Reform Of The European Data Protection Directive And Its Implications

Since1970s, there has been a data protection legislation trend, during which one of themost influential legislations is <Directive95/46/EC of the European Parliament and of theCouncil on the Protection of Individuals with Regard to the Processing of Personal Data andon the Free Movement of Such Data>(“Directive95/46/EC”).This thesis intends to introduce the legislation background and content of Directive95/46/EC, the background and content of its revolution and what implications they have uponPRC relevant law making. It consists of four parts. The first part is about the legislationbackground and the core stipulations of Directive95/46/EC. The second part introduces thebackground of the revolution of Directive95/46/EC and its objectives. The third partdiscusses the key changes of the proposed regulation. The last Part touches on theimplications of Directive95/46/EC and its revolution on PRC legislation.Part1: Directive95/46/EC was born on the tide of data protection and aims to protectindividual rights and unify data protection law among member states. With the gamingbetween EU member states, the Directive95/46/EC was adopted on24October1995, fiveyears after the original document had been tabled. Directive95/46/EC adopts a“comprehensive approach” which covers both the public sector and private sector dataprocessing activities with independent data protection authority. This approach has greatadvantage on protecting individual rights, but on some degree hinders free data flow.Part2: Though Directive95/46/EC has achieved remarkable success by influencing dataprotection laws in other jurisdictions, it has faced tremendous pressure to reform. The keyfactors of the reform pressure include: first, the explosive development of informationtechnology since the adoption of Directive95/46/EC. Second, fragmentation created bymember states implementation. Third, the EU constitution upgrades individual’s right to dataprotection as an independent fundamental right. Last, data flow from member states betweenthird countries is seriously impeded by the current directive mechanism. According to EUcommission’s communication, the key objectives of the reform are: first, strengtheningindividual’s rights. Second, achieving an internal single market. Third, simplify and clarify cross-border data transfer mechanism. Last, reinforce data protection authority’s power andpromote cooperation between DPAs.Part3: The key amendments in the proposed regulation are:1. On the aspect ofstrengthening individual’s rights, the most noticeable measurements are the introduction ofthe right to be forgotten and the right to portability.2. In order to achieving a single internalmarket, the commission chooses regulation over directive.3. To promote cross-border datatransfer, the regulation relaxes the adequate protection by third country principle andpromotes and simplifies other mechanisms.4. At last, article29working group has beenelevated to European Data Protection Board with more power and various cooperationmechanisms has been introduced.Part4: PRC data protection law is still in its infancy, so learning from EU data protectionlaw would immensely benefit us:1. Make PRC data protection law as soon as possible.2.Adopt the comprehensive legislative mode.3. Treat right to data protection as a fundamentalright.4. Balance data protection and data free flow.5. Set up data protection authority.6.Keep up to the technology trend.7. Provide for cross-border data flow mechanism to bothprotect individual’s rights and promote international data flow.