 1, The protection of fundamental rights post-Lisbon: The interaction between the charter of the fundamental rights of
the European Union, the European Convention on Human Rights and national constitutions.
Tartu University Press.
Gerards, J.H. 2008. Fundamental rights and other interests – should it really make a difference? In
Conflicts between fundamental eights, ed. E. Brems, 655–690. Intersentia.
Gerards, J.H. 2011. Pluralism, deference and the margin of appreciation doctrine. European Law
Journal 17–1: 80–120.
González Fuster, G. 2014. The emergence of personal data protection as a fundamental right of the
EU, Law, governance and technology series, vol. 16. Springer.
5 Understanding and Assessing the Contribution of the CJEU to the Mandate Under…
Guðmundsdóttir, Dóra. 2015. A renewed emphasis on the charter’s distinction between rights and
principles: Is a doctrine of judicial restraint more appropriate? Common Market Law Review
Gutwirth, S., et al. (eds.). 2009. Reinventing data protection? Springer.
Habermas, Jürgen. 2012. The crisis of the European Union, a response. Cambridge University
Press. Book Review by I. Pernice, Common Market Law Review 50, 1843–1874.
Hijmans, Hielke. 2014a. Right to have links removed: Evidence of effective data protection.
Maastricht Journal of European and Comparative Law 21(3): 555–563.
Hijmans, H. 2014b. De ongeldigverklaring van de dataretentierichtlijn: een nieuwe stap in de bescherming van de grondrechten door het Hof. NTER, No. 7, Sept. 2014, 245–252.
Hijmans, Hielke, and Herke Kranenborg (eds). 2014. Data protection anno 2014: How to restore
trust? Contributions in honour of Peter Hustinx, European data protection supervisor (2004–
Hustinx, Peter. 2013. EU data protection law: The review of directive 95/46/EC and the proposed
general data protection regulation. In: Collected courses of the European University Institute's
Academy of European Law, 24th Session on European Union Law, 1–12 July 2013.
Iglesias Sánchez, Sara. 2012. The court and the charter: The impact of the entry into force of the
Lisbon Treaty on the ECJ’s approach to fundamental rights. Common Market Law Review 49:
Ishay, Micheline R. 2008. The history of human rights: From ancient times to the globalization
era. University of California Press.
Kelemen, R. Daniel. 2006. Suing for Europe, adversarial legalism and European governance.
Comparative Political Studies 39(1): 101–127.
Kokott, Juliane, and Christoph Sobotta. 2015. Protection of Fundamental Rights in the European
Union: On the relationship between EU Fundamental Rights, the European Convention and
National Standards of Protection. Yearbook of European Law 34: 60–73.
Kranenborg, Herke. 2008. Access to documents and data protection in the European Union: On the
public nature of personal data. Common Market Law Review 45: 1079–1114.
Kulk, Stefan, and Frederik Zuiderveen Borgesius. 2012. Filtering for copyright enforcement in
Europe after the Sabam cases. European Intellectual Property Review 11: 54–58.
Kulk, Stefan, and Frederik J. Zuiderveen Borgesius. 2014. Google Spain v. González: Did the
court forget about freedom of expression. European Journal of Risk Regulation 4: 389–398.
Leczykiewicz, D. 2013. Melloni and the future of constitutional conflict in the EU. UK
Constitutional Law Blog of 22 May 2013. Available on http://ukconstitutionallaw.org.
Lenaerts, Koen, and Piet van Nuffel. 2011. European Union Law, 3rd ed. Sweet & Maxwell.
Lind, Anna-Sara, and Jane Reichel. 2014. Administrating data protection – or the Fort Knox of the
European composite administration. Critical Quarterly for Administration and Law (EuCritQ)
Locke, John. 1689. Second treatise of government. Available on http://www.earlymoderntexts.
Majone, Giandomenico. 1998. Europe’s ‘Democratic Deficit’: The question of standards. European
Law Journal 4(1): 5–28.
Muir, Elise. 2014. The fundamental rights implications of EU legislation: Some constitutional
challenges. Common Market Law Review 51: 219–245.
Peers, Steve, Tamara Hervey, Jeff Kenner, and Angela Ward (eds.). 2014. The EU Charter of
Fundamental Rights, a commentary. Hart Publishing.
Prechal, Sacha. 2015. The Court of Justice and effective judicial protection: What has the Charter
changed? In Fundamental rights in international and European law – public and private law
perspectives, ed. Christophe Paulussen, Tamara Takács, Vesna Lazic, and Ben Van Rompuy,
143–160. T.M.C. Asser Press/Springer.
PRISMS project, sponsored by the EU under the 7th Framework Programme, available on http://
Reidenberg, Joel. 2013. The data surveillance state in the United States and Europe. Fordham law
legal studies research paper no. 2349269, (Princeton University – Center for Information
Technology Policy/Fordham University School of Law), Wake Forest Law Review, November
Rosen, Jeffrey. 2012. The right to be forgotten. 4 Stanford Law Review Online 88, available on
Rosen, Jeffrey. 2013. Inside the stunning court smackdown on NSA spying, The New Republic.
Available on http://www.newrepublic.com/article/115962/courts-nsa-ruling-against-metadatacollection-fourth-amendment-win.
Schwartz, Paul M. 2012. Systematic government access to private-sector data in Germany,
International Data Privacy Law 2(2012): 289.
Spahiu, Irma. 2015. Courts: An effective venue to promote government transparency? The case of
the court of justice of the European Union. (2015) 31(80) Utrecht Journal of International and
European Law 5.
Syrpis, Phil. 2015. The relationship between primary and secondary law in the EU. Common
Market Law Review 52: 461–487.
Trybus, M., and L. Rubini (eds.). 2012. The Treaty of Lisbon and the future of European law and
policy. Edward Elgar Publishing.
Vainio, Niklas, and Samuli Miettinen. 2015. Telecommunications data retention after digital rights
Ireland: Legislative and judicial reactions in the member states. International Journal of Law
and Information Technology 23(3): 290–309.
Vandamme, T.A.J.A. 2014. Dataretentie als fata morgana: Over nationale beleidsruimte die er niet
was. Tijdschrift voor Constitutioneel Recht 2014: 284–302.
Wellman, Carl. 1999. The proliferation of rights: Moral progress or empty rhetoric? Westview.
Zuiderveen Borgesius, Frederik J. 2015. Improving privacy protection in the area of behavioural
targeting. Kluwer Law International.
Understanding the Scope and Limits of the EU
Legislator’s Contribution to the Mandate
Under Article 16 TFEU
Abstract This chapter analyses the EU legislator’s contribution to the mandate
under Article 16 TFEU. The Treaty on the Functioning of the European Union
empowers the EU legislator – the European Parliament and the Council – to adopt
rules on data protection. The EU legislator is even under a duty to lay down the rules
on data protection, including all areas where personal data are processed. The data
protection reform implements this duty.
The chapter discusses the institutional role of the legislator, the contributions of the
EU institutions, as well as the involvement of other stakeholders in the legislative
process. It also contains a short comparison with the mandate of the EU legislator
on equal treatment and non-discrimination.
This general duty is limited in two ways. There are areas in which the
Members States should exercise competence and interfaces exist with other
competences of the EU and the Member States. Examples of these interfaces
discussed in this chapter are the areas of electronic communications and competition law.
Finally, the Chapter addresses the conditions for good legislation and for engaging the private sector, with a key role for the concept of accountability.
The right to data protection is a claim based on fairness requires safeguards where
personal data are processed. These safeguards are primarily laid down in legislative
The first objective of the chapter is to understand the scope and the limits of the
contribution of the EU legislator to the mandate under Article 16 TFEU, in relation
© Springer International Publishing Switzerland 2016
H. Hijmans, The European Union as Guardian of Internet Privacy, Law,
Governance and Technology Series 31, DOI 10.1007/978-3-319-34090-6_6