Regulatory scope in Member States under the General Data Protection Regulation - the General Data Protection Regulation and national law
The General Data Protection Regulation (EU-GDPR) will permanently alter the nature of data protection law. It is not so much its ground-breaking substantive innovations. It is above all the principle of lex loci solutionis (law of the place where performance occurs) and the modifications to the structure of European data protection supervision that will ensure a rejuvenation of data protection law whose effects will radiate well beyond the borders of the European Union. Combined with the transition to the legislative tool of the Regulation this therefore ushers in a clearly discernible harmonisation - in comparison with the previous regime based on the issue of Directives. However, in actual fact the EU-GDPR is in parts more a Directive in the guise of a Regulation. With around four dozen flexibility clauses it gives Member States ample scope for introducing their own legislative nuances, especially in the public sector. The project takes an in-depth look at to what extent the EU-GDPR alters German data protection law and how far national scope for elaboration extends. The focus is particularly on the data protection requirements under the EU-GDPR with regard to the tasks to be performed by public sector administration.
- In what directions does the EU-GDPR alter data protection in Germany and Europe, its implementation and judicial enforcement in the Member States and the relevant supervisory structures?
- How, in particular, can data protection principles (such as transparency, data economy, direct collection or necessity for a certain purpose) be realised in an environment of digital containment and the voluntary disclosure of personal data without hampering the economic innovativeness of digital technologies?
At the beginning of 2016 Professor Dr Mario Martini together with his colleague from Regensburg, Professor Dr Jürgen Kühling, LLM, with the support of the research associates from the programme area 'Digitalisation', already began to explore the regulatory scope available on a national level to Member States under the regime of the EU-GDPR. In close cooperation with the BMI an expert opinion of 530 pages was produced in the substantive context of the research project. It can be seen as an action guideline that will form the basis for the national legislative process. Due to the brief period of time available until the EU-GDPR comes into force and the approaching end of the current legislative period, national lawmakers are under enormous time pressure. The research project is therefore of great practical value for the work of lawmakers in the federal and regional governments, the supervisory authorities concerned with data protection and the federal and regional ministries entrusted with implementation. The work can be accessed here free of charge and is also available in a printed version.
As a result the project offers a comprehensive and detailed analysis of the requirements under European law and of the remaining regulatory scope on a national level for shaping data protection principles and thus the right to informational self-determination in the digital 21st century. It takes an in-depth look at the flexibility clauses of the EU-GDPR, the associated regulatory task for German lawmakers and the position of the supervisory authorities for data protection and their possibilities for cooperation.
- Martini, Mario, in: Paal, Boris P./Pauly, Daniel A. (Hrsg.), Datenschutz-Grundverordnung. Kommentar, 2017, Art. 35 (Datenschutz-Folgenabschätzung).
- Martini, Mario, in: Paal, Boris P./Pauly, Daniel A. (Hrsg.), Datenschutz-Grundverordnung. Kommentar, 2017, Art. 79 (Recht auf wirksamen gerichtlichen Rechtsbehelf gegen Verantwortliche oder Auftragsverarbeiter).
- Kühling, Jürgen/Martini, Mario, Die Datenschutz-Grundverordnung: Revolution oder Evolution im Datenschutzrecht im europäischen und nationalen Datenschutzrecht?, EuZW 2016, 448-454.
- Kühling, Jürgen/Martini, Mario et al., Die Datenschutz-Grundverordnung und das nationale Recht, Münster 2016. (print version)