The European Union’s General Data Protection Regulation (GDPR) has also been applicable law in the non-EU countries of the European Economic Area Norway, Iceland and Liechtenstein since July 2018. Its goal is to keep pace with technical and economic developments, the flood of data and the global exchange of data. The GDPR is designed to protect individuals with regard to the processing of their data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences, the execution of criminal penalties and the free movement of such data. As a result, the processing of personal data is harmonised across the EU. The new legal framework is also intended to protect citizens’ fundamental rights and promote the (digital) single market.
Following the complete overhaul of the Data Protection Act (DPA) of October 2018 and the Data Protection Ordinance (DPO), Liechtenstein adopts the new legal framework of the EU and replaces the Data Protection Act of 2002. The German Federal Data Protection Act (BDSG), a pioneering data protection law in Europe, served as a template for the overall reform.
The Liechtenstein Data Protection Act of 2002 had implemented the 1995 EU directive: to guarantee the protection of individuals with regard to the processing of personal data and on the free movement of such data. For around 20 years, the Data Protection Directive was the basis for the Europe-wide but fragmented harmonisation of data protection law.
In 2008, Liechtenstein further adjusted its Data Protection Law to the EU Data Protection Directive. In 2009, Liechtenstein established an independent and autonomous Data Protection Unit, as called for by Article 28 of the EU Data Protection Directive. The unit is attached to the Liechtenstein Parliament. Liechtenstein’s data protection had thus attained the level of the EU, as was necessary for Liechtenstein’s access to the Schengen/Dublin agreement at the end of 2011.
In doing so, the Data Protection Unit also keeps an eye on the intersection between security and compliance with fundamental rights. To be sure, a heightened sense of security leads to demands for as well as further developments of security measures. Data retention, facial recognition and video surveillance are just a few such measures implemented by the state. They are meant to increase security, but at the same time they also affect human rights such as privacy.
In November 2008, Liechtenstein also signed the Council of Europe Convention on Cybercrime of 2001 (CCC) and amended its criminal laws accordingly. The Council of Europe Convention on Cybercrime is the first international convention to combat computer and cybercrime. This mainly concerns copyright violations, computer fraud, child pornography and breaches of electronic network security. The primary purpose of the Convention is to pursue a common criminal justice policy for protection against computer-related offences through appropriate legislation and the promotion of international cooperation. Under the Convention, signatory states are required to adapt their legislation to the challenges posed by new information technologies. Liechtenstein made various substantive and procedural adjustments to its national legal system in 2015 in order to implement the Convention in full.
Comments are closed.