Читать книгу Privacy and Data Protection based on the GDPR - Leo Besemer - Страница 35
1.2.5 The concepts of subsidiarity and proportionality
ОглавлениеThe history of Privacy and Data Protection law as described in Section 1.1 also illustrates how the concepts of subsidiarity and proportionality in European law work in practice.
The principle of subsidiarity is defined in Article 5 of the Treaty on European Union. It aims to ensure that decisions are taken as closely as possible to the citizen and that constant checks are made to verify that action at EU level is justified in light of the possibilities available at national, regional or local level.
Specifically, it is the principle whereby the EU does not take action (except in the areas that fall within its exclusive competence), unless it is more effective than action taken at national, regional or local level.
Source: Summaries of EU Legislations
(https://eur-lex.europa.eu/summary/glossary/subsidiarity.html).
The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data proved to be not effective enough in practice to achieve the set goal, namely the harmonization of data protection law. They were just guidelines, not binding law.
The Convention for Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) was a binding instrument, but only to the countries that signed it. Again, the aim of effective, harmonized privacy law was not achieved.
Even the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, while binding to all EU Member States, did not sufficiently achieve that aim of effective, harmonized law.
The next and most intrusive instrument the EU possesses is a regulation, like the GDPR. And even in the discussions towards the final text of this regulation, countries claimed a need for derogations. See for example GDPR Article 23.
Like the principle of subsidiarity, the principle of proportionality regulates the exercise of powers by the European Union (EU). It seeks to set actions taken by EU institutions within specified bounds. Under this rule, the action of the EU must be limited to what is necessary to achieve the objectives of the Treaties. In other words, the content and form of the action must be in keeping with the aim pursued.
The principle of proportionality is laid down in Article5 of the Treaty on European Union. The criteria for applying it are set out in the Protocol (No 2) on the application of the principles of subsidiarity and proportionality annexed to the Treaties.
Source: Summaries of EU Legislations
(https://eur-lex.europa.eu/summary/glossary/proportionality.html).
From the early 1980s, steps have been taken to create a basis in European law to uphold the protection of privacy and data protection agreed to in the UDHR. These have ranged from guidelines to a charter, to conventions and so on. Ultimately, but only after all lighter means had been tried and it had become clear that even a directive was insufficient to make adequate, harmonized legislation regarding the protection of privacy and personal data, the heaviest means available to the EU was finally deployed, a regulation.