The EU data protection reform and the (forgotten) use of criminal sanctions

Research output: Contribution to journalArticleScientificpeer-review

1 Citation (Scopus)


The proposed data protection regulation2 includes mention of the use of criminal and administrative sanctions. Both were possible in EU data protection law but, after the reform, the use of administrative sanctions will become mandatory. With regard to criminal sanctions to address data protection wrongs, nothing changes: member states can choose to create them or not.

Why is the new EU, with its enhanced post-Lisbon powers, so timid and '1995-ish' with regard to criminal law? How is it possible that, to reform a set of rules created by a directive, a regulation is chosen with the aim of harmonising just about everything in EU data protection law, but not the chapter on sanctions and enforcement?

This contribution lists some explanatory factors and reflects on future regulatory choices in member states.
Original languageEnglish
Pages (from-to)262
Number of pages268
JournalInternational Data Privacy Law
Issue number4
Publication statusPublished - 2014


  • data protection


Dive into the research topics of 'The EU data protection reform and the (forgotten) use of criminal sanctions'. Together they form a unique fingerprint.

Cite this