CURIA - Documents
12 of 58
http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...
freedoms of natural persons with regard to the processing of such data should be equivalent in all
Member States. Consistent and homogenous application of the rules for the protection of the
fundamental rights and freedoms of natural persons with regard to the processing of personal data
should be ensured throughout the Union. …’
23
Article 2 of that regulation provides:
‘1.
This Regulation applies to the processing of personal data wholly or partly by automated
means and to the processing other than by automated means of personal data which form part of a
filing system or are intended to form part of a filing system.
2.
This Regulation does not apply to the processing of personal data:
(a)
in the course of an activity which falls outside the scope of Union law;
(b)
by the Member States when carrying out activities which fall within the scope of Chapter 2
of Title V of the TEU;
…
(d)
by competent authorities for the purposes of the prevention, investigation, detection or
prosecution of criminal offences or the execution of criminal penalties, including the
safeguarding against and the prevention of threats to public security.
…
4.
This Regulation shall be without prejudice to the application of Directive [2000/31], in
particular of the liability rules of intermediary service providers in Articles 12 to 15 of that
Directive.’
24
Article 4 of that regulation reads as follows:
‘For the purposes of this Regulation:
(1)
“personal data” means any information relating to an identified or identifiable natural person
(“data subject”); an identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2)
“processing” means any operation or set of operations which is performed on personal data
or on sets of personal data, whether or not by automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction;
…’
25
Article 5 of Regulation 2016/679 provides:
‘1.
Personal data shall be:
(a)
processed lawfully, fairly and in a transparent manner in relation to the data subject
(“lawfulness, fairness and transparency”);
(b)
collected for specified, explicit and legitimate purposes and not further processed in a
manner that is incompatible with those purposes; further processing for archiving purposes in
2/15/2021, 4:58 PM