𝔖 Scriptorium
✦   LIBER   ✦
📁

The EU General Data Protection Regulation (GDPR): A Commentary

✍ Scribed by Christopher Kuner (editor), Lee A. Bygrave (editor), Christopher Docksey (editor), Laura Drechsler (editor)

Publisher
Oxford University Press
Year
2020
Tongue
English
Leaves
1486
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation.

Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world.

This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

✦ Table of Contents

Foreword
Editors’ Preface
Contents
Table of Cases
Table of Instruments
List of Abbreviations
List of Contributors
Background and Evolution of the EU General Data Protection Regulation (GDPR) (Christopher Kuner, Lee A. Bygrave and Christopher Docksey)
Chapter I: General Provisions (Articles 1–4)
Article 1 Subject-matter and objectives (Hielke Hijmans)
Article 2 Material scope (Herke Kranenborg)
Article 3 Territorial scope (Dan Jerker B. Svantesson)
Article 4 Definitions (Luca Tosoni and Lee A. Bygrave)
Article 4(1) Personal data (Lee A. Bygrave and Luca Tosoni)
Article 4(2) Processing (Luca Tosoni and Lee A. Bygrave)
Article 4(3) Restriction of processing (Luca Tosoni)
Article 4(4) Profiling (Lee A. Bygrave)
Article 4(5) Pseudonymisation (Luca Tosoni)
Article 4(6) Filing system (Luca Tosoni)
Article 4(7) Controller (Lee A. Bygrave and Luca Tosoni)
Article 4(8) Processor (Lee A. Bygrave and Luca Tosoni)
Article 4(9) Recipient (Luca Tosoni)
Article 4(10) Third party (Luca Tosoni)
Article 4(11) Consent (Lee A. Bygrave and Luca Tosoni)
Article 4(12) Personal data breach (Luca Tosoni)
Article 4(13) Genetic data (Lee A. Bygrave and Luca Tosoni)
Article 4(14) Biometric data (Lee A. Bygrave and Luca Tosoni)
Article 4(15) Data concerning health (Lee A. Bygrave and Luca Tosoni)
Article 4(16) Main establishment (Luca Tosoni)
Article 4(17) Representative (Luca Tosoni)
Article 4(18) Enterprise (Lee A. Bygrave and Luca Tosoni)
Article 4(19) Group of undertakings (Luca Tosoni)
Article 4(20) Binding corporate rules (Luca Tosoni)
Article 4(21) Supervisory authority (Lee A. Bygrave)
Article 4(22) Supervisory authority concerned (Luca Tosoni)
Article 4(23) Cross- border processing (Luca Tosoni)
Article 4(24) Relevant and reasoned objection (Luca Tosoni)
Article 4(25) Information society service (Luca Tosoni)
Article 4(26) International organisation (Lee A. Bygrave and Luca Tosoni)
Chapter II: Principles (Articles 5–11)
Article 5 Principles relating to processing of personal data (Cécile de Terwangne)
Article 6 Lawfulness of processing (Waltraut Kotschy)
Article 7 Conditions for consent (Eleni Kosta)
Article 8 Conditions applicable to child’s consent in relation to information society services (Eleni Kosta)
Article 9 Processing of special categories of personal data (Ludmila Georgieva and Christopher Kuner)
Article 10 Processing of personal data relating to criminal convictions and offences (Ludmila Georgieva)
Article 11 Processing which does not require identification (Ludmila Georgieva)
Chapter III: Rights of the Data Subject (Articles 12–23)
Section 1 Transparency and modalities
Article 12 Transparent information, communication and modalities for the exercise of the rights of the data subject (Radim Polčák)
Section 2 Information and access to personal data
Article 13 Information to be provided where personal data are collected from the data subject (Gabriela Zanfir-Fortuna)
Article 14 Information to be provided where personal data have not been obtained from the data subject (Gabriela Zanfir- Fortuna)
Article 15 Right of access by the data subject (Gabriela Zanfir- Fortuna)
Section 3 Rectification and erasure
Article 16 Right to rectification (Cécile de Terwangne)
Article 17 Right to erasure (‘right to be forgotten’) (Herke Kranenborg)
Article 18 Right to restriction of processing (Gloria González Fuster)
Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing (Gloria González Fuster)
Article 20 Right to data portability (Orla Lynskey)
Section 4 Right to object and automated individual decision-making
Article 21 Right to object (Gabriela Zanfir-Fortuna)
Article 22 Automated individual decision-making, including profiling (Lee A. Bygrave)
Section 5 Restrictions
Article 23 Restrictions (Dominique Moore)
Chapter IV: Controller and Processor (Articles 24–43)
Section 1 General obligations
Article 24 Responsibility of the controller (Christopher Docksey)
Article 25 Data protection by design and by default (Lee A. Bygrave)
Article 26 Joint controllers (Christopher Millard and Dimitra Kamarinou)
Article 27 Representatives of controllers or processors not established in the Union (Christopher Millard and Dimitra Kamarinou)
Article 28 Processor (Christopher Millard and Dimitra Kamarinou)
Article 29 Processing under the authority of the controller or processor (Christopher Millard and Dimitra Kamarinou)
Article 30 Records of processing activities (Waltraut Kotschy)
Article 31 Cooperation with the supervisory authority (Waltraut Kotschy)
Section 2 Security of personal data
Article 32 Security of processing (Cédric Burton)
Article 33 Notification of a personal data breach to the supervisoryauthority (Cédric Burton)
Article 34 Communication of a personal data breach to the data subject (Cédric Burton)
Section 3 Data protection impact assessment and prior consultation
Article 35 Data protection impact assessment (Eleni Kosta)
Article 36 Prior consultation (Cecilia Alvarez Rigaudias and Alessandro Spina)
Section 4 Data protection officer
Article 37 Designation of the data protection officer (Cecilia Alvarez Rigaudias and Alessandro Spina)
Article 38 Position of the data protection officer (Cecilia Alvarez Rigaudias and Alessandro Spina)
Article 39 Tasks of the data protection officer (Cecilia Alvarez Rigaudias and Alessandro Spina)
Section 5 Codes of conduct and certification
Article 40 Codes of conduct (Irene Kamara)
Article 41 Monitoring of approved codes of conduct (Irene Kamara)
Article 42 Certification (Ronald Leenes)
Article 43 Certification bodies (Ronald Leenes)
Chapter V: Transfers of Personal Data to Third Countries or International Organisations (Articles 44–50)
Article 44 General principle for transfers (Christopher Kuner)
Article 45 Transfers on the basis of an adequacy decision (Christopher Kuner)
Article 46 Transfers subject to appropriate safeguards (Christopher Kuner)
Article 47 Binding corporate rules (Christopher Kuner)
Article 48 Transfers or disclosures not authorised by Union law (Christopher Kuner)
Article 49 Derogations for specific situations (Christopher Kuner)
Article 50 International cooperation for the protection of personal data (Christopher Kuner)
Chapter VI: Independent Supervisory Authorities (Articles 51–59)
Section 1 Independent status
Article 51 Supervisory authority (Hielke Hijmans)
Article 52 Independence (Thomas Zerdick)
Article 53 General conditions for the members of the supervisory authority (Hielke Hijmans)
Article 54 Rules on the establishment of the supervisory authority (Hielke Hijmans)
Section 2 Competence, tasks and powers
Article 55 Competence (Hielke Hijmans)
Article 56 Competence of the lead supervisory authority (Hielke Hijmans)
Article 57 Tasks (Hielke Hijmans)
Article 58 Powers (Ludmila Georgieva and Matthias Schmidl)
Article 59 Activity reports (Hielke Hijmans)
Chapter VII: Cooperation and Consistency (Articles 60–76)
Section 1 Cooperation
Article 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned (Luca Tosoni)
Article 61 Mutual assistance (Peter Blume)
Article 62 Joint operations of supervisory authorities (Peter Blume)
Section 2 Consistency
Article 63 Consistency mechanism (Patrick Van Eecke and Anrijs Šimkus)
Article 64 Opinion of the Board (Patrick Van Eecke and Anrijs Šimkus)
Article 65 Dispute resolution by the Board (Hielke Hijmans)
Article 66 Urgency procedure (Ludmila Georgieva)
Article 67 Exchange of information (Patrick Van Eecke and Anrijs Šimkus)
Section 3 European Data Protection Board
Article 68 European Data Protection Board (Christopher Docksey)
Article 69 Independence (Christopher Docksey)
Article 70 Tasks of the Board (Christopher Docksey)
Article 71 Reports (Christopher Docksey)
Article 72 Procedure (Christopher Docksey)
Article 73 Chair (Christopher Docksey)
Article 74 Tasks of the Chair (Christopher Docksey)
Article 75 Secretariat (Christopher Docksey)
Article 76 Confidentiality (Christopher Docksey)
Chapter VIII: Remedies, Liability and Penalties (Articles 77–84)
Article 77 Right to lodge a complaint with a supervisory authority (Waltraut Kotschy)
Article 78 Right to an effective judicial remedy against a supervisory authority (Waltraut Kotschy)
Article 79 Right to an effective judicial remedy against a controller or processor (Waltraut Kotschy)
Article 80 Representation of data subjects (Gloria González Fuster)
Article 81 Suspension of proceedings (Waltraut Kotschy)
Article 82 Right to compensation and liability (Gabriela Zanfir- Fortuna)
Article 83 General conditions for imposing administrative fines (Waltraut Kotschy)
Article 84 Penalties (Orla Lynskey)
Chapter IX: Provisions Relating to Specific Processing Situations (Articles 85–91)
Article 85 Processing and freedom of expression and information (Herke Kranenborg)
Article 86 Processing and public access to official documents (Herke Kranenborg)
Article 87 Processing of the national identification number (Patrick Van Eecke and Anrijs Šimkus)
Article 88 Processing in the context of employment (Patrick Van Eecke and Anrijs Šimkus)
Article 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Article 90 Obligations of secrecy (Christian Wiese Svanberg)
Article 91 Existing data protection rules of churches and religious associations (Luca Tosoni)
Chapter X: Delegated Acts and Implementing Acts (Articles 92–93)
Article 92 Exercise of the delegation (Luca Tosoni)
Article 93 Committee procedure (Luca Tosoni)
Chapter XI: Final Provisions (Articles 94– 99)
Article 94 Repeal of Directive 95/ 46/ EC (Dominique Moore)
Article 95 Relationship with Directive 2002/58/EC (Piedade Costa de Oliveira)
Article 96 Relationship with previously concluded Agreements (Dominique Moore)
Article 97 Commission reports (Thomas Zerdick)
Article 98 Review of other Union legal acts on data protection (Luca Tosoni)
Article 99 Entry into force and application (Dominique Moore)
Index

📜 SIMILAR VOLUMES

The EU General Data Protection Regulatio
📁 The EU General Data Protection Regulation (GDPR): A Commentary
✍ Christopher Kuner, Lee A. Bygrave, Christopher Docksey, Laura Drechsler 📂 Library 📅 2020 🏛 Oxford University Press 🌐 English

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data

The EU general data protection regulatio
📁 The EU general data protection regulation (GDPR) : a practical guide
✍ Bussche, Axel von dem; Voigt, Paul 📂 Library 📅 2017 🏛 Springer International Publishing 🌐 English

This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examines

The EU General Data Protection Regulatio
📁 The EU General Data Protection Regulation (GDPR): A Practical Guide
✍ Paul Voigt, Axel von dem Bussche 📂 Library 📅 2017 🏛 Springer International Publishing 🌐 English

<p>This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examin

EU General Data Protection Regulation (G
📁 EU General Data Protection Regulation (GDPR) An Implementation and Compliance Guide
✍ IT GOVERNANCE PRIVACY TEAM 📂 Library 📅 2017 🏛 IT Governance Publishing 🌐 English

Now in its second edition, EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law. It explains the Regulation and sets out the obligations of data processors and controllers in terms you can understand. Topics covered include: The data