Abstract
The topic of data protection regulation has been constantly gaining considerable attention on the policy agendas of the European Union and its member states during the past decades, finally, after a turbulent policy process, resulting in the adoption of the EU General Data Protection Regulation in April 2016. However, its importance is still rather ignored by political science, resulting in a poorly theorized and scarcely researched field. Thus, the aim of this chapter is to introduce the topic of European data protection politics in order to emphasize its importance for political science and to motivate further research on the issue. This is done by providing an overview of the explanatory strengths and weaknesses of the current state of research, by guiding the reader through the evolution and stages of European data protection politics, and by indicating possible starting points for subsequent analyzes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Art. 8 also states that “[s]uch data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.” And that “[c]ompliance with these rules shall be subject to control by an independent authority.”
- 2.
European Council, Treaty of Lisbon: Amending the Treaty on European Union and the Treaty Establishing the European Community, OJ, C306/01, 2007, Article 1(29).
- 3.
In order to harmonize European data protection law and on the basis of the recent institutional and legal changes in the structure of the EU, the Commission regarded the instrument of a regulation as necessary. While a directive leaves the member states some room in the implementation of its basic provisions, a Regulation is a binding legislative act, which, after its entry into force, has to be directly applied in its entirety in every member state. http://europa.eu/eu-law/decision-making/legal-acts/index_en.html
- 4.
There is disagreement over the origin of the term: according to Garstka (2008: 134), the term is oriented on the concept of machine protection (Maschinenschutz), which was, similar to the term data protection, not about protecting machines (resp. protecting data) but protecting the individual workers on machines (resp. the individual to whom the data belongs). Simitis (2014: 83 f.), in contrast, regards the idea of data security (Datensicherung) behind the term data protection, as the first data protection laws were rather meant to guarantee (the correct functioning of information systems by providing) data security, secrecy, and accuracy.
- 5.
The constructors and programmers of mainframes, statisticians, mathematicians, and computer scientists have been involved in data protection debates since the very beginning and still continue to do so by tackling current technological possibilities and their future developments which are of importance to data protection (Mattern 2007). Besides, other disciplines analyze several rather specific aspects of privacy, i.e., the economics of privacy (Brandimarte and Acquisti 2012), privacy in online social networks (Trepte and Reinecke 2011), or the functioning of data markets (Bründl et al. 2015).
- 6.
Although there is literature in German and French and certainly in many other languages, too, this chapter deliberately focuses on English literature in order to arrive at a common denominator.
- 7.
Such an agreement was necessary since Directive 95/46/EC prohibits the transfer of data to any countries without adequate data protection provisions.
- 8.
On the EU-level alone, at least 239 legislative and nonlegislative measures—including 88 legally binding measures such as EU regulations and directives—were adopted between 9/11 and 2013 (Hayes and Jones 2013: 25).
- 9.
As mentioned in the introduction, the recent data protection reform package of the EU Commission consisted not only of a proposal for a General Data Protection Regulation, but also of Directive 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
- 10.
Strengthening the individual should be achieved, for example, by introducing a “no-fault compensation for individual data protection claims.” In contrast, the participatory burden should be reduced by taking away certain personal data from the individual’s disposition: The prohibition of the processing of sensitive personal data (data regarding race, religion, political opinions, etc.) was the consequence of this shift (ibid.: 233).
- 11.
Council of Europe. “Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, No. 108.” Strasbourg: Council of Europe, January 28, 1981.
- 12.
See: European Parliament (1975). Resolution on the Protection of the Rights of the Individual in the Face of Developing Technical Progress in the Field of Automatic Data Processing. Brussels, 1975; European Parliament (1976). Resolution on the Protection of the Rights of the Individual in the Face of Developing Technical Progress in the Field of Automatic Data Processing. Luxembourg, 5 March 1976; European Parliament (1979). Resolution on the Protection of the Rights of the Individual in the Face of Technical Developments in Data Processing. Luxembourg, 6 May 1979.
- 13.
A preliminary draft of the Commission’s proposal that was leaked in December 2011 included Article 42 which stipulated that data transfer from the EU to third-countries is only permitted on the basis of European law or international treaties. The transfer of data of European citizens, for example, by US corporations operating in the EU, to US American security authorities and secret services based on the Foreign Intelligence Surveillance Act (FISA) hence, would have been explicitly prohibited, which is why it was referred to as the anti-fisa clause. However, the Commission removed the article from the final proposal due to intense pressure by the US government (Fontanella-Khan 2013), while the Parliament reintroduced it as a direct consequence of the Snowden revelations in form of Article 43a (Albrecht 2015: 139).
References
Albrecht JP (2013) Lobbyism and the EU data protection reform, 12.02.2013. https://www.janalbrecht.eu/themen/datenschutz-digitalisierung-netzpolitik/lobbyism-and-the-eu-data-protection-reform.html. Accessed 15 Aug 2016
Albrecht JP (2015) Hands off our data. AktivDruck, Göttingen
Bendrath R (2007) Privacy self-regulation and the changing role of the state: from public law to social and technical mechanisms of governance. Working papers. Transformations of the State, Collaborative Research Center 597. University of Bremen, Jacobs University Bremen, Bremen
Bennett CJ (1988) Regulating the computer: comparing policy instruments in Europe and the United States. Eur J Polit Res 16(5):437–466
Bennett CJ (1992) Regulating privacy: data protection and public policy in Europe and the United States. Cornell University Press, Ithaca
Bennett CJ (2008) The privacy advocates: resisting the spread of surveillance. MIT Press, Cambridge, MA
Bennett CJ (2011) Defense of privacy: the concept and the regime. Surveill Soc 8(4):485–496
Bennett CJ, Raab CD (2006) The governance of privacy: policy instruments in global perspective, 2nd and updated edition. MIT Press, Cambridge, MA
Betz J, Kübler H-D (2013) Internet governance: Wer regiert wie das Internet? Springer Fachmedien, Wiesbaden
Brandimarte L, Acquisti A (2012) The economics of privacy. In: Peitz M, Waldfogel J (eds) The Oxford handbook of the digital economy. Oxford University Press, New York, pp 547–571. http://www.heinz.cmu.edu/~acquisti/papers/economics-privacy-oxford.pdf. Accessed 13 Dec 2016
Bründl S, Matt C, Hess T (2015) Wertschöpfung in Datenmärkten: Eine Explorative Untersuchung Am Beispiel Des Deutschen Marktes Für Persönliche Daten. In: Zoche et al. P (eds) Forum Privatheit Und Selbstbestimmtes Leben in Der Digitalen Welt. Fraunhofer ISI, Karlsruhe
Busch A (2013) The regulation of transborder data traffic: disputes across the Atlantic. Secur Hum Rights 23(4):313–330
Busch A (2015) Privacy, technology, and regulation: why one size is unlikely to fit all. In: Roessler B, Mokrosinska D (eds) Social dimensions of privacy: interdisciplinary perspectives. Cambridge University Press, Cambridge, pp 303–323
Commission of the European Communities (1973) Community policy on data processing (Communication of the Commission to the Council). Brussels, November 21, 1973
Commission of the European Communities (1981) Commission recommendation of 29 July 1981 relating to the Council of Europe convention for the protection of individual rights with regard to the automatic processing of personal data. Brussels, July 29, 1981
Commission of the European Communities (2003) Report from the commission: first report on the implementation of the data protection directive (95/46/EC). Brussels, May 15, 2003
Commission of the European Communities (2007) Communication from the Commission to the European Parliament and the Council: on the follow-up of the work programme for better implementation of the data protection directive. Brussels, July 3, 2007
Council of Europe (1950) European convention for the protection of human rights and fundamental freedoms, as amended by protocols nos. 11 and 14, 4 Nov 1950, ETS 5
Council of Europe (1981) Explanatory report to the convention for the protection of individuals with regard to automatic processing of personal data. Strasbourg, 28 Jan 1981
De Hert P, Gutwirth S (2006) Privacy, data protection and law enforcement. Opacity of the individual and transparency of power. In: Claes E, Duff A, Gutwirth S (eds) Privacy and the criminal law. Intersentia, Antwerp, Oxford, pp 61–104
De Hert P, Papakonstantinou V (2016) The new general data protection regulation: still a sound system for the protection of individuals? Comput Law Secur Rev 32(2):179–194
DeCew JW (2015) The feminist critique of privacy: past arguments and new social understandings. In: Roessler B, Mokrosinska D (eds) Social dimensions of privacy: interdisciplinary perspectives. Cambridge University Press, Cambridge, pp 85–103
DeNardis L (2014) The global war for internet governance. Yale University Press, New Haven
Dix A, Thuesing G, Traut J et al (2013) EU data protection reform: opportunities and concerns. Intereconomics 48(5):268–285
Ermert M (2013) Data protection marathon in Europe. Internet Policy Rev. http://policyreview.info/articles/news/data-protection-marathon-europe/203. Accessed 15 Oct 2013
European Commission (2010) Communication from the Commission to the Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A comprehensive approach on personal data protection in the European Union COM(2010) 609 final, Brussels, 4 Nov 2010
European Commission (2015) Communication from the Commission to the Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Digital Single Market Strategy for Europe SWD(2015) 100 final, Brussels, 6 May 2015
European Union (1957) Treaty establishing the European Community (consolidated version), Rome Treaty, 25 Mar 1957
European Union (2007a) Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, 13 Dec 2007, 2007/C 306/01
European Union (2007b) Consolidated version of the Treaty on European Union, 13 Dec 2007, 2008/C 115/01
European Union (2007c) Consolidated version of the Treaty on the Functioning of the European Union, 13 Dec 2007, 2008/C 115/01
European Union (2012) Charter of fundamental rights of the European Union, OJ, 2012/C 326/02
Flaherty DH (1984) The need for an American privacy protection commission. Gov Inf Q 1(3):235–258
Flaherty DH (1989) Protecting privacy in surveillance societies. University of North Carolina Press, Chapel Hill, pp 93–101
Fontanella-Khan J (2013) Washington pushed EU to dilute data protection. Financial Times, December 6, 2013. http://www.ft.com/intl/cms/s/0/42d8613a-d378-11e2-95d4-00144feab7de.html. Accessed 17 Oct 2016
Fritz J (2013) Netzpolitische Entscheidungsprozesse. Datenschutz, Urheberrecht und Internetsperren in Deutschland und Großbritannien. Nomos, Baden-Baden
Garstka H (2008) Der Mensch als Datenzuträger. Was Sie schon immer über Ihren Nachbarn wissen wollten. In: Herwig R (ed) Wissen als Begleiter!?: das Individuum als lebenslanger Lerner. LIT Verlag, Münster, pp 133–138
Geuss R (2001) Public goods, private goods. Princeton University Press, Princeton, NJ
Goldsmith JL, Wu T (2006) Who controls the internet? Illusions of a borderless world. Oxford University Press, Oxford
González Fuster G (2014) The emergence of personal data protection as a fundamental right of the EU. Law, governance and technology series, vol 16. Springer International Publishing, Cham, Switzerland
Hayes B, Jones C (2013) Catalogue of EU counter-terrorism measures adopted since 11 Sept 2001. SECILE: .Securing Europe through counter-terrorism – impact, legitimacy & effectiveness. http://www.statewatch.org/news/2013/dec/secile-catalogue-of-EU-counter-terrorism-measures.pdf. Accessed 12 Aug 2016
Heisenberg D, Fandel M-H (2004) Projecting EU regimes abroad: The EU data protection directive as global standard. In: Braman S (ed) The emergent global information policy regime. Palgrave Macmillan, Houndsmills, pp 109–129
Hofmann J (2016) Multi-stakeholderism in internet governance: putting a fiction into practice. J Cyber Policy 1(1):29–49
Hornung G (2012) A general data protection regulation for Europe? Light and shade in the commission’s draft of 25 Jan 2012. SCRIPTed 9(1):64–81
Karaboga M, Matzner T, Obersteller H, Ochs C (2017) Is there a right to offline alternatives in a digital world? In: Gutwirth S, Leenes R, De Hert P, Van Brakel R. (eds) Computers, privacy and data protection: invisibilities and infrastructures. Law, Governance and Technology Series 36. Springer, Cham, pp 31–57
Koops B-J (2011) The evolution of privacy law and policy in the Netherlands. J Comp Policy Anal Res Pract 13(2):165–179
Lyon D (2002) Surveillance as social sorting privacy, risk and automated discrimination. Taylor & Francis, Hoboken
Lyon D, Haggerty KD, Ball K (2012) Introducing surveillance studies. In: Ball K, Haggerty KD, Lyon D (eds) Routledge handbook on surveillance studies. Routledge, London, pp 1–12
Marx GT (2012) Preface. “Your papers please”: Personal and professional encounters with surveillance. In: Ball K, Haggerty KD, Lyon D (eds) Routledge handbook on surveillance studies. Routledge, London, pp xx–xxxi
Mattern F (2007) Die Informatisierung des Alltags. Leben in smarten Umgebungen. Springer, Berlin
Matzner T (2014) Why privacy is not enough privacy in the context of “ubiquitous computing” and “big data”. J Inf Commu Ethics Soc 12(2):93–106
Mayer-Schönberger V (1997) Generational development of data protection in Europe. In: Agre P, Rotenberg M (eds) Technology and privacy: the new landscape. MIT Press, Cambridge, pp 219–242
Newman AL (2008a) Protectors of privacy: regulating personal data in the global economy. Cornell University Press, Ithaca, NY
Newman AL (2008b) Building transnational civil liberties: transgovernmental entrepreneurs and the European data privacy directive. Int Organ 62:103–130
Newman AL (2013) The governance of privacy. In: Levi-Faur D (ed) The Oxford handbook of governance. Oxford University Press, New York, pp 599–611
Nissenbaum HF (2010) Privacy in context: technology, policy, and the integrity of social life. Stanford Law Books, Stanford, CA
Oettinger G (2015) Von 0:4 zu 4.0: Wenn Europa mit Amerika mithalten will, braucht es eine digitale Strategie. Zeitschrift IP – Internationale Politik, July/August, 20–25
Poullet Y (2010) About the e-privacy directive: towards a third generation of data protection legislation. In: Gutwirth S, Poullet Y, De Hert P (eds) Data protection in a profiled world. Springer, Dordrecht, pp 3–30
Privacy Forum (2016) Policy paper on the EU‘s general data protection regulation: data protection is still mainly a matter for the Member States. .Online: http://www.isi.fraunhofer.de/isi-en/service/presseinfos/2016/press-release-14-2016-policy-paper-general-data-protection-regulation.php. Accessed 27 July 2016
Raab CD (2011) Networks for regulation: privacy commissioners in a changing world. J Comp Policy Anal Res Pract 13(2):195–213
Raab CD (2012) Privacy, social values and the public interest. In: Busch A, Hofmann J (eds) Politik und die Regulierung von Information [Politics and the regulation of information] (Politische Vierteljahresschrift Sonderheft 46). Nomos-Verl.-Ges, Baden-Baden, pp 129–151
Reding V (2013) ‘Data belong to the individual’: an interview with Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship. Zeitschrift Internationale Politik, Sept 9, 2013
Regan PM (1995) Legislating privacy: technology, social values, and public policy. University of North Carolina Press, Chapel Hill, NC
Regan PM (1999) American business and the European data protection directive: lobbying strategies and tactics. In: Bennett CJ, Grant R (eds) Visions of privacy: policy choices for the digital age. University of Toronto Press, Toronto, ON, pp 199–216
Righettini MS (2011) Institutionalization, leadership, and regulative policy style: a France/Italy comparison of data protection authorities. J Comp Policy Anal Res Pract 13(2):143–164
Roberts A (2015) A republican account of the value of privacy. Eur J Polit Theo 14(3):320–344
Roessler B (2005) The value of privacy. Polity Press, Cambridge
Rozbicka P (2013) Advocacy coalitions: influencing the policy process in the EU. J Eur Public Policy 20(6):838–853
Rule JB, Greenleaf GW (eds) (2008) Global privacy protection: the first generation. Edward Elgar, Cheltenham, UK
Schütz P (2012) Comparing formal independence of data protection authorities in selected EU member states. Conference paper. ECPR Standing Group on Regulation & Governance (Biennial conference), Exeter, UK
Schwartz PM (2015) The value of privacy federalism. In: Roessler B, Mokrosinska D (eds) Social dimensions of privacy: interdisciplinary perspectives. Cambridge University Press, Cambridge, pp 324–346
Simitis S (1987) Reviewing privacy in an information society. Univ Pa Law Rev 135:707–746
Simitis S (1995) From the market to the polis: The EU data protection directive on the protection of personal data. Iowa Law Rev 80(3):445–469
Simitis S (2014) Einleitung: Geschichte – Ziele – Prinzipien. In: Simitis S (ed) Bundesdatenschutzgesetz, Nomos Kommentar, 8th edn. Nomos, Baden-Baden, pp 81–196
Solove DJ (2008) Understanding privacy. Harvard University Press, Cambridge, MA
Stalder F (2011) Autonomy beyond Privacy? A rejoinder to Colin Bennett. Surveill Soc 8(4):508–512
Steinmüller W, et al (1971) Grundfragen des Datenschutzes, Gutachten Im Auftrag des Bundesministeriums des Innern. Drucksache VI/3826. Deutscher Bundestag 6. Wahlperiode, Bonn
Trepte S, Reinecke L (eds) (2011) Privacy online: perspectives on privacy and self-disclosure in the social web. Springer, Berlin
Van der Sloot B (2014) Do data protection rules protect the individual and should they? An assessment of the proposed general data protection regulation. Int Data Privacy Law 4(4):307–325
Veen T (2011) The political economy of collective decision-making. Springer, Berlin
Ware WH (1973) Records computers and the rights of citizens. Report of the secretary’s advisory committee on automated personal data systems. U.S. Department of Health, Education & Welfare
Warman M (2012) EU privacy regulations subject to ‘unprecedented lobbying’. The Telegraph, 08.02.2012. http://www.telegraph.co.uk/technology/news/9070019/EU-Privacy-regulations-subject-to-unprecedented-lobbying.html. Accessed 01 Sept 2014
Warren SD, Brandeis LD (1890) The right to privacy. Harv Law Rev 4(5):193–220
Westin AF (1967) Privacy and freedom. Atheneum, New York
Whitman JQ (2004) The two western cultures of privacy: dignity versus liberty. Yale Law J 113(6):1151–1221
Wright D, Kreissl R (eds) (2015) Surveillance in Europe. Routledge, Abingdon
Acknowledgement
This work is partially funded by the German Ministry of Education and Research within the project “Forum Privacy and Self-determined Life in the Digital World.” For more information, see: http://www.forum-privatheit.de.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Karaboga, M. (2018). The Emergence and Analysis of European Data Protection Regulation. In: Schwanholz, J., Graham, T., Stoll, PT. (eds) Managing Democracy in the Digital Age. Springer, Cham. https://doi.org/10.1007/978-3-319-61708-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-61708-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61707-7
Online ISBN: 978-3-319-61708-4
eBook Packages: Political Science and International StudiesPolitical Science and International Studies (R0)