The legal reference is the "Regulation (EC) 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data".
You can also view an indexed version of Regulation (EC) No.45/2001.
The Commission adopted on 3 June 2008 further implementing rules of regulation 45/2001. They deal mainly with the duties of the Data Protection Officer, the investigation procedure and the role of the data protection coordinators in the DGs. They will be published in the Official Journal soon.
Draft Consolidated version of EC and EU Treaties as in force from 1st November
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce')
Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) COMMENT: Before 31 October 2003 Member States shall bring into force the provisions necessary to comply with Directive 2002/58/EC. Directive 97/66/EC is repealed with effect from that date.
Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the protection of consumers in respect of distance contracts
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures
Council Regulation (EC) No 2533/98 of 23 November 1998 concerning the collection of statistical information by the European Central Bank
Council Regulation (Euratom, EEC) No 1588/90 of 11 June 1990 on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities
Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents
As Regulation 1049/2001 is not applicable to the Court of Auditors, the Court took the following decision applicable as from 1st March 1997.
Decision No 18/97 laying down internal rules for the treatment of applications for access to documents held by the Court
Council Regulation (EEC, Euratom) No 354/83 of 1 February 1983 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community
Council Regulation (EC, Euratom) No 1700/2003 of 22 September 2003 amending Regulation (EEC, Euratom) No 354/83 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community
2001/844/EC,ECSC,Euratom: Commission Decision of 29 November 2001 amending its internal Rules of Procedure (notified under document number C(2001) 3031)
Staff Regulations of Officials of the European Communities
Commission Decision to create the post of Data Protection Officer for the Commission
Commission Decision on the conduct of administrative inquiries and disciplinary proceedings
Manual for handling classified information in Commission documents (180302)
How to apply the Commission's new Security Rules
Council regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters CORRIGENDUM TO:
Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and co-operation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention
Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention
The Schengen acquis - Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders PRATICAL COMMENTS: - The Schengen acquis agreement itself does not have any reference to data protection; these references are in the Convention implementing the Schengen agreement. - A separate agreement exists for the accession of each member country implementing the Schengen agreement.
Council Decision of 17 October 2000 establishing a secretariat for the joint supervisory data-protection bodies set up by the Convention on the Establishment of a European Police Office (Europol Convention), the Convention on the Use of Information Technology for Customs Purposes and the Convention implementing the Schengen Agreement on the gradual abolition of checks at the common borders (Schengen Convention)
1999/468/EC: Council Decision of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission
Decision No 12/05 of 10 March 2005 concerning the conditions, limits and procedures applicable to access by the public to European Court of Auditors documents
Decision no 11/12 of 1st February 2012 adopting implementation rules concerning the Data Protection officer pursuant to Article 24.8 of regulation (EC) 45/2001
