The GDPR timeline

For those that really want to understand the General Data Protection Regulation (GDPR) and why it is so important now, we have published this useful timeline.

Timeline

1980

23 SEP

OECD Issued recommendations for the protection of personal data
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980

1995

24 Oct

Directive 95/46/EC, A more binding form of governance in the Data Protection Directive
Europa, 1995

2000

26 Jul

Safe Harbour Principles were developed. Designed to prevent the disclosing or losing of personal information (Europa, 2000)

Notice – Individuals must be informed
Choice – options to opt out
Onward Transfer – only allowable for organisations that follow adequate data protection principles
Security – reasonable efforts to prevent loss of collected information
Data Integrity – data must be relevant and reliable for the purpose it was collected
Access – Individuals must have access to information held, corrections or delete if inaccurate
Enforcement – An effective means of enforcement must exist

2001

26 Oct

US Patriot act, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
Government Publishing Office (US), 2001

2002

2 Jul

EU found that (WP29, 2002)

...a substantial number of organisations that have self-certified adherence to the Safe Harbour do not seem to be observing the expected degree of transparency as regards their overall commitment or as regards the contents of their privacy policies..

...not all dispute resolution mechanisms have indicated publicly their intention to enforce Safe Harbour...

...not all have in place privacy practices applicable to themselves...

2011

14 Jan

EDPS – European Data protection supervisor publishes an opinion on the European Commission's Communication
European Data Protection Supervisor, 2011

1 Jun

Microsoft UK MD states that

Cloud Data, regardless of where it is in the world, is not protected against the Patriot Act

Whittacker, 2011

2012

25 Jan

EC - Proposal to strengthen online privacy rights and digital economy
Europa, 2012

7 Mar

EDPS Opinion on EC data protection reform Package
EUROPEAN DATA PROTECTION SUPERVISOR, 2012

23 Mar

WP29 Opinion on data reform proposal
ARTICLE 29 DATA PROTECTION WORKING PARTY, 2012

5 Oct

WP29 Update on data protection reform
ARTICLE 29 DATA PROTECTION WORKING PARTY, 2012

2013

09 Jun

Edward Snowden’s revelations concerning activities of the United States Intelligence Services
Gellman, Blake, & Miller, 2013

2014

12 Mar

EP Adopts GDPR
The European Parliament, 2014

2015

24 Mar

Maximillian Shrems case aimed at prohibiting Facebook, in light of the Snowden revelations, from transferring data from Ireland to United States was heard by CJEU
(InfoCuria - Case-law of the Court of Justice, 2015

23 Sep

Advocate General, Yves Bot stated that

...the European Commission was unable to guarantee that "adequate" safeguards for the protection of data are met

Court of Justice of the European Union, 2015

15 Jun

The council reaches a general approach on the GDPR

27 Jul

EDPS recommendations on the final text of GDPR
Official Journal of the European Union, 2015

06 Oct

European Court of Justice invalidates the Safe Harbour Decision

...compromising the essence of the fundamental right to respect for private life...

EUR-Lex, 2015

15 Dec

EP, Council and EC reach an agreement on the GDPR
Council of the European Union, 2015

2016

02 Feb

Article 29 Working Party issues an action plan for the implementation of the GDPR
Article 29 Working Party, 2017

24 May

The Regulation enters into force, 20 days after publication in the official journal of the EU
Council of the European Union, 2016

2017

10 Jan

EC proposes two new regulations on privacy and electronic communications and on the data protection rules applicable to EU institutions
European Commission, 2017

2018

6 May

Data Protection Directive for the police and justice sectors into national legislation applicable from this day
Parliament, 2018

25 May

The General Data Protection Regulation will apply from this day

Bibliography

ARTICLE 29 DATA PROTECTION WORKING PARTY. (2012, March 23). Opinion 01/2012 on the data protection reform proposals . Retrieved from Opinion 01/2012 on the data protection reform proposals : http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp191_en.pdf
ARTICLE 29 DATA PROTECTION WORKING PARTY. (2012, October 5). Opinion 08/2012 providing further input on the data protection reform discussions. Retrieved from Europa.eu: http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp199_en.pdf Article 29 Working Party. (2017, January 16). ADOPTION OF 2017 GDPR ACTION PLAN. EU Press Release.
COMMISSION OF THE EUROPEAN COMMUNITIES. (2000, July 26). europa justice. Retrieved from http://www.ec.europa.eu/justice_home/fsj/privacy/docs/adequacy/sec-2002-196/sec-2002-196_en.pdf
Council of the European Union. (2015, June 2015). Data Protection: Council agrees on a general approach. Retrieved from Europa.EU: http://www.consilium.europa.eu/en/press/press-releases/2015/06/15/jha-data-protection/
Council of the European Union. (2015, Decemeber 18). EU data protection reform: Council confirms agreement with the European Parliament. Retrieved from Europa.eu: http://www.consilium.europa.eu/en/press/press-releases/2015/12/18/data-protection/
Council of the European Union. (2016, May 24). The general data protection regulation. Retrieved from Europa.eu: http://www.consilium.europa.eu/en/policies/data-protection-reform/data-protection-regulation/
Court of Justice of the European Union. (2015, September 23). Advocate General’s Opinion in Case C-362/14. Retrieved from Europa.eu: https://curia.europa.eu/jcms/upload/docs/application/pdf/2015-09/cp150106en.pdf
EUR-Lex. (2015, October 6). Access to European Law. Retrieved from Europa.EA: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=ecli%3AECLI%3AEU%3AC%3A2015%3A650
Europa. (1995, October 24). Access to European Law. Retrieved from EUR-Lex: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046
Europa. (2000, July 26 ). Access to European Law. Retrieved from EUR-Lex: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32000D0520
Europa. (2012, January 25). Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. Retrieved from European Commission - Press release: http://europa.eu/rapid/press-release_IP-12-46_en.htm
European Commission. (2017, January 10). Commission proposes high level of privacy rules for all electronic communications and updates data protection rules for EU institutions. Retrieved from Press Release Database: http://europa.eu/rapid/press-release_IP-17-16_en.htm
European Data Protection Superisor. (2011, January 14). Opinion of the European Data Protection Supervisor. Retrieved from https://edps.europa.eu/sites/edp/files/publication/11-01-14_personal_data_protection_en.pdf
EUROPEAN DATA PROTECTION SUPERVISOR. (2012, March 7). Executive summary EDPS Opinion of 7 March 2012 on the data protection reform package. Retrieved from Official Journal of the European Union : https://edps.europa.eu/sites/edp/files/publication/12-03-07_edps_reform_package_summary_en.pdf
Gellman, B., Blake, A., & Miller, G. (2013, June 9). The Washington Post. Retrieved from Edward Snowden comes forward as source of NSA leaks: https://www.washingtonpost.com/politics/intelligence-leaders-push-back-on-leakers-media/2013/06/09/fff80160-d122-11e2-a73e-826d299ff459_story.html?noredirect=on&utm_term=.874e4877bf35
Government Publishing Office (US). (2001, October 26). PLAW-107publ56.pdf. Retrieved from Government Publishing Office (US): https://www.gpo.gov/fdsys/pkg/PLAW-107publ56/pdf/PLAW-107publ56.pdf
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. (1980, September 23). Retrieved from OECD: http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
InfoCuria - Case-law of the Court of Justice. (2015, October 6). JUDGMENT OF THE COURT (Grand Chamber). Retrieved from Europa.EU: http://curia.europa.eu/juris/document/document.jsf?docid=169195&doclang=EN
Official Journal of the European Union. (2015, October 12). EDPS recommendations on the EU’s options for data protection reform. Retrieved from EUR-Lex: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52015XX0912%2801%29
Parliament. (2018, March 1). Data Protection Bill 2017-19. London: House of Commons. Retrieved from House of Commons Library.
The European Parliament. (2014, March 12). Protection of individuals with regard to the processing of personal data. Retrieved from Europa.ea: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT%20TA%20P7-TA-2014-0212%200%20DOC%20XML%20V0//EN
Whittacker, Z. (2011, June 28). Microsoft admits Patriot Act can access EU-based cloud data. Retrieved from zdnet: https://www.zdnet.com/article/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/
WP29. (2002, July 2). Working Document on Functioning of the Safe Harbor Agreement. Retrieved from http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2002/wp62_en.pdf