Online Module: The Holocaust and Fundamental Rights

Doc. 10: Handbook on European Data Protection Law

Content-Author Profile / Contact

Content-Author: Nadja

You have to be logged in to view the profile
and to contact the author.

Click here to register


The handbook on European data protection law was jointly prepared by the European Union Agency for Fundamental Rights (FRA) and the Council of Europe together with the Registry of the European Court of Human Rights in 2014. The aim of this handbook is to raise awareness and improve knowledge of data protection rules in European Union and Council of Europe member-states by serving as the main point of reference to which readers can turn. It is designed for non-specialist legal professionals, judges, national data protection authorities and other persons working in the field of data protection.

Download (PDF, Powerpoint, Documents, ...)

Chapter 4 .1. 2: Lawful processing of sensitive data

CoE law leaves it to domestic law to lay down appropriate protection for using sensitive data, while EU law, in Article 8 of the Data Protection Directive, contains a detailed regime for processing categories of data that reveal: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information on health or sex life. The processing of sensitive data is prohibited in principle. There is, however, an exhaustive list of enumerated exemptions to this prohibition, which can be found in Article 8 (2) and (3) of the directive. These exemptions include explicit consent of the data subject, vital interests of the data subject, legitimate interests of others and public interest.

Unlike in the case of processing non-sensitive data, a contractual relationship with the data subject is not viewed as a general basis for the legitimate processing of sensitive data. Therefore, if sensitive data are to be processed in the context of a contract with the data subject, use of these data requires the data subject’s separate explicit consent, in addition to agreeing to enter into the contract. An explicit request by the data subject for goods or services which necessarily reveal sensitive data should, however, be considered to be as good as explicit consent.


Add comment

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.