The rise and consecration of the right to personal data protection within the European Union legal order

Abstract

While we entrust our personal data to ‘information and communications technology’ (ICT) companies, the General Data Protection Regulation (GDPR) gives data subjects the possibility to control the dissemination of their personal data, in particular by requiring the ICT sector, to be more transparent regarding the processing of personal data. Moreover, with the influence of the European Convention on Human right (ECHR), the jurisprudence of the European Court of Justice (ECJ), the European Charter of Fundamental Rights and the adoption of the UN Guidelines Principles (UNGP), which came into force in 2011, the European Union gained sufficient legal backgrounds to develop a binding instrument which, in theory serves as a reference in the field of Data Protection. Yet, many factors hinder the proper implementation of this European instrument. Some are related to inconsistencies between EU Member States that have framed the right to protection of personal data within their domestic legal order, sometimes in different ways. Other are linked to the implementation of the principle of Transparency, which in many aspects is only partially respected by companies. Similarly, in some cases it is difficult for data subjects to enjoy the exercise of his or her rights notably due to the behavioral of companies, which will be discussed later in the thesis.