Data Protection Directive

Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data is adopted in 1995 the European Community Directive on the protection of privacy of individuals with regard to the processing of personal data. It is to be replaced in the next few years by the General Data Protection Regulation.


The Directive describes the minimum standards for data protection which must be ensured in all Member States of the European Union by national laws. Excluded from the application expressly mentioned in Article 3, paragraph 2 of Directive areas are only on the second and third pillars of the European Union, ie the common foreign and security policy ( CFSP) and police and judicial cooperation in criminal matters ( PJCC ).

The Directive generally prohibits the processing of sensitive personal data. However, exceptions to this prohibition are provided, such as when the person concerned has expressly consented to the processing of those data or the processing is necessary to "keep the wear to the rights and obligations of the data controller in the field of employment law ." In addition, the Directive provides that the Member States, subject to adequate safeguards, for reasons of substantial public interest, may provide exceptions.


In telecommunications, data protection Directive is complemented by the regulation adopted in 2002 Directive 2002/58/EC ( Directive on privacy and electronic communications).

In Germany, the European Data Protection Directive has only been transposed by the Law amending the Federal Data Protection Act and other laws of 18 May 2001, which entered into force on 23 May 2001. This was preceded by an initiated by the European Commission infringement proceedings because the policy had not been transformed within the agreed three-year period in German law.

In July 2005, the European Commission criticized a lack of substantive implementation of the Data Protection Directive in Germany. They criticized that the bodies entrusted with the Data Protection Inspectorate of the countries lacked the requisite independence from government influence. The Commission therefore initiated a further infringement proceedings. In March 2010, the European Court of Justice (ECJ ) that the Federal Republic has implemented the specification wrong.