First Floor, Victoria Buildings, 8, Triq l-Għenieq,Naxxar NXR3622, Malta

The pre-GDPR regime – PART III

by Dr Edric Micallef Figallo – Associate

The following is the fourth article in a series of articles delving into the GDPR, intended to give an overview of the main aspects of the provisions it introduced, retained and updated in the data privacy law regime of the European Union, and its legislative implementation in Malta. The previous article may be viewed here.

This article refers to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter “Directive”. Considering that the Directive is no longer in force, further articles in this series will delve directly into the GDPR and its national implementation.

As referred in the previous article, the Directive featured a number of principles which are still central to the GDPR.

The importance of the Directive was that for the first time within the EU, the EU legislature adopted a legislative instrument which provided for greater harmonisation for data privacy law within the bloc. In effect this was, as is often the scenario when dealing with EU legislative instruments, one of the main reasons for the adoption of the Directive. Safeguaring fundamental rights, “notably the right to privacy”, furthering common market integration and a level legislative playing field for socio-economic operators was deemed politically necessary, and this is inter alia evidenced by recitals (7) and (8) of the Directive which read:

“(7) Whereas the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, with regard to the processing of personal data afforded in the Member States may prevent the transmission of such data from the territory of one Member State to that of another Member State; whereas this difference may therefore constitute an obstacle to the pursuit of a number of economic activities at Community level, distort competition and impede authorities in the discharge of their responsibilities under Community law; whereas this difference in levels of protection is due to the existence of a wide variety of national laws, regulations and administrative provisions;

(8) Whereas, in order to remove the obstacles to flows of personal data, the level of protection of the rights and freedoms of individuals with regard to the processing of such data must be equivalent in all Member States; whereas this objective is vital to the internal market but cannot be achieved by the Member States alone, especially in view of the scale of the divergences which currently exist between the relevant laws in the Member States and the need to coordinate the laws of the Member States so as to ensure that the cross-border flow of personal data is regulated in a consistent manner that is in keeping with the objective of the internal market as provided for in Article 7a of the Treaty; whereas Community action to approximate those laws is therefore needed;”

Writing constraints limit the possibility of delving directly and specifically in the Directive, and considering it was in fact repealed by the GDPR and is no longer in force, this will be avoided.


In conclusion, the article refers to the Directive dated 1995. This Directive was repealed through Article 94 of the GDPR with effect from the 28th May 1998, and as standard in such legislative scenarios the same Article 94 provided for transitory provisions to ensure the legitimacy of ongoing activities and avoid seismic shocks to what are activities essential for socio-economic activity.

Importantly, “References to the Working Party on the Protection of Individuals with regard to the Processing of Personal Data established by Article 29 of” the Directive are to be interpreted as references to the new European Data Protection Board established by the GDPR. Both entities and their work are important, as the latter board adopted various documents of the former as its own.

The Directive was the first EU-wide instrument having a legally binding nature on the Member States, much of its content was taken up in the GDPR and this will be referenced in the coming articles in this series, which will focus on the GDPR as the prevailing law.

Disclaimer: This article is not to be considered as legal advice, and is not to be acted on as such. Should you require further information or legal assistance, please do not hesitate to contact Dr Edric Micallef Figallo on