Print

Legislation

Designed to grapple with the realities of global, ubiquitous data in the internet era, the EU’s new data protection legislation should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.

In this section you will find links to key pieces of current and new data protection legislation.

In particular, the reform of the EU’s data protection rules which began in January 2012, has resulted in three key pieces of legislation:

  • a general Regulation on data protection (679/2016 - GDPR) which was adopted on 24 May 2016, applicable as of 25 May 2018;
  • a specific Directive (680/2016) on data protection in the area of police and justice, adopted on 5 May 2016, applicable as of 6 May 2018;
  • the Regulation (EU) 2018/1725 with regard to the processing of personal data by the Union institutions, bodies, offices and agencies.

Take a look at the history of the General Data Protection Regulation on our GDPR timeline page for more information about its evolution.

Below you will also find a link to the ePrivacy Directive 2002/58/EC which provides additional data protection rules for telecommunications networks and internet services. This Directive is due to be repealed. The European Commission adopted a proposal for a Regulation on 10 January 2017; it is currently under discussion in the European Parliament and the Council of the European Union.

The European Commission adopted the Regulation (EU) 2018/1725 which repealed Regulation (EC) 45/2001 and brings it into line with the GDPR. This Regulation lays down the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor.

With this comprehensive reform, the EU has a modern framework for protecting privacy and data protection.

Link to the history of the General Data Protection Regulation

 

21
Dec
2021
Other Documents

Contribution by the EDPS to the Report on the application of Regulation (EU) 2018/1725

With its first-hand experience of applying and enforcing Regulation (EU) 2018/1725, the EDPS prepared a detailed contribution for the European Commission's important reviewing exercise on the application of the Regulation.

 

Available languages: English

 

 

18
Dec
2000

Regulation (EC) No 45/2001

Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8, 12.01.2001, p. 1

Available languages: Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Slovak, Slovenian, Finnish, Swedish

 

1
Jul
2002

Decision No 1247/2002/EC

Decision No 1247/2002/EC on the regulations and general conditions governing the performance of the European Data protection Supervisor's duties, OJ L 183, 12.07.2002, p. 1

Available languages: Danish, German, Greek, English, Spanish, French, Italian, Dutch, Portuguese, Finnish, Swedish

 

24
Oct
1995

Directive 95/46/EC

Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, p. 31

Available languages: Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Slovak, Slovenian, Finnish, Swedish

 

12
Jul
2002

Directive 2002/58/EC

Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.07.2002, p. 37

Available languages: Danish, German, Greek, English, Spanish, French, Italian, Dutch, Portuguese, Finnish, Swedish

 

25
Nov
2009

Directive 2009/136/EC

Directive 2009/136/EC amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, OJ L 337, 18.12.2009, p. 11

Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish

 

27
Nov
2008

Council framework Decision 2008/977/JHA

Council framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008, p. 60

Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish

 

 

11
Jul
2013

Other international instruments

OECD Guidelines governing the protection of privacy and transborder flows of personal data (July 2013)
Available languages: English
OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy (2007)
Available languages: English, French