Deutsch
Deutsch

At the EU level, the handling of personal and sensitive data is mainly regulated through the Data Protection Directive 95/46/EC, and the Charter of Fundamental Rights of the European Union.

Data Protection Directive 95/46/EC

The EU Data Protection Directive was adopted by the EU Council in 1995. By 2006 all new and old Member States had amended their legislation. The directive attempts to regulate a complex field comprising the collection of census data, scientific research, the collection of personal data in public and in private institutions, as well as member databases and police data. For the collection and processing of data in these respective areas there must be specified exceptions and limitations.

The Directive defines personal data as data that make a person identifiable. The rules regulating the use of such data apply to both the public, and private sector; however, home security, defence, and criminal law are excluded.

It stipulates that data must be collected in a clear and lawful manner. Additionally, Member States are required to specify in greater detail under which conditions such data may be legally processed.

The Directive defines which categories are to be treated as sensitive data. These catagories include ethnic origin, political opinion, religious or philosophical convictions, trade union membership, and data on health or sexual preferences.

Personal and sensitive data may only be processed legally if it was collected directly, and with the consent of the concerned person (voluntariness). In some EU countries written approval is required; in others verbal confirmation is sufficient.

The surveyed person has the right to be informed about the processing of their data in an understandable manner and language. This is derived from the principle of ‘good faith’. Furthermore, it has been established that any collection of data, such as in the context of government statistics, scientific research, and the identification of discrimination, must serve the general public interest.

Charter of Fundamental Rights

The Charter of Fundamental Rights fulfils the function of a constitution for the European Union. It stands in the tradition of the European Convention on Human Rights of the Council of Europe. The Charter lays down every person’s right to respect for private and family life. The protection of personal data is governed in Article 8. A collection of such data is only possible with the person’s consent, and a legitimate legal basis. In addition, individuals are granted the right to inspect and correct their data.