Asmens duomenų apsauga: ES ir Europos Tarybos standartų santykis ; Protection of personal data: interrelation between the standards of eu and the council of europe

Abstract

Because of the growing influence of digital technologies there are many significant challenges on personal data protection law. It is therefore necessary to strengthen the data protection systems of the European Union and the Council of Europe. In order to ensure adequate protection of personal data in Europe, it is necessary to harmonize data protection standards as much as possible. Therefore, the aim of this work is to review data protection regulations in the European Union and the Council of Europe. In order to compare regulatory standards, the paper analyses the data protection law reforms of the European Union and the Council of Europe, compares data protection systems, focusing on the basics of legislation – the General Data Protection Regulation and the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. In particular, the data protection principles enshrined in this legislation, the basis for data processing and the rights of data subjects are guaranteed. The way in which the standards of the European Union and the Council of Europe are applied in Lithuania is also taken into account. The Data Protection Convention sets out the same data protection principles as the General Data Protection Regulation: legality, fairness, transparency, limited purpose, and so on. However, the grounds for data collection set out in the Convention on Data Protection are not detailed, stating that data may be processed on the basis of the data subject's consent and on other grounds provided by law. Meanwhile, the General Data Protection Regulation provides 5 specific data processing grounds in addition to the data subject's consent as a basis for data processing. The rights of data subjects are fairly similar but the Convention on Data Protection does not provide for the right to data portability and the right to restrict data processing, which are enshrined in the General Data Protection Regulation. A comparison of the personal data protection standards of the European Union and the Council of Europe shows that the aim is to ensure data protection principles of a similar scope, the basis of data processing and the rights of data subjects. However, the data protection provisions in the General Data Protection Regulation are much more specific than in the Data Protection Convention. It is considered that the broader regulation in the General Data Protection Regulation is required by the rules of the European Union itself.