EU law article

Article 23 - Restrictions

This page is part of LegalViz.EU, a tool that makes EU legislation easier to read by linking articles, recitals, and related references.

Navigate this law: Law overview · Recitals

Previous article · Next article · Start with Recital 1

Restrictions

1.   Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

  1. (a)
    national security;
  2. (b)
    defence;
  3. (c)
    public security;
  4. (d)
    the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
  5. (e)
    other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
  6. (f)
    the protection of judicial independence and judicial proceedings;
  7. (g)
    the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
  8. (h)
    a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);
  9. (i)
    the protection of the data subject or the rights and freedoms of others;
  10. (j)
    the enforcement of civil law claims.

2.   In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, as to:

  1. (a)
    the purposes of the processing or categories of processing;
  2. (b)
    the categories of personal data;
  3. (c)
    the scope of the restrictions introduced;
  4. (d)
    the safeguards to prevent abuse or unlawful access or transfer;
  5. (e)
    the specification of the controller or categories of controllers;
  6. (f)
    the storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing;
  7. (g)
    the risks to the rights and freedoms of data subjects; and
  8. (h)
    the right of data subjects to be informed about the restriction, unless that may be prejudicial to the purpose of the restriction.