Published: February 2020
Publisher: Oxford University Press
This new book provides an article-by-article commentary on the new EU General Data Protection Regulation.
Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world.
This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.
Table of Contents
Table of Cases xvii
Table of Legislation xix
Table of Article 29 Working Party and European Data Protection Board documents xxi
List of Abbreviations xxiii
List of Contributors xxv
Background and evolution of the EU General Data Protection Regulation (GDPR)
Chapter I: General Provisions (Articles 1- 4)
Chapter II: Principles (Articles 5- 11)
Chapter III: Rights of the Data Subject (Articles 12- 23)
Chapter IV: Controller and Processor (Articles 24- 43)
Chapter V: Transfers of Personal Data to Third Countries or International Organisations (Articles 44- 50)
Chapter VI: Independent Supervisory Authorities (Articles 51- 59)
Chapter VII: Cooperation and Consistency (Articles 60- 76)
Chapter VIII: Remedies, Liability and Penalties (Articles 77- 84)
Chapter IX: Provisions Relating to Specific Processing Situations (Articles 85- 91)
Chapter X: Delegated Acts and Implementing Acts (Articles 92- 93)
Chapter XI: Final Provisions (Articles 94- 99)
About the Authors
Edited by Christopher Kuner, Brussels Privacy Hub, Vrije Universiteit Brussel (VUB), Lee A. Bygrave, Department of Private Law, University of Oslo, Christopher Docksey, Hon. Director General, EDPS, and Assistant Editor Laura Drechsler.
Christopher Kuner is Professor of Law and Co-Director of the Brussels Privacy Hub at the Vrije Unversiteit Brussel (VUB), Visitng Professor in the Faculty of Law at Maastricht University, Senior Privacy Counsel at the Brussels office of Wilson Sonsini Goodrich & Rosati, and editor-in-chief of the journal International Data Privacy Law. Lee A Bygrave is Professor of Law and Director of the Norwegian Research Center for Computers and Law, University of Oslo. Christoper Docksey is Honorary Director General at the EDPS, a member of the Guernsey Data Protection Authority, and a Visiting Fellow and member of the Advisory Borad of the European Centre on Privacy and Cybersecurity (ECPC) at Maastricht University Faculty of Law.
Cecilia Alvarez Rigaudias is the former Chairwoman of the Spanish Association of Privacy Professionals (APEP).
Peter Blume is Professor of Data Protection Law and Legal Method at the Faculty of Law, University of Copenhagen.
Cédric Burton is partner in the Brussels office of Wilson Sonsini Goodrich & Rosati, where he heads the firms EU data protection and cyber security practice.
Giovanni Buttarelli, who sadly passed away in August 2019, was the European Data Protection Supervisor (EDPS), and former Secretary General of the Italian Data Protection Authority.
Lee A. Bygrave is Professor of Law at the Norwegian Research Center for Computers and Law (NRCCL), University of Oslo.
Piedade Costa de Oliveira is a Member of the Legal Service of the European Commission and a Visiting Professor at the University of São Paulo, Brazil.
Cécile de Terwangne is Professor at the Faculty of Law of the University of Namur (Belgium) and Research Director at the CRIDS (Research Centre for Information, Law and Society), University of Namur.
Christopher Docksey is Honorary Director General at the EDPS, member of the Guernsey Data Protection Authority, and Visiting Fellow and member of the Advisory Board of the European Centre on Privacy and Cybersecurity (ECPC) at Maastricht University Faculty of Law.
Laura Drechsler is a Ph.D. researcher (FWO aspirant) at the Brussels Privacy Hub (BPH) at the Law, Science, Technology and Society (LSTS) Research Group of the Vrije Universiteit Brussel (VUB).
Ludmila Georgieva holds a doctoral degree in law from the University of Vienna, was formerly Attaché at the Austrian Permanent Representation to the EU for Cybersecurity, Data Protection and Media Policy where she negotiated a number of EU data protection and cybersecurity instruments (such as the GDPR and the EU Cybersecurity Act), and is now at Google in Brussels.
Gloria González Fuster is a Research Professor at the Faculty of Law and Criminology of the Vrije Universiteit Brussel (VUB), where she is also co-director of the Law, Science, Technology and Society (LSTS) Research Group and member of the Brussels Privacy Hub (BPH).
Hielke Hijmans is Member of the Executive Committee and President of the Litigation Chamber of the Belgian Data Protection Authority, has a standing affiliation with the Vrije Universiteit Brussel (VUB)/Brussels Privacy Hub, and is a member of the Meijers Committee in The Netherlands.
Irene Kamara is researcher at the Tilburg Institute for Law, Technology and Society (TILT) of Tilburg University, affiliate researcher at the Law, Science, Technology and Society (LSTS) Research Group of the Vrije Universiteit Brussel (VUB) and attorney- at-law admitted to the Athens Bar Association.
Dimitra Kamarinou is a Researcher at the Cloud Legal Project, Centre for Commercial Law Studies, Queen Mary, University of London and a qualified Greek attorney-at-law.
Eleni Kosta is Full Professor of Technology Law and Human Rights at the Tilburg Institute for Law, Technology and Society (TILT) of Tilburg University and a part time associate at the Brussels-based law firm time.lex.
Waltraut Kotschy is Senior Of Counsel for the Ludwig Boltzmann Institute of Human Rights (Vienna), CEO of DPCC e.U. and dsgvo-help.gmbh. and a former Austrian Data Protection Commissioner.
Herke Kranenborg is a member of the Legal Service of the European Commission and affiliated senior researcher at the Institute for European Law of the KU Leuven.
Christopher Kuner is Professor of Law and Co-Director of the Brussels Privacy Hub at the Vrije Universiteit Brussel (VUB), Visiting Professor in the Faculty of Law at Maastricht University, Senior Privacy Counsel in the Brussels office of Wilson Sonsini Goodrich & Rosati, editor-in-chief of the journal International Data Privacy Law, and a member of the European Commissions multistakeholder expert group to support the application of the GDPR.
Ronald Leenes is Professor in Regulation by Technology and Director of the Tilburg Institute for Law, Technology and Society (TILT), Tilburg University.
Orla Lynskey is an Associate Professor of Law at the London School of Economics and Political Science and an editor of International Data Privacy Law.
Christopher Millard is Professor of Privacy and Information Law and Head of the Cloud Legal Project at Queen Mary University of London, Senior Counsel at the law firm Bristows and an Editor of the International Journal of Law and Information Technology and of International Data Privacy Law.
Dominique Moore is a member of the Legal Service of the European Parliament.
Radim Polčák is the head of the Institute of Law and Technology, Faculty of Law, Masaryk University, Brno.
Matthias Schmidl is the Deputy Director of the Austrian Data Protection Authority and Co-Editor of a Commentary on the GDPR and on the Austrian Data Protection Act.
Anrijs Šimkus is a paralegal at DLA Pipers Brussels office and holds a masters degree in law from the University of Latvia and a masters degree in IP & ICT law from KU Leuven.
Alessandro Spina is a member of the Legal Service of the European Commission and former data protection officer of the European Medicines Agency (EMA).
Dan Jerker B. Svantesson is Professor and Co-Director of the Centre for Commercial Law at the Faculty of Law of Bond University (Australia) and a Researcher at the Swedish Law & Informatics Research Institute of Stockholm University.
Luca Tosoni is a Belgian and Italian qualified lawyer and a Doctoral Research Fellow at the Norwegian Research Center for Computers and Law (NRCCL), University of Oslo.
Patrick Van Eecke is global co-chair of DLA Pipers Data Protection, Privacy and Information Security Practice and a professor at the University of Antwerp teaching European Cyberlaw.
Christian Wiese Svanberg is the Chief Privacy Officer and Data Protection Officer of the Danish Police and External Lecturer in European Data Protection Law at the University of Copenhagen.
Gabriela Zanfir-Fortuna is an independent expert on EU data protection law, with affiliations at the Future of Privacy Forum (Washington DC), Ankura Consulting, and the Vrije Universiteit Brussel, and was formerly legal officer at the European Data Protection Supervisor.
Thomas Zerdick is Head of Unit in the Secretariat of the European Data Protection Supervisor and was formerly an official specialising in data protection in the European Commission.
Reviews and Awards
"The GDPR Treatise from Kuner, Bygrave & Docksey is an indispensable guide to the world's most important privacy law. A must-have for scholars and practitioners of data protection." - Paul Schwartz, Jefferson E. Peyser Professor of Law, Berkeley Law School.
"The EU's GDPR is setting standards across the globe. It needs to be digested and understood. This book, written by highly respected authors, provides an indispensable road map to its provisions and detailed analysis of their content." - Catherine Barnard, Professor of European Union and Labour Law, University of Cambridge.
Payment & Security
Your payment information is processed securely. We do not store credit card details nor have access to your credit card information.