Skip to content

Codes of (Mis)conduct? An Appraisal of Articles 40-41 GDPR in View of the 1995 Data Protection Directive and Its Shortcomings

Carl Vander Maelen

DOI https://doi.org/10.21552/edpl/2020/2/9

Keywords: codes of conduct, GDPR, 1995 Data Protection Directive, Articles 40-41 GDPR, co-regulation


The EU increasingly integrates alternative regulatory instruments (ARIs) in legislation, encouraging private stakeholder participation in the implementation and enforcement processes of those hard law instruments. Articles 40 and 41 GDPR are an example thereof, stipulating that bodies representing categories of controllers or processors should develop codes of conduct to specify the concrete application of the GDPR’s principles, rights and obligations. This article first analyses the legislative predecessor to these articles: Article 27 of the Data Protection Directive (DPD). Available information concludes that both the so-called ‘Community codes’ and national codes under this provision failed to make their desired impact. Second, this contribution inspects the key objectives, as well as the material and formal content of Articles 40 and 41 GDPR to identify similarities and differences between the DPD and the GDPR. Preliminary and cautious predictions are offered on whether GDPR codes of conduct will chart a more successful course.
Keywords: codes of conduct, GDPR, 1995 Data Protection Directive, Articles 40-41 GDPR, co-regulation

Carl Vander Maelen, Ghent University – Faculty of Law, Research group Law & Technology. The author is grateful for the feedback received during the PLSC-Europe 2019 conference, where a first draft of this paper was presented. In particular, the author would like to thank Prof Dr Eva Lievens and Dr Catherine Jasserand-Breeman for their invaluable comments.

Share


Lx-Number Search

A
|
(e.g. A | 000123 | 01)

Export Citation