Research On The EU General Data Protection Regulation Of 2016

In the era of big data,the free flow of personal data has led to some legal issues concerning its protection.In order to make up the limits of previous legislations with regard to personal data protection,the legislative reform was carried out in the EU,which resulted in the General Data Protection Regulation of 2016(hereinafter referred to as GDPR).Although this regulation follows the previous legislative path on the whole,as far as the scope of application,the rights of data subject,the obligations of the data controller and processor,the supervision and remedy mechanisms are concerned,we can find some breakthroughs.The rules on the right to be forgotten,the right to data portability,and high penalties in GDPR have even sparked heated discussions around the world.In this thesis,the author,on the basis of the research on GDPR,attempts to explore what China can learn from it in the field of legislation on personal data protection.This thesis consists of five parts which can be described as follows.The first part,as an introduction,deals with the research background and significance,the research status of GDPR at home and abroad,the research contents and methods which include literature research,normative analysis,historical and comparative research.The innovations of this thesis are also set out in this part.In the second part,it is discussed the theoretical basis and the legislative evolution of personal data protection in the EU.The personal data protection in the EU follows to a large extent the strict and well-advised ideas from Germany,its solid legal basis can be found in a series of conventions and treaties adopted or acceded by the EU.Along with the development of the times,the previous legal instruments can't meet the needs of personal data protection in EU until the adoption of GDPR.Compared with the Directive 95/46/EC,there have been inheritances and developments in respect of legislative purpose and content in GDPR.Simultaneously,we can find a significant breakthrough in the light of legislative form.The third part focuses on the new developments of GDPR in the field of personal data protection.Obvious developments could be found in four independent areas of GDPR by the comparison among Directive 95/46/EC,proposed GDPR and GDPR.In terms of scope,extraterritorial application is stipulated in GDPR.As for the rights of the data subject,withdrawal of the consent,the right to be forgotten and the right to data portability have been added into GDPR.With respect to the obligations of data controllers and processors,a series of technical and non-technical rules have been provided in GDPR.Furthermore one-stop shop and huge amount of administrative penalties are used to strengthen the supervision and remedy mechanisms of GDPR.The fourth part pays great attention to the assessment of the major changes in GDPR.The expansion of the scope,the right to data portability and the increase in the obligations of data controllers and processors meet the requirements of the development of the internet which contributes to some extent to building a fair and competitive market.In addition,GDPR,by means of case-by-case,differs from the sweeping approaches in the past,which enhances the level of coordination and supervision to data protection,and is helpful for the member states of the EU to cooperate with each other in the field thereof.Meanwhile,there are some weaknesses in the GDPR,namely systematic defects,ambiguous rules,the problems of implementation effect and the balance with other related interests.In the fifth part,the author demonstrates the inspirations that China can draw form GDPR in the legislation of personal data protection.On one hand,due to the extraterritorial application of GDPR,some Chinese enterprises might be binded by it;On the other hand,the era of big data,particularly the legal vacancy thereof in China,requires urgently the protection of personal data.China can learn the legislative mentality of effect principle from GDPR,reasonably introduce the "withdrawal of the consent" pattern,establish the scenario-based and technology-based data protection idea and follow the example of proactive supervision and remedy mechanisms as stipulated in GDPR.At the same time,we should not follow blindly the others and the targeted approach is needed.