The Charter of Fundamental Rights is one of the pillars of the foundation of the European Union. It is legally equivalent to the European treaties and thus belongs to the primary law of the Union, cf. Art. 6 (1) TEU. The fundamental rights contained therein have been derived from the rights enshrined in the European Convention on Human Rights (ECHR), constitutional traditions of the Member States, the European Social Charter, the Community Charter of Fundamental Social Rights of Workers, EU fundamental freedoms and the case law of the Court of Justice of the European Union and the European Court of Human Rights. The Charter carries European values and rights that cannot be denied to the individual. The rights guaranteed therein shall be ensured by the Member States implementing or applying EU law. It also contains the basic right to data protection, Art. 8 of the Charta of Fundamental Rights.
DATA PROTECTION AS A FUNDAMENTAL RIGHT
The EU fundamental right to the protection of personal data is derived from Art. 8 of the Charter of Fundamental Rights of the European Union. It is effective since the entry into force of the Treaty of Lisbon in all Member States together with the fundamental rights provided for by national constitutions. According to the correct view, it may only be applied during the domestic application of the Union law. Thereby, it is, according to the worldly view, of a higher-ranking nature, in comparison with the legislation of the Member States, provided that such rights are based on European law or are subject to fundamental rights and fundamental freedoms (1).
Under Art. 8 (1) of the Charta of Fundamental Rights, every person has the right to the protection of the personal data concerning them. Art. 8 (1) sentence 1 of the Charta of Fundamental Rights requires that personal data may only be processed in good faith for defined purposes and with the consent of the data subject or on another legitimate basis established by law. According to the sentence 2 of Art. 8 (II) of the Charta of Fundamental Rights, each person has the right to obtain information on the collected data concerning him and the right to have it rectified. Compliance with the above is supervised by an independent body, according to Art. 8 (III) of the Charta of Fundamental Rights. Consequently, the basic right must have a deep meaning.
Respect for and safeguardi ng of fundamental rights is the duty of all. For this reason, data protection should be given a particularly high priority in every enterprise.
Affirming the ECJ, decision dated 06.10.2015 – C362 / 14, NJW 2015, 3151 = NVwZ 2016, 43 – Safe Harbor, Rn. 38; Decision dated 11.12.2014 – C 212/13, NJW 2015, 463 = GRUR Int. 2015, 293 – Rynes, Rn. 29; Decision dated 13.05.2014 – C 131/12, NJW 2014, 2257 = NVwZ 2014, 857 – Google Spain SL and Google Inc., Rn. 68; But another view the Federal Constitutional Court, decision dated 31.5.2016 – 1 BvR 1585/13, MMR 2016, 463 – Metal on metal, marg. 117; Resolution v. 4.10.2011 – 1 BvL 3/08, BVerfGE 129, 186 = NJW 2012, 45 = EuZW 2012, 232 = DB 2011, 2468 – Investment Allowances Act, 39
comp. the Federal Constitutional Court, decision dated 15.12.1983 – 1 BvR 209/83, BVerfGE 65, 1 = NJW 1984, 418