Data protection law is more than ever undergoing a radical change. The introduction of the EU’s General Data Protection Regulation (GDPR) and the continuous development of new technologies raise countless questions. If you want to stay informed about the latest discussions, trends and judgements, you need high-quality and up-to-date sources. The European Data Protection Law Review (EDPL) aims to meet this need. A review.

Reviewed edition: European Data Protection Law Review 1/2017 (lexxion), edited by Bart van der Sloot

Structure and Content

The sections of the journal are preceded by an editorial and several forewords. It is a noticeable plus that these do not stop at the usual thankfulnesses and announcements, but enter the discussion straightaway. The editorial contains a fundamental critique of the concept of balancing of interests, which is omnipresent in the application of data protection law. The refreshing openness to question the fundamentals also runs through the remaining articles.

The forewords, articles and reports are written by international experts and selected VIPs from the data protection scene. For example, in line with the theme of issue 1/2017 – Big Data – the long-time NSA analyst and whistleblower William Binney gives an insight into his methods of Big Data analysis. Paul de Hert‘s foreword is in no way inferior to the subsequent academic contributions. It calls for clear laws (bright line rules) and criticises the ECJ for not giving the Member States any leeway for such clear legislation.

The articles section is the academic heart of the journal. Ugo Pagallo uses Big Data’s challenges as an example to highlight the importance of secondary rules in the sense of H. L. A. Hart under the General Data Protection Regulation. The way in which legal philosophical classics are made fruitful for the very concrete questions of the new data protection law is magnificent. Marc Rotenberg, in a contribution entitled “Urgent Mandate, Unhurried Response”, is critical of the work of the UN Special Rapporteur on privacy, who has been appointed under the influence of the Snowden revelations. Rotenberg demonstrates convincingly that the rapporteur has a great deal of work to do if he is to achieve the tasks he has been given. Abu Bakar Muni, Siti Hajar Mohd Yasin and Siti Sarah Abu Bakar conclude the articles section with an obituary to the UK Data Retention Act DRIPA, which was declared illegal by the European Court of Justice in December 2016, and an outlook on the future of retention of communication data.

The reports section is a highlight for anyone who wants to look beyond the German horizon and inform themselves concisely about the main developments in European data protection. The two-page to five-page reports provide concise knowledge and critical commentary on current topics:

  • Big Data Guidelines of the Council of Europe Group of Experts on Data Protection (Alessandro Mantelero)
  • Working Paper 244 of the Art. 29 Group (Sandra Schmitz)
  • Status of DSGVO implementation in Germany (Dominic Broy)
  • Deployment of body cams by the German police (Dennis-Kenji Kipker)
  • Investigatory Powers Act 2016 (Lorna Woods)
  • CG v Facebook (Lorna Woods)
  • Privacy Shield under Trump (Alan Butler)
  • The Data Protection Officer according to the DSGVO (Miguel Recio)
  • Right to data portability (Lucio Scudiero)

Landmark judgments are discussed in the subsequent case notes. In issue 1/2017, Tijmen Wisman discusses in detail the ECJ’s decision to store IP addresses in the Breyer v Federal Republic of Germany case (C-582/14). All relevant aspects of the judgement are be examined and the significance for the practice of the website operators is explained. Finally, the magazine is rounded off by reviews of international novelties in the field of data protection and data protection law.


The harmonisation of the law by the GDPR will inevitably – and fortunately – lead to a europeanisation and globalisation of the debates on data protection. On the one hand, the GDPR as a European legislative act requires an autonomous interpretation, to be uniformly applied accross the EU. The details of this interpretation will emerge from a grand debate among academics and practitioners all over Europe. On the other hand, it is important to learn from best practices and to take advantage of the competition in the EU’s federal approach.

The EDPL fills a painful gap in this respect, which has so far been inadequately addressed. It will facilitate a European debate on data protection at a high level and foster mutual learning. The selection and breadth of the topics and the quality standard applied are convincing. EDPL magazine is recommended for anyone interested in the background and ongoing developments of European data protection law. With regard to the GDPR, it is also highly relevant for data protection practitioners working “only” throughout Germany.