Abstract

The proposed data protection regulation2 includes mention of the use of criminal and administrative sanctions. Both were possible in EU data protection law but, after the reform, the use of administrative sanctions will become mandatory. With regard to criminal sanctions to address data protection wrongs, nothing changes: member states can choose to create them or not. Why is the new EU, with its enhanced post-Lisbon powers, so timid and '1995-ish' with regard to criminal law? How is it possible that, to reform a set of rules created by a directive, a regulation is chosen with the aim of harmonising just about everything in EU data protection law, but not the chapter on sanctions and enforcement? This contribution lists some explanatory factors and reflects on future regulatory choices in member states.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call