FAQ: Which national data protection laws apply?

FAQ: Which national data protection laws apply?

What is the legislative basis for determining applicable law?

The provisions of art 4(1) of Directive 95/46/EC govern the application of a member state's legislation to the processing of personal data. Under art 4(1)(a) and 4(1)(c) it is the location of the data controller or the location of equipment used by the data controller which often determines applicable law.

Of significance to those questions is the issue of the data controller's 'establishment'. Recital 19 of Directive 95/46/EC provides some guidance in this regard, indicating that an 'establishment on the territory of a Member State implies the effective and real exercise of activity through stable arrangements; whereas the legal form of such an establishment, whether simply branch or a subsidiary with a legal personality, is not the determining factor in this respect'.

Is there any additional formal guidance as to applicable law?

Continuing uncertainty of the position under the legislation relating to applicable law in different scenarios led to an Article 29 Working Party opinion on the issue in 2010. While this guidance is not binding it is strongly indicative of the approach likely to be taken by national regulators on the interpretation of the legislation.

Where do I start?

Before engaging with this question

Subscription Form

Related Articles:
Latest Articles:

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login