THE ROLE OF CODES OF CONDUCT IN THE EU DATA PROTECTION FRAMEWORK

Abstract

The paper presents the legal nature and functions of codes of conduct in EU data protection law. The General Data Protection Regulation (GDPR) contains much more extensive provisions on codes of conduct than previous Directive 95/46/EC, giving them a potentially much more significant role in the EU data protection regime. The GDPR specifies codes of conduct as co-regulatory instruments whose compliance by controllers and processors has significant legal consequences. They are primarily intended to facilitate compliance with the GDPR by controllers and processors from a specific sector or to perform similar processing operations. It is therefore essential to identify the legal nature of the codes of conduct, the legal consequences of adhering to them, and their function in the EU data protection model. The theoretical analysis of EU data protection codes of conduct considers the perspectives of legal and regulatory theory.