Introduction...1
Art. 1 Subject-Matter and Objectives (Gerrit Hornung and Indra Spiecker gen. Döhmann)...77
Art. 2 Material scope (Vagelis Papakonstantinou and Paul De Hert).... 92
Art. 3 Territorial scope (Gerrit Hornung)... 116
Art. 4(1) Personal data (Domingos Farinho)... 135
Art. 4(2) Processing (Vagelis Papakonstantinou and Paul De Hert) ... 148
Art. 4(3) Restriction of processing (Domingos Farinho) ...156
Art. 4(4) Profiling (Olivia Tambou)...158
Art. 4(5) Pseudonymisation (Marco Almada, Juliano Maranhao and Giovanni Sartor)... 162
Art. 4(6) Filing system (Vagelis Papakonstantinou and Paul De Hert)... 168
Art. 4(7) Controller (András Jóri)... 175
Art. 4(8) Processor (András Jóri) ...186
Art. 4(9) Recipient (András Jóri)... 189
Art. 4(10) Third party (András Jóri)...192
Art. 4(11) Consent (Judith Rauhofer and Burkhard Schafer) ...195
Art. 4(12) Definitions (Alexander Dix)... 216
Art. 4(13) Genetic data (András Jóri)...219
Art. 4(14) Biometric data (András Jóri)... 221
Art. 4(15) Data concerning health (András Jóri) ... 225
Art. 4(16) Main establishment (Sebastian Bretthauer) ... 229
Art. 4(17) Representative (Gerrit Hornung) ... 237
Art. 4(18) Enterprise (Stefan Drewes and Sebastian Bretthauer)...239
Art. 4(19) Group of undertakings (Stefan Drewes and Sebastian Bretthauer) ...240
Art. 4(20) Binding corporate rules (Peter Schantz) ... 241
Art. 4(21) Supervisory authority (Sebastian Bretthauer)..... 242
Art. 4(22) Supervisory authority concerned (Sebastian Bretthauer)...244
Art. 4(23) Cross-border processing (Sebastian Bretthauer) ...248
Art. 4(24) Relevant and reasoned objection (Indra Spiecker gen. Döhmann) ... 251
Art. 4(25) Definitions (Judith Rauhofer and Burkhard Schafer)... 253
Art. 4(26) International organisation (Stefanie Schiedermair)...258
Art. 5 Principles relating to processing of personal data (Alexander Roßnagel and Phillip Richter) ... 261
Art. 6 Lawfulness of processing (Giovanni Sartor) ... 291
Art. 6(1)(f) Content personalisation (Marco Almada, Juliano Maranhao, Giovanni Sartor)... 328
Art. 6(1)(f) Opinion and market research in the age of Big Data (Domingos Farinho)... 340
Art. 6(1)(f) Data processing for marketing purposes (Domingos Farinho) ... 345
Art. 6(1)(f) Credit scoring (Hans- W. Micklitz and Giovanni Sartor) ...356
Art. 6(1)(f) Video recording (Domingos Farinho) ... 363
Art. 7 Conditions for consent (Judith Rauhofer and Burkhard Schafer) ...376
Art. 8 Conditions applicable to child's consent in relation to information society services (Judith Rauhofer and Burkhard Schafer) ...391
Art. 9 Processing of special categories of personal data (András Jóri)...400
Art. 10 Processing of personal data relating to criminal convictions and offences (András Jóri) ... 420
Art. 11 Processing which does not require identification (Laura Carmichael, Emma Cradock and Sophie Stalla-Bourdillon) ... 426
Art. 12 Transparent information, communication and modalities for the exercise of the rights of the data subject (Alexander Dix) ...434
Art. 13 Information to be provided where personal data are collected from the data subject (Alexander Dix) ...448
Art. 14 Information to be provided where personal data have not been obtained from the data subject (Alexander Dix)...458
Art. 15 Right of access by the data subject (Alexander Dix)...466
Art. 16 Right to rectification(Alexander Dix).... 480
Art. 17 Right to erasure (‘right to be forgotten’) (Artemi Rallo and Jorge Viguri) ...487
Art. 18 Right to restriction of processing (Domingos Farinho)... 496
Art. 19 Notification obligation regarding rectification or erasure of personal data or
restriction of processing (Alexander Dix)...503
Art. 20 Right to data portability (Alexander Dix) ... 508
Art. 21 Right to object (Laura Carmichael, Emma Cradock and Sofie Stalla Bourdillon)...518
Art. 22 Automated individual decision-making, including profiling (Olivia Tambou) ...525
Art. 23 Restrictions (Alexander Dix)...543
Art. 24 Responsibility of the controller (Jos Dumortier and Pieter Gryffroy)...564
Art. 25 Data protection by design and by default (Marco Almada, Juliano Maranhao and Giovanni Sartor) ... 580
Art. 26 Joint controllers (Jos Dumortier and Pieter Gryffroy)...602
Art. 27 Representatives of controllers or processors not established in the Union (Gerrit Hornung)... 617
Art. 28 Processor (András Jóri)... 626
Art. 29 Processing under the authority of the controller or processor (András Jóri)... 646
Art. 30 Records of processing activities (Laura Carmichael, Emma Cradock and Sofie Stalla Bourdillon) ...649
Art. 31 Cooperation with the supervisory authority (Eva Souhrada-Kirchmayer) ...656
Art. 32 Security of processing (Evangelia Papadaki and Sophie- Stalla Bourdillon)... 659
Art. 33 Notification of a personal data breach to the supervisory authority (Alexander Dix) ...670
Art. 34 Communication of a personal data breach to the data subject (Alexander Dix) ... 681
Art. 35 Data protection impact assessment (Jens Ambrock and Moritz Karg) ....687
Art. 36 Prior consultation (Jens Ambrock and Moritz Karg)... 706
Art. 37 Designation of the data protection officer (Stefan Drewes and Sebastian Bretthauer)...714
Art. 38 Position of the data protection officer (Stefan Drewes and Sebastian Bretthauer) ... 725
Art. 39 Tasks of the data protection officer (Stefan Drewes and Sebastian Bretthauer) ...730
Art. 40 Codes of conduct (Alexander Roßnagel and Philipp Richter)...736
Art. 41 Monitoring of approved codes of conduct(Alexander Roßnagel and Philipp Richter)...750
Art. 42 Certification (Irene Kamara)...757
Art. 43 Certification bodies (Irene Kamara)...767
Art. 44 General principle for transfers (Peter Schantz)...775
Art. 45 Transfers on the basis of an adequacy decision (Peter Schantz) ...785
Art. 46 Transfers subject to appropriate safeguards (Peter Schantz) ... 803
Art. 47 Binding corporate rules (Peter Schantz)... 823
Art. 48 Transfers or disclosures not authorised by Union law (Peter Schantz) ... 835
Art. 49 Derogations for specific situations (Peter Schantz) ...838
Art. 50 International cooperation for the protection of personal data (Stefanie Schiedermair) ...854
Art. 51 Supervisory authority (Eva Souhrada Kirchmayer) ... 858
Art. 52 Independence (András Jóri)...863
Art. 53 General conditions for the members of the supervisory authority(Eva Souhrada-Kirchmayer) ...873
Art. 54 Rules on the establishment of the supervisory authority (Eva Souhrada-Kirchmayer)...877
Art. 55 Competence (Eva Souhrada Kirchmayer)... 880
Art. 56 Competence of the lead supervisory authority (Eva Souhrada-Kirchmayer) ...884
Art. 57 Tasks (Eva Souhrada-Kirchmayer) ... 889
Art. 58 Powers (Eva Souhrada-Kirchmayer) ...894
Art. 59 Activity reports (Eva Souhrada-Kirchmayer)...901
Art. 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned (Vagelis Papakonstantinou)...904
Art. 61 Mutual assistance (Vagelis Papakonstantinou)... 915
Art. 62 Joint operations of supervisory authorities (Vagelis Papakonstantinou) ...922
Art. 63 Consistency mechanism (Indra Spiecker gen. Döhmann)...927
Art. 64 Opinion of the Board (Indra Spiecker gen. Döhmann) ...938
Art. 65 Dispute resolution by the Board (Indra Spiecker gen. Döhmann)...959
Art. 66 Urgency procedure (Indra Spiecker gen. Döhmann)... 975
Art. 67 Exchange of information (Indra Spiecker gen. Döhmann) ... 983
Art. 68 European Data Protection Board (Stefanie Schiedermair) ...986
Art. 69 Independence (Stefanie Schiedermair)... 991
Art. 70 Tasks of the Board (Stefanie Schiedermair)... 993
Art. 71 Reports (Stefanie Schiedermair) ... 999
Art. 72 Procedure (Stefanie Schiedermair)... 1000
Art. 73 Chair(Stefanie Schiedermair) ... 1002
Art. 74 Tasks of the Chair (Stefanie Schiedermair) ... 1003
Art. 75 Secretariat (Stefanie Schiedermair)... 1004
Art. 76 Confidentiality (Stefanie Schiedermair) ... 1007
Art. 77 Right to lodge a complaint with a supervisory authority (Olivia Tambou)...1010
Art. 78 Right to an effective judicial remedy against a supervisory authority (Olivia Tambou) ...1017
Art. 79 Right to an effective judicial remedy against a controller or processor (Olivia Tambou) ...1023
Art. 80 Representation of data subjects(Olivia Tambou) ... 1030
Art. 81 Suspension of proceedings (Olivia Tambou)... 1036
Art. 82 Right to compensation and liability (Olivia Tambou)... 1041
Art. 83 General conditions for imposing administrative fines (Olivia Tambou)...1051
Art. 84 Penalties (Olivia Tambou)...1064
Art. 85 Processing and freedom of expression and information (Alexander Dix) ... 1070
Art. 86 Processing and public access to official documents (András Jóri) ... 1086
Art. 87 Processing of the national identification number (Niko Tsakalakis) ... 1090
Art. 88 Processing in the context of employment (Achim Seifert)... 1094
Art. 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Laura Carmichael, Emma Cradock and Sophie-Stalla Bourdillon)...1113
Art. 90 Obligations of secrecy (Christina Pauner)...1122
Art. 91 Existing data protection rules of churches and religious associations (Achim Seifert)...1128
Art. 92 Exercise of the delegation (Stephanie Schiedermair)...1136
Art. 93 Committee procedure (Stephanie Schiedermair) ... 1143
Art. 94 Repeal of Directive 95/46/EC (Gerrit Hornung and Indra Spiecker gen. Döhmann)... 1146
Art. 95 Relationship with Directive 2002/58/EC (Vagelis Papakonstantinou and Paul De Hert)...1150
Art. 96 Relationship with previously concluded Agreements (Stephanie Schiedermair) ... 1155
Art. 97 Commission reports (Stephanie Schiedermair) ...1156
Art. 98 Review of other Union legal acts on data protection (Domingos Farinho) ... 1161
Art. 99 Entry into force and application (Gerrit Hornung and Indra Spiecker gen. Döhmann) ... 1165
For ease of reference, the complete index of book is available at the following link. This resource will facilitate efficient navigation through the content.