The General Data Protection Regulation and its Violation of EU Treaties

• Author: Mario Rosentau
• Pages: 36-40

36 JURIDICA INTERNATIONAL 27/2018

Mario Rosentau

Dr. iur.

Lecturer of Comparative Jurisprudence

University of Tartu

The General Data Protection

Regulation and its Violation

of EU Treaties

The EU General Data Protection Regulation (GDPR) entered into force on 25 May, two weeks after Europe

Day. Quite a lot has been said about the objectives for it, its requirements, and the steps of preparation both

on a practical and on a jurisprudential level.*1 In brief, one can state that the GDPR is generally good and

necessary: it will vigorously protect the fundamental rights of self-determination and identity of European

people.*2

In all of this data-protection bustle, one rather fundamental issue has gone unnoticed, though: the

General Data Protection Regulation violates EU treaties! In other words, in essence it runs counter

to the ‘constitutional organisation’ of the EU, formed in line with the establishing treaties. How so? The con-

f‌l ict arises from the interaction of two elements. Firstly, the GDPR is, at base, a ‘European law’. Secondly,

European laws are banned by European treaties.

I will begin with the second of these elements. If we are to understand this, we need to go back in time

about 15 years.

In February 2002, at the instigation of France, the Convention on the Future of Europe became enforce-

able, with the aim of developing the constitutional agreement or constitution for the EU. By June 2003, the

draft constitution was ready, and in October of the following year it was sent to the EU member states for

ratif‌i cation. Whether regrettably or not, the most ambitious plan to reform the European Union crashed at

the hurdle of the very f‌i rst referenda: on 29 May 2005, 55% of those voting in France cast their vote against

the project, and two days later, on 1 June, 61.6% of voters in the Netherlands did the same. Although earlier

‘repeat referenda’ in Denmark and Ireland had proved able to save the treaties of Maastricht and Nice and

while some countries, Germany and Austria among them, did attempt to continue the process of creating

the EU constitution, the opposition scared the leaders enough for the plan to be dropped.

The draft treaty establishing a constitution for Europe*3 envisaged an important innovation – two

legal instruments directly applicable in the Member States and superior to them: the European law and

 For a lengthier analysis, see, for instance, Paul Voigt, Axel von dem Bussche. The EU General Data Protection Regula-

tion (GDPR): A Practical Guide. Springer . – DOI: https://doi.org/./----; Paul B. Lambert.

Understanding the New European Data Protection Rules. CRC Press – Taylor & Francis Group . – DOI: https://doi.

org/./.

 Incidentally, the UK plans to enforce more or less similar rules in the domestic law after Brexit. See A New Data Protection Bill:

Our Planned Reforms. Statement of Intent of the Department for Digital, Culture, Media & Sport,  August , available online

at https://www.gov.uk/government/uploads/system/uploads/attachment_data/f‌i le//--_DP_Bill_-_State-

ment_of_Intent.pdf (most recently accessed on  July )

 Draft Treaty Establishing a Constitution for Europe, CONV /, submitted  July .

https://doi.org/10.12697/JI.2018.27.03