Thoughts on General Provisions (Art. 1-4 GDPR)
Article 1
- Relevant Recitals: 1-12
- The protection of natural persons in relation to processing of personal data is a fundamental right -> Article 8(1) European Charter, Article 16(1) TFEU
- Intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons
- The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.
- Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced.
- Consistent and homogenous application
Commentary
- Reason for this Article: EU is based on the idea of a common market that provices the free movement of goods, capital and people, as well as the freedom to establish and provide services. Different national data protection laws would conflict with these freedoms
- GDPR does not apply to the processing of data belonging to companies, public bodies or other legal entities
- Non-EU citizens can rely on the GDPR as its application is generally independent of nationality -> human right, not citizen right
- Fundamental rights and freedoms enshrined in Articles 7 and 8 of the CFR aren't the only interests protected by the GDPR as processing operations are able to impact other fundamental rights such as personality rights, freedom of expression, freedom of information, freedom of communication, the right of assembly, freedom of religion and other anti-discrimination rights; the fundamental rights to privacy, personality and data protection are the backbone of a free society as there can be no freedom where the individual is not in control of their data, feels observed, tracked or continuously assessed
Caution: If data about a legal entity contains or relates to a natural person or a natural person engages in a professional activity, this data is still within the scope of the GDPR, as clarified by the CJEU in C-398/15 - Salvatore Manni.
Unfinished; still updating for Article 2-4!