Article 1
Subject-matter and objectives

Official
Texts
Guidelines
& Caselaw
Review of
EU Regulation
Review of
Nat. Regulation
Show the recitals of the Regulation related to article 1 keyboard_arrow_down Hide the recitals of the Regulation related to article 1 keyboard_arrow_up

(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.

(2) The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

(3) Directive 95/46/EC of the European Parliament and of the Council (4) seeks to harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States.

(4) The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.

9) The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the implementation of data protection across the Union, legal uncertainty or a widespread public perception that there are significant risks to the protection of natural persons, in particular with regard to online activity. Differences in the level of protection of the rights and freedoms of natural persons, in particular the right to the protection of personal data, with regard to the processing of personal data in the Member States may prevent the free flow of personal data throughout the Union. Those differences may therefore constitute an obstacle to the pursuit of economic activities at the level of the Union, distort competition and impede authorities in the discharge of their responsibilities under Union law. Such a difference in levels of protection is due to the existence of differences in the implementation and application of Directive 95/46/EC

(10) In order to ensure a consistent and high level of protection of natural persons and to remove the obstacles to flows of personal data within the Union, the level of protection of the rights and freedoms of natural persons with regard to the processing of such data should be equivalent in all Member States. Consistent and homogenous application of the rules for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data should be ensured throughout the Union. Regarding the processing of personal data for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Member States should be allowed to maintain or introduce national provisions to further specify the application of the rules of this Regulation. In conjunction with the general and horizontal law on data protection implementing Directive 95/46/EC, Member States have several sector-specific laws in areas that need more specific provisions. This Regulation also provides a margin of manoeuvre for Member States to specify its rules, including for the processing of special categories of personal data (‘sensitive data’). To that extent, this Regulation does not exclude Member State law that sets out the circumstances for specific processing situations, including determining more precisely the conditions under which the processing of personal data is lawful.

(13) In order to ensure a consistent level of protection for natural persons throughout the Union and to prevent divergences hampering the free movement of personal data within the internal market, a Regulation is necessary to provide legal certainty and transparency for economic operators, including micro, small and medium-sized enterprises, and to provide natural persons in all Member States with the same level of legally enforceable rights and obligations and responsibilities for controllers and processors, to ensure consistent monitoring of the processing of personal data, and equivalent sanctions in all Member States as well as effective cooperation between the supervisory authorities of different Member States. The proper functioning of the internal market requires that the free movement of personal data within the Union is not restricted or prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. To take account of the specific situation of micro, small and medium-sized enterprises, this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping. In addition, the Union institutions and bodies, and Member States and their supervisory authorities, are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of this Regulation. The notion of micro, small and medium-sized enterprises should draw from Article 2 of the Annex to Commission Recommendation 2003/361/EC

There is no recital in the Directive related to article 1.

The GDPR

Article 1  defines the purpose of the Regulation and, as Article 1 of the Directive, contains two objectives: protecting the rights and freedoms of the individual in the processing of personal data and the free movement of personal data within the Union.

Incidentally, the Regulation grants - pursuant to Article 8 of the Charter of Fundamental Rights of the Union - the right to protection of personal data.

It also recalls that the free movement of data cannot be restricted or prohibited for reasons related to the protection of individuals with regard to personal data processing.

It should be noted that the Regulation and its direct applicability have emerged as the most appropriate legal instrument to reduce the legal disparities generated by the application of different national laws. The Regulation therefore tries to overcome the fragmentation of the implementation of the personal data protection by establishing a EU-wide harmonized set of basic rules.

The Directive

The purpose of the Directive was defined in Article 1 (1), which states that Member States shall ensure the protection of fundamental rights and freedoms of individuals, in particular their right to privacy with respect to the processing of personal data. The aim is to provide an equivalent level of protection of personal data in all Member States by harmonizing national laws, to remove barriers to cross-border data transmission. The second paragraph also specifies that Member States shall neither restrict nor prohibit the free flow of personal data for reasons connected with the protection of the freedoms of individuals.

Potential issues

No specific provision

Austria

Concerning the subject-matter:

In Austria the fundamental right to data protection ("right to secrecy") in the DSG covers also legal persons. According to the GDPR "only" natural persons are covered. Therefore, the subject-matter of protection has to be limited in Austria to "only" natural persons.

On the other hand, the DSG limits the right to data protection to a "right to secrecy [...] insofar as [there is] an interest deserving such protection", which seems not to be in line with the GDPR. Also that according to the DSG the right to data protection is precluded due to their general availability seems not to be in line with the GDPR.

Concerning the free movement:

Concerning the fact that the DSG's free movement of data does not apply to data exchange between public sector controllers in fields that are not subject to the law of the European Union see Art 2 para 2 GDPR.

National caselaw

Concerning § 1 para 1 DSG:

The right so secrecy according to § 1 para 1 DSG shall not be limited to personal data contained in a manual file.

OGH 27. 06. 2016, 6Ob 191/ 15d (Austrian Supreme Court)


The fundamental right to data protection is a non-transferable, personal right that ends with the death of the affected person and is not demised to the successor. Therefore only a living person can be the subject of this fundamental right.

DSB 18.11.2015, DSB-D122.367/0007-DSB/2015 (Austria Data Protection Authority)


Concerning § 1 para 3 DSG:

The fundamental right to data protection is a non-transferable, personal right that ends with the death of the affected person and is not demised to the successor. Therefore it is not part of the estate and only the affected person during his/her lifetime has the right to information according to § 1 para 3 DSG.

VwGH 23.11.2016, Ra 2016/04/0044 (Austrian Administrative High Court)

Regulation
1e 2e

Art. 1

1.   This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

2.   This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

3.   The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

1st proposal close

Art. 1

1. This Regulation lays down rules relating to the protection of individuals with regard to the processing of personal data and rules relating to the free movement of personal data.

2. This Regulation protects the fundamental rights and freedoms of natural persons, and in particular their right to the protection of personal data.

3. The free movement of personal data within the Union shall neither be restricted nor prohibited for reasons connected with the protection of individuals with regard to the processing of personal data.

2nd proposal close

Art. 1

1. This Regulation lays down rules relating to the protection of individuals with regard to the processing of personal data and rules relating to the free movement of personal data.

2. This Regulation protects (…) fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. 2a. Member States may maintain or introduce more specific provisions to adapt the application of the rules of this Regulation with regard to the processing of personal data for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for other specific processing situations as provided for in Article 6(1)(c) and (e) by determining more precisely specific requirements for the processing and other measures to ensure lawful and fair processing including for other specific processing situations as provided for in Chapter IX.

3. The free movement of personal data within the Union shall neither be restricted nor prohibited for reasons connected with the protection of individuals with regard to the processing of personal data.

Directive close

Art. 1. 

1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.

2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1.

In force until and also after May 25, 2018:


(Constitutional Provision)
Fundamental Right to Data Protection

§ 1 DSG (2000)

(1) Everybody shall have the right to secrecy for the personal data concerning him, especially with regard to his private and family life, insofar as he has an interest deserving such protection. Such an interest is precluded when data cannot be subject to the right to secrecy due to their general availability or because they cannot be traced back to the data subject.

(2) Insofar as personal data are not used in the vital interest of the data subject or with the data subject’s consent, restrictions of the right to secrecy are permitted only to safeguard overriding legitimate interests of another person, namely in the case of interference by a public authority only on the basis of laws which are necessary for the reasons stated in Article 8 para. 2 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR), Federal Law Gazette No 210/1958. Such laws may provide for the use of data that, due to their nature, deserve special protection only in order to safeguard substantial public interests and, at the same time, shall provide for adequate safeguards for the protection of the data subjects’ interests in confidentiality. Even in the case of permitted restrictions, a fundamental right may only be interfered with using the least intrusive of all effective methods.

(3) Insofar as personal data concerning a person are intended for automated processing or processing in files managed manually, i.e. files managed without automated processing, every person shall, as provided for by law, have

  1. the right to obtain information as to who processes what data concerning the person, where the data originated from, for which purpose they are used, and in particular to whom the data are transmitted;
  2. the right to rectification of incorrect data and the right to erasure of illegally processed data.

(4) Restrictions of the rights according to para. 3 are only permitted under the conditions laid out in para. 2.

 

Old law close

In force until and also after May 25, 2018:


(Constitutional Provision)
Fundamental Right to Data Protection

§ 1 DSG (2000)

(1) Everybody shall have the right to secrecy for the personal data concerning him, especially with regard to his private and family life, insofar as he has an interest deserving such protection. Such an interest is precluded when data cannot be subject to the right to secrecy due to their general availability or because they cannot be traced back to the data subject.

(2) Insofar as personal data are not used in the vital interest of the data subject or with the data subject’s consent, restrictions of the right to secrecy are permitted only to safeguard overriding legitimate interests of another person, namely in the case of interference by a public authority only on the basis of laws which are necessary for the reasons stated in Article 8 para. 2 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR), Federal Law Gazette No 210/1958. Such laws may provide for the use of data that, due to their nature, deserve special protection only in order to safeguard substantial public interests and, at the same time, shall provide for adequate safeguards for the protection of the data subjects’ interests in confidentiality. Even in the case of permitted restrictions, a fundamental right may only be interfered with using the least intrusive of all effective methods.

(3) Insofar as personal data concerning a person are intended for automated processing or processing in files managed manually, i.e. files managed without automated processing, every person shall, as provided for by law, have

  1. the right to obtain information as to who processes what data concerning the person, where the data originated from, for which purpose they are used, and in particular to whom the data are transmitted;
  2. the right to rectification of incorrect data and the right to erasure of illegally processed data.

(4) Restrictions of the rights according to para. 3 are only permitted under the conditions laid out in para. 2.

(Note: para. 5 repealed by Federal Law Gazette I No 51/2012)

In force until May 25, 2018:


§ 12 DSG 2000. (1) The transmission and committing of data to recipients in signatory states of the European economic area is not subject to any restrictions in terms of § 13. This does not apply to data exchange between public sector controllers in fields that are not subject to the law of the European Union.

[...]

close