Abstract
This chapter presents an exploratory perspective on data protection authorities (DPAs) in the European Union, drawing on classical theories of regulation such as the concept of the regulatory state and independent regulatory agencies (IRAs). After discussing the most important aspects of theoretical and methodological approaches, the author moves on to the set up of DPAs, applying essential features of IRAs such as the concept of independence and accountability to the analysis of DPAs. In particular, the independence of DPAs seems to be challenged since not only the governments themselves but also private businesses have a genuine interest in preventing strict and effective regulation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Data protection authority refers in the following text to the term of supervisory authority, stipulated in the Directive 95/46/EC.
- 2.
Since the dissertation project is in its theoretical conceptualisation phase, this work attempts to explore and discuss new theoretical and methodological approaches to the analysis of DPAs rather than to present substantial empirical results. This is also reflected in the structure of the chapter.
- 3.
Of course, there are additionally numerous data protection commissioners and officers in private companies and governmental organisations working together with DPAs on the international, national and federal level. However, they will not be part of the analysis in this work.
- 4.
Regulation refers in the following to “the development and application of rules (e.g. laws, directives, guidelines, standards, codes of conduct etc.) directed at specific target populations, and the—public as well as private—rule-makers involved.” Moreover, this work mainly focuses on public regulation, i.e. regulation by the state, neglecting, for example, self-regulation approaches.
- 5.
In this context Levi-Faur coined the even more appropriate term “state-centred multi-level governance”.
- 6.
This contribution solely deals with IRAs/DPAs on the national level, although the international, and particularly the EU level, would be interesting to look at as well.
- 7.
However, due to the relative newness of the attempt to apply the theoretical concept of IRAs to the analysis of DPAs this work will mainly concentrate on the feature of independence and accountability. Principles such as transparency and also integrity will mostly be neglected, although they comprise crucial elements of a good governance model, which will be subject to a more comprehensive assessment within the dissertation project.
- 8.
As an example, the indicator “term of office” can have six different parameters: “Over 8 years”, “6–8 years”, “5 years”, “4 years”, “fixed term under 4 years or at the discretion of the appointer”, and eventually “no fixed term”. Each parameter is assigned a value evenly spread between 1 (= complete independent) and 0 (= not independent). Since there are six parameters, the assigned values are accordingly: 1, 0.8, 0.6, 0.4, 0.2, 0.
- 9.
The fifth function refers to accountability in cases of tragedies or fiascos, which is less important in regards to the topic of this contribution and will therefore be neglected.
- 10.
As seen in the preceding paragraphs, the concepts of transparency as well as integrity permeate the accountability principle. Whereas the first is an important driver to enforce accountability, the latter serves as a guarantor of legitimacy and credibility. As mentioned before, however, transparency and integrity are mainly left out of the analysis due to the focus on independence and accountability.
- 11.
However, these formal provisions of the EU Data Protection Directive do not mean that national DPAs are actually endowed with the same powers and tasks. As already mentioned, Member States are granted some latitude in the transposition of EU law into national legislation, which often results in quite a different legal set up of DPAs.
- 12.
Furthermore, DPAs are traditionally closely linked to certain ministries.
- 13.
Even though “complete independence” is the term used in the EU Directive, there is no institution, organisation or individual who can claim to be complete independent. However, the wording refers to the increased relevance the European Union put into the autonomous status of DPAs.
- 14.
As already pointed out in Sect. 3.1.1, it is important to consider the difference between the formal and informal dimension of independence. This work will only focus on legally stipulated independence features of DPAs.
- 15.
The FfDF in Germany represents not only the head of the national DPA but also the institution itself. DPA officials are directly working for him.
- 16.
Although specific DPAs of the Länder will be scrutinised more thoroughly within the dissertation project, this work will not deal with the regional level in more detail.
- 17.
Yet, in cases of serious misdemeanours DPAs are, of course, subject to statutory supervision by the executive, legislative or judiciary.
- 18.
In order to obtain additional democratic legitimacy, the German Bundestag elects the FfDF at the suggestion of the Federal Government, following an amendment to the Federal Data Protection Act in 1990.
References
Bennett, C. 1992. Regulating privacy: Data protection and public policy in Europe and the United States. Ithaca: Cornell University Press.
Bennett, C., and C. Raab. 2006. The governance of privacy: Policy instruments in global perspective. Cambridge: MIT Press.
Bibow, J. 2004. Reflections on the current fashion for central bank independence. Cambridge Journal of Economics 28 (4): 549–576.
Bovens, M. 2005. Public accountability. In The Oxford handbook of public management, eds. Ewan Ferlie, Laurence E. Lynn and Christopher Pollitt, 182–208. Oxford: Oxford University Press.
Caporaso, J. A. 1996. The European Union and forms of state: Westphalian, regulatory or post modern? JCMS: Journal of Common Market Studies 34 (1): 29–52.
Cukierman, A., S. B. Web, and B. Neyapti. 1992. Measuring the independence of central banks and its effect on policy outcomes. The World Bank Economic Review 6 (3): 353–398.
Dammann, Ulrich. 2011. Bundesbeauftragter für den Datenschutz und die Informationsfreiheit. In Bundesdatenschutzgesetz—Kommentar, ed. S. Simitis. Baden-Baden: Nomos.
Eberlein, B., and E. Grande. 2005. Beyond delegation: Transnational regulatory regimes and the EU regulatory state. Journal of European Public Policy 12 (1): 89–112.
Eijffinger, S. C., M. M. Hoeberichts, and E. Schaling. 2000. A theory of central bank accountability. CEPR Discussion Paper.
EU Directive. 1995. Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities L 281.
EU Report. 2009. Executive summary of the final draft of the comparative legal study on assessment of data protection measures and relevant institutions. In Report: Fundamental Rights Agency (FRA) of the European Union.
Federal Data Protection Act, Germany, 2009. 1990.
Gilardi, F. 2002. Policy credibility and delegation to independent regulatory agencies: A comparative empirical analysis. Journal of European Public Policy 9 (6): 873–893.
Gilardi, F. 2005. Evaluating independent regulators. Paper presented at the organization for economic cooperation and development, designing independent and accountable: Regulatory authorities for high quality regulation, working party on regulatory management and reform, proceedings of an expert meeting, London, United Kingdom.
Gutwirth, S. 2002. Privacy and the information age. New York: Rowman & Littlefield.
Hamilton, A., J. Madison, J. Jay, and L. Goldman. 2008. The federalist papers. USA: Oxford University Press.
Hessian Data Protection Act, Hesse (Germany). 1970.
Hood, C. 1999. Regulation inside government: Waste watchers, quality police, and sleaze-busters. USA: Oxford University Press.
Hooghe, L., and G. Marks. 2001. Multi-level governance and European integration. Lanham: Rowman & Littlefield.
Hustinx, P. 2009. The role of data protection authorities, eds. Serge Gutwirth, Yves Poullet, Paul Hert, Cécile Terwangne and Sjaak Nouwt, 131–137. Netherlands: Springer.
Judgment of the Court (Grand Chamber) of 9 March 2010. 2010. European Commission v Federal Republic of Germany. Failure of a member state to fulfil obligations—Directive 95/46/EC—Protection of individuals with regard to the processing of personal data and the free movement of such data—Article 28(1)—National supervisory authorities—Independence—Administrative scrutiny of those authorities. Case C-518/07.
Kemp, J. 2011. The slow death of the regulatory state. http://blogs.reuters.com/great-debate/2010/06/04/the-slow-death-of-the-regulatory-state/. Accessed 3 Aug 2011.
Korff, D., and I. Brown. 2010. Final report: comparative study on different approaches to privacy challenges, in particular in the light of technological developments. European commission—directorate-general justice, freedom and security.
Levi-Faur, D. 1999. The governance of competition: the interplay of technology, economics, and politics in European Union electricity and telecom regimes. Journal of Public Policy 19 (2): 175–207.
Maggetti, M. 2010. Legitimacy and accountability of independent regulatory agencies: A critical review. Living Reviews in Democracy 2:1–9.
Majone, G. 1994. The rise of the regulatory state in Europe. West European Politics 17 (3): 77–101.
Majone, G. 1996. Regulating Europe. London: Routledge.
Majone, G. 1997. From the positive to the regulatory state: Causes and consequences of changes in the mode of governance. Journal of Public Policy 17 (2): 139–167.
Mayer-Schönberger, V. 1997. Generational development of data protection in Europe. In Technology and privacy: The new landscape, eds. Philip Agre and Marc Rotenberg, 219–241. Cambridge: MIT Press.
Mayntz, R. 2009. The changing governance of large technical infrastructure systems. In Über governance: institutionen und prozesse politischer regelung, ed. Renate Mayntz, 121–150. Frankfurt: Campus.
Meier, K. J., and J. Bohte. 2006. Politics and the bureaucracy: Policymaking in the fourth branch of government. Belmont: Wadsworth.
Quintyn, M. 2009. Independent agencies: More than a cheap copy of independent central banks? Constitutional Political Economy 20 (3): 267–295.
Quintyn, M., and M. W. Taylor. 2007. Robust regulators and their political masters: Independence and accountability in theory. In Designing financial supervision institutions: Independence, accountability and governance, eds. D. Masciandaro and M. Quintyn, 3–40. Cheltenham: Elgar.
Quintyn, M., E. Huepkes, and M. Taylor. 2005. The accountability of financial sector supervisors: Principles and practice. IMF Working Paper.
Simitis, S. 1994. From the market to the polis: The EU directive on the protection of personal data. Iowa Law Review 80:445–469.
Thatcher, M. 1998. Institutions, regulation, and change: New regulatory agencies in the British privatised utilities. West European Politics 21 (1): 120–147.
Thatcher, M. 2002. Regulation after delegation: Independent regulatory agencies in Europe. Journal of European Public Policy 9 (6): 954–972.
Tocqueville, Alexis de. 2000. Democracy in America, vol. 1. New York: Bantam Books.
Vogel, S. 1996. Freer markets, more rules: Regulatory reform in advanced industrial countries. Ithaca: Cornell University Press.
Wilks, S., and I. Bartle. 2002. The unanticipated consequences of creating independent competition agencies. West European Politics 25 (1): 148–172.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Schütz, P. (2012). The Set Up of Data Protection Authorities as a New Regulatory Approach. In: Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (eds) European Data Protection: In Good Health?. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2903-2_7
Download citation
DOI: https://doi.org/10.1007/978-94-007-2903-2_7
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2902-5
Online ISBN: 978-94-007-2903-2
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)