A divided European data protection framework: a critical reflection on the choices of the European legislator post-Lisbon

Abstract

The Lisbon Treaty introduced Article 16 in the Treaty on the Functioning of the European Union (TFEU), which establishes the right to data protection. Article 16 TFEU offers the legal basis for the adoption of a framework that ensures the uniform application of data protection rules in all areas of EU law. During the major reform of the secondary European data protection legal framework, the European legislator chose to adopt the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED) as the main legal instruments regulating data protection, instead of opting for one single legal instrument. The GDPR and the LED are complemented with a number of provisions and acts that draw a patchwork of data protection rules depriving the European Union from a harmonised framework. This chapter explores the complex web of provisions in the EU legal framework, focusing on the EU primary law, presents the options that existed in the hands of the European legislator and makes reflections on the favouring of a divided system in European data protection regulation.