![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
The entry into force of the EU Charter of Fundamental Rights and the ensuing introduction of the right to data protection as a new fundamental right in the legal order of the EU has raised some challenges. This article is an attempt to bring clarity on some of these questions. We will therefore try to address the issue of the place of the right to the protection of personal data within the global architecture of the Charter, but also the relationship between this new fundamental right and the already existing instruments. In doing so, we will analyse the most pertinent case law of the Court of Luxembourg, only to find out that it creates more confusion than clarity. The lesson we draw from this overview is that the reasoning of the Court is permeated by a ‘privacy thinking’, which consists not only in overly linking the rights to privacy and data protection, but also in applying the modus operandi of the former to the latter (which are different we contend). The same flawed reasoning seems to be at work in the EU Charter of Fundamental Rights. Therefore, it is crucial that the different modi operandi be acknowledged, and that any upcoming data protection instrument is accurately framed in relation with Article 8 of the Charter.
Keywords:
Notes
Despite the fact that Article 8 of the European Convention to Human Rights does not refer to a right to ‘privacy’, but to a right ‘to respect for private life’, European provisions on the protection of personal data have traditionally and consistently referred to it using such expression (see in this sense, for instance, Art. 1 of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, 28 January 1981, European Treaty Series No. 108).
Directive 95/46/EC of the European Parliament and Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities L 281, 23 November 1995, 31–50.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal of the European Communities L 201, 31 July 2002, 37–47.
Directive 2002/58/EC, Recital 2.
‘Explanations relating to the Charter of Fundamental Rights’, Official Journal of the European Union C 303, 14 December 2007, 17–35; for the section on Article 8 of the Charter, see p. 20.
Regulation (EC) No 45/2001of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, Official Journal of the European Communities L 8, 12 January 2001, 1–22.
Yet, in Bavarian Lager, which concerned a conflict between the right to data protection and the right to access to public document, the ECJ seemed to make a clear distinction between the right to private life and the right to the protection of personal data, by stating that: ‘According to Article 1(1) of Regulation No 45/2001, the purpose of that regulation is to “protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data”. That provision does not allow cases of processing of personal data to be separated into two categories [emphasis added], namely a category in which that treatment is examined solely on the basis of Article 8 of the ECHR and the case-law of the European Court of Human Rights relating to that article and another category in which that processing is subject to the provisions of Regulation No 45/2001’, C-28/08 P, Bavarian Lager, 29 June 2010, § 61.
Opinion of Advocate-General Ruiz Jarabo Colomer, delivered on 22 December 2008 for Case C-553/07, College van burgemeester en wethouders van Rotterdam v M.E.E. Rijkeboer.
See also Article 1 of the Data Protection Directive:
1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data. | |||||
2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1. | |||||
See also Recital 3 of the same Directive: ‘Whereas the establishment and functioning of an internal market in which, in accordance with Article 7a of the Treaty, the free movement of goods, persons, services and capital is ensured require not only that personal data should be able to flow freely from one Member State to another, but also that the fundamental rights of individuals should be safeguarded.’ | |||||
On the construction of personal data protection as a sui generis right in different Member States of the EU, see: Korff, Douwe. 2002. Comparative summary of national laws. European Commission Study On Implementation of Data Protection Directive (Study Contract ETD/2001/B5-3001/A/49).
The Eifert and Deutsche Telekom judgments are particularly illustrative of this issue.
Berlin, Isaiah. 1969. Four essays on liberty. Oxford: Oxford University Press.
We mentioned the right to private life, freedoms of thought, of expression, of assembly, etc. However, other rights do not contain such a second paragraph, e.g. the right to a fair trial, the right not to be punished without a law, or of course the right not to be discriminated against.
For a reflexion on the applicability of article 52(1) to the right to equality, see Peers, S. 2011. The EU Charter of rights and the right to equality. ERA Forum 11: 571–584.
European Commission. 2010. Communication to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions: A comprehensive approach on personal data protection in the European Union, COM(2010) 609 final, 4 November 2010, Brussels.