Data Protection in EU Law After Lisbon: Challenges, Developments, and Limitations

2.1 The Lisbon Treaty and Constitutional Developments in the EU

In 2004, two failed referendums in France and the Netherlands marked the early end of the ambitious EU Constitutional Treaty (or the Treaty establishing a Constitution for Europe). Not very long after this, the Lisbon Treaty was signed on December 13, 2007 and entered into force on December 1^st 2009. The Lisbon Treaty was presented by its authors –the EU Member States- as an amending Treaty of the founding Treaties of the EU that aimed to introduce only an ‘incremental change’ (Cremona, 2012, p. 40) and not the complete new legal framework that the Constitutional Treaty proposed. However, the Lisbon Treaty represents an important new departure for the EU (Berman, 2012, p. 3) and marked a new era for the EU constitutional and human rights framework in general and the right to data protection in particular.

The pre-Lisbon EU constitutional framework was built-up on the so-called three –pillar system: the first encompassed the European Community (EC) Treaty and Euratom (and formerly the Coal and Steel Community); the second the provisions on Common Foreign and Security Policy (CFSP); and the third the provisions on Police and Judicial Cooperation in Criminal Matters (PJC). The pillar structure was considered very problematic as the different pillars were comprised of different rules concerning institutions, decision-making instruments and procedures, decision-making powers, judiciary competences and the protection of human rights and fundamental freedoms (Dougan, 2007, p. 617). The Lisbon Treaty abolished the pillar system of the EU. It amended the Treaty on the European Union (TEU) and the EC Treaty by renaming the latter the Treaty on the Functioning of the EU (TFEU). Essentially, the provisions of the former first and third pillars are now found in the TFEU, while the ‘distinctive’ rules relating to the CFSP are found in the TEU. These amendments have major implications for the right to data protection that will be discussed in detail below.

At this point before the analysis moves on to discuss data protection in the post-Lisbon era, one further major development introduced by the Lisbon Treaty should be mentioned. The EU Charter of Fundamental Rights (EUCFR) was given legal force by the Lisbon Treaty and is now incorporated into European constitutional law (Anderson & Murphy, 2012, p. 155). The Charter, which constitutes the EU’s own written bill of rights, enjoys now the same legal value as the Treaties. In fact, the Lisbon Treaty recognizes in Article 6 TEU three formal sources for EU human rights law: the first is the EUCFR, the second is the accession of the EU to the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR), and the third is the protection of fundamental rights as ‘general principles of EU law’ that have been developed by the European Court of Justice (ECJ) (now: Court of Justice of the EU (CJEU) over the years.