Georgetown Law
Georgetown Law Library

International and Foreign Cyberspace Law Research Guide

This guide covers resources on cyberspace law where issues encompass the Internet, cybercrime, privacy and ecommerce. Cyberspace law can incorporate aspects of comparative, international and foreign law

European Union Primary Legal Materials

The EU has been a pioneer in the fields of data protection and online privacy, having first enacted legislation more than 20 years ago.  It recently completed a major reform of its data protection framework, which is intended to enhance protections for individuals, provide a single set of harmonized rules for businesses, and simplify procedures for transferring data outside the EU.

Current EU Data Protection & Privacy Legislation

Listed below are some of the most important pieces of EU legislation on data protection and privacy currently in force.

Prior EU Legislation No Longer in Force

The following legislation is no longer in force, but it may be of interest for historical research.

Explanatory Notes on EU Legislation

For those unfamiliar with the different types of EU legislation, the following definitions are provided:

  • A Regulation is a binding legislative act of general application that must be complied with upon entry into force by each member state.  It supersedes any conflicting national laws.
  • A Directive is binding legislative act of general application that establishes a goal or objective.  Member states must enact legislation to implement a directive by a specified date, a process known as "transposition."
  • A Decision is a legislative act issued by the Council of the EU or by the European Commission that is binding only those governments, companies or individuals to whom it is addressed.

EU Charter of Fundamental Rights

The Charter of Fundamental Rights enshrines within a single document the political, social, and economic rights protected by the EU.  It applies to both the EU, as an institution, and to its members states when they implement EU law.  EU courts are empowered to strike down legislation and official actions that are inconsistent with the Charter.

The full text of the Charter is available for download in PDF format.  Relevant provisions of the Charter include Article 7 (respect for private and family life), Article 8 (protection of personal data), and Article 11 (freedom of expression and information).

EU Case Law

EU courts are generating a growing body of case law involving privacy and data protection, most notably the judgment in Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, also known as the "right to be forgotten" case. 

To search by keyword for EU case law on privacy and data security, use the EUR-Lex database's Advanced Search form and select "Case-Law" from the Collection menu in the center of the page to limit your search to cases.  Searchable databases of EU case law also are available on Lexis and Westlaw.

Additional Resources on EU Data Protection

Secondary Sources on EU Data Protection & Privacy Law