Data Protection and Privacy in the EU

S The EU Data Protection law provides that personal data is data which can identify a person directly or indirectly (Lynskey, 2015). Data protection and data privacy are two clear rights which have been recognized in Fundamental Freedoms in the EU Charter1. Moreover, the dame rights have been recognized in the Council of Europe where all the member states are signatories. However, the Data Protection Directive2, brought about some dynamism in the history of protection of personal information or rather data in the EU (Lynskey, 2015). The DPD preserves two of the oldest as well as equally significant ambitions of the European integration process- the safeguarding of basic rights and freedoms of persons and particularly the basic right to data safety, on one hand, and accomplishment of the internal market- the free flow of individual data in this case, on the other.

Moreover, the public authorities use personal data for a number of reasons, like tracking individuals in the event of a spate of a contagious disease, addressing terrorist activities, and many others. All this inescapably begs the question whether the existing legislation on data protection in the EU can fully and adequately handle these challenges. The recent developments in technology have led to the issue of data protection becoming the main policy concern in the European Union. The Court of Justice of the European Union has made a number of rulings on the significance of the right to privacy as well as the right to data protection. The notable one being the Schrems v Data Protection Commissioner3, where the complainant alleged that by transferring his data to the parent firm Facebook Ireland Ltd was in total breach of his data protection rights.

It obligates businesses to inform the consumers of their interest in collecting data, the intention of collecting the data and its use, the end user or to whom the information will be disclosed (Linder, 2016). The subjects ought to be allowed the chance to register consent to the processing of their personal information and even opt out of having their data used for direct marketing. There needs to be alternative to opt out needs to be available at the collection time and at any point thereafter. The EU recognizes privacy of information as well as protection of data as the main basic human rights as enshrined in Articles 7 and 85. The privacy of information as well as data protection binds all the EU member states via the Lisbon Treaty6 The DPD sets out the common rules for public and private firms in all EU member countries, which hold or transfer personal information.

S, the commonly known, the Safe Harbor Decision- a decision that was later declared invalid by the Court of Justice of the European Union in the Schrems v Data Protection Commissioner (Wright & Hert, 2016). In as much as the Data Protection Directive of 1995 has been praised by other legal instruments within the EU, for instance, the e-privacy Directive for communication7s, the DPD is the main data protection tool in the EU (Gellman & Dixon, 2011). In the fall of 2012, the EC came up with a new regulatory package that geared towards modernizing the DPD and also coming up with other information protection changes in a bid to consider the dynamics in the processing of data, which are caused by the rampant use of the internet.

In 2015, the member states of the European Union (acting in the Council of the European Union) as well as the elected European Parliament, EP (which is representative of the citizens of the European Union) arrived at an agreement on the new data protection regulations. The same were adopted in 2016 and are expected to take effect from this year (2018). In light of that the current DPD will be overhauled by the General Data Protection Regulation this year to help address the concerns raised in the Schrems case. (b) Assess the prospects for the continued flow of personal data between the EU and the U. K in view of the U. K’s imminent exit from the E. U The repercussions of Brexit for the EU-UK flow of data are the subject of continuing discussions about the uncertainty that will be created.

In light of the GDPR, from the date of exit unless and otherwise measures are taken to make sure that the UK id viewed by the European Commission to possess ‘sufficient’ data protection regime or an option for a mechanism is agreed upon, the transfer of personal data from the member states of the European Union to the UK will not be in a position to proceed in the same way as it is presently. Instead the transferring entity with its base in the EU would have the reason to take necessary measures to make sure it could depend on one of a limited range of measures for legally transferring personal data outside the EEA to jurisdictions which have not been seen as ‘adequate’.

The EU-UK data transfers after the Brexit is a real issue for companies that presently enjoy the ability to transfer data freely within the EEA territories not forgetting the third countries that are recognized by the European Commission as offering ‘adequate’ level of protection recognized under the EU law. The EU has come up with some notable mechanisms to address the eminent exit of UK from the EU. The Commission explores a UK-EU model that makes it possible for the flow of data to proceed even after the UK exits the EU (IT Governance (Organization). The EC wants to ensure that the flow of data within EU and the 3rd countries with the prevailing adequacy decisions can proceed on the same platform post UK exit.

Owing to the fact that the transfers may involve EU data and the fact that the UK will still be a safety destination for individual data once it leaves the EU, the EU’s member states need to make sure they avoid any hitch in relation to the flow of data from third countries to the United Kingdom. The EU thus has plans to liaise with the 3rd countries to make sure that the prevailing agreements will undergo transition at the time UK exits (IT Governance (Organization). , & European Union, 2017). In conclusion, for companies and/or businesses presently making preparations for the GDPR, the position is still the same, and there is a looming uncertainty surrounding the future of UK-EU data transfers (Ostrom & Chang, 2012).