European Data Protection Supervisor
European Data Protection Supervisor

Legislation

Legislation

Designed to grapple with the realities of global, ubiquitous data in the internet era, the EU’s new data protection legislation should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.

In this section you will find links to key pieces of current and new data protection legislation.

In particular, the reform of the EU’s data protection rules which began in January 2012, has resulted in two key pieces of legislation:

  • a general Regulation on data protection (679/2016) which was adopted on 24 May 2016, applicable as of 25 May 2018; and
  • a specific Directive (680/2016) on data protection in the area of police and justice, adopted on 5 May 2016, applicable as of 6 May 2018.

The official texts of the Regulation and the Directive are now recognised as law across the EU. Member States have two years to ensure that they are fully implementable in their countries by May 2018.

In the meantime, the existing legislation, Directive 95/46/EC for the private and most of the public sector and Council Framework Decision 2008/977/JHA for the law-enforcement sector, remain applicable across the EU.

Take a look at the the history of the General Data Protection Regulation on our GDPR timeline page for more information about its evolution. You can also download EU Data Protection, a free app for mobile devices from the EDPS to consult the new texts of these two pieces of legislation.

Below you will also find a link to the ePrivacy Directive 2002/58/EC which provides additional data protection rules for telecommunications networks and internet services. This Directive is due to be repealed. The European Commission adopted a proposal for a Regulation on 10 January 2017; it is currently under discussion in the European Parliament and the Council of the European Union.

You will also find a link to Regulation (EC) 45/2001 which lays down the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor. The European Commission adopted a proposal on 10 January 2017 which repeals Regulation (EC) 45/2001 and brings it into line with the GDPR. The proposal is currently under discussion in the European Parliament and the Council of the European Union.

Both the ePrivacy and Regulation 45/2001 replacement texts should be adopted in time to become applicable at the same time as the GDPR. With this comprehensive reform, the EU will have a modern framework for protecting privacy and data protection.

 

18/12/2000
18
Dec
2000

Regulation (EC) No 45/2001

Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8, 12.01.2001, p. 1

01/07/2002
1
Jul
2002

Decision No 1247/2002/EC

Decision No 1247/2002/EC on the regulations and general conditions governing the performance of the European Data protection Supervisor's duties, OJ L 183, 12.07.2002, p. 1

24/10/1995
24
Oct
1995

Directive 95/46/EC

Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, p. 31

12/07/2002
12
Jul
2002

Directive 2002/58/EC

Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.07.2002, p. 37

25/11/2009
25
Nov
2009

Directive 2009/136/EC

Directive 2009/136/EC amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, OJ L 337, 18.12.2009, p. 11

27/11/2008
27
Nov
2008

Council framework Decision 2008/977/JHA

Council framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008, p. 60

28/01/1981
28
Jan
1981

Council of Europe Convention No. 108 on data protection

Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108, 28.01.1981)

Council of Europe Convention 108 on data protection

11/07/2013
11
Jul
2013

Other international instruments

OECD Guidelines governing the protection of privacy and transborder flows of personal data (July 2013)PDF icon
OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy (2007)PDF icon