EU Data Protection

LLM EU Integration Notes

Notes

Table of Contents

Introduction 3

Preliminary Considerations 3

Conceptual Issues 3

Warren and Brandeis 3

European Conception 3

Simitis 4

Overview of Data Protection Law 4

Introduction to The Directive 4

Directive 95/46 5

Privacy and Data Protection 5

Data Protection in EU Law 6

Introduction 6

EU Law Issues 6

Article 95 and the Treaty of Amsterdam 6

Direct Effect 6

The Lisbon Treaty 6

Case Law 7

Fundamental Rights and Data Protection 8

European Convention on Human Rights 8

CFR 8

The Revision of the EU Legal Framework 9

The Data Protection Regulation 9

Consent 9

Right to be Forgotten 9

Data Portability and Access 9

Introduction

Preliminary Considerations

The protection will resist civil law import into the UK, though protection of privacy has a long history. As a result, it’s a bit of a transplant, which can cause problems when attempting to apply the law to novel situations. In the UK, we have a 1998 act implementing directive 95/46, but we will focus on EU law with only a small comparative perspective. However it is important to note that this is a directive, and therefore will be implemented slightly differently in each member state.

Conceptual Issues

Warren and Brandeis

Warren and Brandeis’s article on the protection of privacy is very well known, important, foundational, and influential. Some argue it might be the most influential legal article ever written. It is important with respect to the distinction between privacy and data protection. Data protection in the UK is somewhat of a misnomer, and it’s in fact about protecting individuals and their interests, not the data itself. Privacy has got mixed up in this. While there is overlap, and they may be the same in some areas, they are very different in others, and it’s important not to use these terms too loosely and interchangeably.

The article shows of the technological dependence of this area of the la. Six years before the article, instant photography was invented. For the first time, you could take a photo of someone, or something, without anyone noticing or knowing. This could be compared to the minutes of posing required up to this point. Also, this was written in the era when yellow journalism was first coming to the fore. Tabloids were springing up, so this issue was very current. There was no right to privacy in the US Constitution, which we can contrast with the EU, but the courts, through the common law, had used some provisions to create these rights. The regime covers everyone, but the American provisions are not as broad, and focus mainly on the public sphere. There is no constitutional basis to bring an action against a private actor.

Warren and Brandeis show how an interpretation of the law does lead to a right to privacy. They draw on French and British cases to support these principles. The role is not about property, they argue, as such, more of a subset, rather, which is about “personality" (though not in the Continental sense). The reason for this has many routes: the Freedom of Speech is a very high (close to absolute) value in the USA, and the Supreme Court has found in favour of Freedom of Speech in many privacy cases. There is no constitutional duty on the state to protect any private parties, moreover, so this makes privacy harder to enforce.

There is a very famous case in US law concerning whether phone tapping is covered by the fourth Amendment. Brandeis said of course it did. This was a dissenting opinion at the time, but was later adopted, and has been used as the basis for a judgement.

European Conception

The background of the directive in order to better understand it. The ridges in a German case on privacy, which is documented in Hornung and Schnabel. The important thing to remember is that the EU and the USA have totally different starting points; they are quite incommensurable. While the EU starts from the starting point of privacy, the United States starts with a presumption in favour of freedom of speech.

A population centres in Germany was implicated in a battle to privacy. The German Constitutional Court held that because the data was to be used to correct registers from and could be used to create an atmosphere of surveillance (note that this is in the aftermath of the Nazi and Stasi regime), this is unacceptable. Informational self-determination is different to the right to be left alone, and it's important for people to be allowed to engage meaningfully in society. If people are worried about being watched or being put under surveillance, they will be unable to act meaningfully in discourse, and prevented from becoming a member of the polity.

Importantly, data protection is a relative right. Often it needs to be balanced against other rights, such as freedom of speech, or protection of society. However discretion is unacceptable; there needs to be a legislative basis to each of these rights, and in the way that they are balanced. Profiling especially is very restricted, but this is economic lucrative, and very useful. In this situation, the economic and legal imperatives are at odds with each other. There is a Kantian approach to the court's thinking. This is very continental, and rarely seen in common law.

There are also barriers to data sharing between government agencies. Post 9/11, it was discovered that some people had slipped through the net because of these barriers. While we obviously don't want this to happen, there is clearly a tension with data protection law, and it is up to the courts to resolve this tension.

Intel

There are serial numbers on many computer chips, though these could not be used in surveillance under the status quo.

Because there was a risk that these could be used in the future, it was important that they complied with data protection regulations.

Simitis

The Whitman article is now classic, entertaining but controversial. It is a good piece of comparative scholarship it argues that the common law is about...

Buy the full version of these notes or essay plans and more in our EU Integration Law Notes.