Current EU data protection law is set out in the Data Protection Directive 1995/46, which from 25 May 2018 will be replaced by the General Data Protection Regulation 2016/679 (GDPR).

In addition, the E-Privacy Directive 2002/58, as amended by the Citizen’s Rights Directive 2009/136 sets out additional rules. There are proposals to update these rules as part of the Digital Single Market review.

Whilst this detailed legislation specifies and particularises data protection rules, European citizens also have constitutional data privacy rights contained in The Charter of Fundamental Rights of the European Union:

“Article 7

Respect for private and family life

Everyone has the right to respect for his or her private and family life, home and communications.

Article 8

Protection of personal data

1.   Everyone has the right to the protection of personal data concerning him or her.

2.   Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.

3.   Compliance with these rules shall be subject to control by an independent authority.”

This charter build on the rights to privacy and private life contained in the European Convention on Human Rights and Fundamental Freedoms.


Please let us know if there are others we should include, or if any of the links no longer work.