The European Union Agency for Fundamental Rights (FRA), the Council of Europe and the European Court of Human Rights have jointly published a Handbook on European data protection law which provides an overview of the law applicable to data protection in relation to the EU and the Council of Europe (CoE).

The Handbook is designed for non-specialist legal professionals, judges, national data protection authorities and other persons working in the field of data protection.

It aims to serve as the main point of reference on both EU law and the European Convention on Human Rights (ECHR) on data protection. It explains how this field is regulated under EU law and under the ECHR, as well as the CoE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and other CoE instruments.

The Handbook begins with a brief description of the role of the two legal systems as established by the ECHR and EU law (Chapter 1).

Chapters 2 to 8 cover the following issues:

The Handbook also explains key jurisprudence, summarising major rulings of both the European Court of Human Rights and the Court of Justice of the EU. Where no such case law exists, it presents practical illustrations with hypothetical scenarios.

At the same time the FRA has published a Report on access to data protection remedies in EU member states which provides an analysis of the 28 EU member states' data protection regimes and of interviews with relevant parties in 16 member states, highlighting the challenges people face when seeking such remedies. It finds that only a few are aware of their right to data protection and that there is a lack of legal expertise in the field.

Background: With the entry into force of the Lisbon Treaty in December 2009, theEU Charter of Fundamental Rights became legally binding. Article 8 of the Charter of Fundamental Rights of the EU guarantees all individuals in the EU the right to the protection of their personal data. It requires that such data be processed fairly for specific purposes. It secures each person's right of access to his or her personal data as well as the right to have such data rectified. It stipulates that an independent authority must regulate compliance with this right. Article 47 secures the right to an effective remedy, including a fair and public hearing within a reasonable timeframe.

Research by the FRA has shown that data protection violations arise principally from internet‑based activities, direct marketing and video surveillance, perpetrated by, for example, government bodies or financial and health institutions.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive), guarantees the availability of data protection remedies in EU member states by requiring each member state to set up an independent supervisory authority.

The European Commission put forward proposals for a comprehensive reform of the EU’s data protection rules in 2012 (see Legal update, Personal data protection in the EU: European Commission adopts reform package). The reform package consists of a proposal for a General Data Protection Regulation replacing the 1995 Data Protection Directive and a proposal for a General Data Protection Directive replacing the 2008 Data Protection Framework Decision. The proposed reform package, among other things, aims to enhance the independence of national data protection authorities and to strengthen the powers of such authorities to remedy violations (see also Personal Data Protection Reform Package: legislation tracker).

Sources: