L 119/2
EN
Official Journal of the European Union
4.5.2016
(4)
The processing of personal data should be designed to serve mankind. The right to the protection of personal
data is not an absolute right; it must be considered in relation to its function in society and be balanced against
other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all
fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the
Treaties, in particular the respect for private and family life, home and communications, the protection of
personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to
conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic
diversity.
(5)
The economic and social integration resulting from the functioning of the internal market has led to a substantial
increase in cross-border flows of personal data. The exchange of personal data between public and private actors,
including natural persons, associations and undertakings across the Union has increased. National authorities in
the Member States are being called upon by Union law to cooperate and exchange personal data so as to be able
to perform their duties or carry out tasks on behalf of an authority in another Member State.
(6)
Rapid technological developments and globalisation have brought new challenges for the protection of personal
data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both
private companies and public authorities to make use of personal data on an unprecedented scale in order to
pursue their activities. Natural persons increasingly make personal information available publicly and globally.
Technology has transformed both the economy and social life, and should further facilitate the free flow of
personal data within the Union and the transfer to third countries and international organisations, while ensuring
a high level of the protection of personal data.
(7)
Those developments require a strong and more coherent data protection framework in the Union, backed by
strong enforcement, given the importance of creating the trust that will allow the digital economy to develop
across the internal market. Natural persons should have control of their own personal data. Legal and practical
certainty for natural persons, economic operators and public authorities should be enhanced.
(8)
Where this Regulation provides for specifications or restrictions of its rules by Member State law, Member States
may, as far as necessary for coherence and for making the national provisions comprehensible to the persons to
whom they apply, incorporate elements of this Regulation into their national law.
(9)
The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the
implementation of data protection across the Union, legal uncertainty or a widespread public perception that
there are significant risks to the protection of natural persons, in particular with regard to online activity.
Differences in the level of protection of the rights and freedoms of natural persons, in particular the right to the
protection of personal data, with regard to the processing of personal data in the Member States may prevent the
free flow of personal data throughout the Union. Those differences may therefore constitute an obstacle to the
pursuit of economic activities at the level of the Union, distort competition and impede authorities in the
discharge of their responsibilities under Union law. Such a difference in levels of protection is due to the
existence of differences in the implementation and application of Directive 95/46/EC.
(10)
In order to ensure a consistent and high level of protection of natural persons and to remove the obstacles to
flows of personal data within the Union, the level of protection of the rights and freedoms of natural persons
with regard to the processing of such data should be equivalent in all Member States. Consistent and
homogenous application of the rules for the protection of the fundamental rights and freedoms of natural
persons with regard to the processing of personal data should be ensured throughout the Union. Regarding the
processing of personal data for compliance with a legal obligation, for the performance of a task carried out in
the public interest or in the exercise of official authority vested in the controller, Member States should be
allowed to maintain or introduce national provisions to further specify the application of the rules of this
Regulation. In conjunction with the general and horizontal law on data protection implementing Directive
95/46/EC, Member States have several sector-specific laws in areas that need more specific provisions. This
Regulation also provides a margin of manoeuvre for Member States to specify its rules, including for the
processing of special categories of personal data (‘sensitive data’). To that extent, this Regulation does not exclude
Member State law that sets out the circumstances for specific processing situations, including determining more
precisely the conditions under which the processing of personal data is lawful.