Data Protection Directive
The Data Protection Directive, also known as Directive 95/46/EC, is a privacy decree adopted by the European Union in 1995 that dictates the way personal data may be processed. It is one of the main reasons the European Union is seen as a leader in human rights and privacy law.
The Data Protection Directive defines personal data as "any information relating to an identified or identifiable natural person," and processing as "any operation or set of operations performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." It stipulates that personal data may only be processed under certain special circumstances:
- When the data subject has given his or her consent.
- When the processing is necessary for the performance of or the entering into a contract.
- When processing is necessary for compliance with a legal obligation.
- When processing is necessary to protect the vital interests of the data subject.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed. Except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject.