Abstract
At its core, the legal framework of data protection is still characterized by concepts dating back to when data protection first emerged. However, the traditional approach centered on regulating the steps of data processing is as insufficient as the leading paradigms regarding the relevant fundamental rights. This is explained with three aspects in mind: Firstly, the object of data protection is complex, namely not only personal data, but a network consisting of several basic elements: data and information, knowledge and the flow of data and information, decisions and consequences of decisions. Secondly, data protection cannot be reduced to a uniform legally protected good. It encompasses a complex bundle of interests and legal positions aiming at protecting the individual in his or her sociality. Thirdly, data protection requires complex concepts of regulation on multiple levels and with different constituent parts. Additionally, data protection law must not only be coordinated with the issue-related substantive legal norms, but must also take up basic elements of risk regulation or technology law and requires interdisciplinary approaches. Data protection will then prove to be a highly complex and novel field involving particular challenges for law.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See the Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, 28 January 1981; Mayer-Schönberger 1997, 219, 220 ff.; Bygrave 2002, 94 ff. As to the modernization see www.coe.int/t/dghl/standardsetting/dataprotection/modernisation_en.asp. See also Nouwt 2009, 275, 286 ff. For data protection history in Germany see Abel 2003, Chap. 2.7 Rz. 1 ff.; Simitis 2011, Rn. 1 ff.
- 2.
Influential in Germany: Wilhelm Steinmüller/Bernd Lutterbeck/Christoph Mallmann/Uwe Harbort/Gerhard Kolb/Jochen Schneider, Grundfragen des Datenschutzes: Gutachten im Auftrag des Bundesministeriums des Innern, 1971, BTDrucks. VI/3826, Anl. 1.
- 3.
See, among others, Westin 1970, p. 42.
- 4.
BVerfGE 65, 1, 42 ff.; Dec 15, 1983, Census Judgment.
- 5.
Negative liberty, see i. e. Berlin 1969, 118 ff. With regard to the jurisdiction of the FCC see BVerfGE 7, 198, 204 f.—Lüth—68, 193, 205.
- 6.
Article 8 (1) ECHR: “Everyone has the right to respect for his private and family life, his home and his correspondence.”; Article 7 EU Charter: “Everyone has the right to respect for his or her private and family life, home and communications.”; Article 2 (1) GG: “Everybody has the right to the free development of his or her personality […]”.
- 7.
Article 5 (1) GG: “Everyone has the right freely to express and disseminate his or her opinions in speech, writing and pictures […]”.
- 8.
Art. 10 (1) GG: “The secrecy of communication by letters and of telecommunication is inviolable.”
- 9.
See Article 8 (2) ECHR: “There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”; Article 52 (1) EU Charter: “Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.”; Article 2 (1) GG: “[…] provided that they do not interfere with the rights of others or violate the constitutional order or moral law.” or Article 5 (2) GG: “These rights shall be subject to the limitations laid down by the provisions of the general laws and to statutory provisions for the protection of young people and to the obligation to respect personal honour.”
- 10.
- 11.
Albers 2005, 30 ff.
- 12.
- 13.
Article 2 GG: “Everybody shall have the right to the free development of his or her personality […]”; Article 1 GG: “Human dignity shall be inviolable. To respect and to protect it shall be the duty of all state authority.”
- 14.
BVerfGE 65, 1, 42 ff.; Dec 15, 1983, Census Judgment. Subsequent decisions are, amongst others, BVerfGE 78, 77, 84 ff.; 84, 192, 194 ff.; 113, 29, 46 ff.; 115, 166, 188 ff.
- 15.
BVerfGE 65, 1, 43. Analyzing the decision and its background: Albers (Fn. 11), 149 ff.; see also Rouvroy and Poullet (Fn. 12), 52 ff.
- 16.
BVerfGE 27, 1, 6 ff; 27, 344, 350 ff.; 32, 373, 378 ff.; 33, p. 367 376 ff.; 44, 353, 372 ff. See also Warren and Brandeis 1890, 193–220.
- 17.
- 18.
Westin 1970, 42.
- 19.
See Simitis 1971, 673, 680.
- 20.
For literary sources of the Court’s decision see Hermann Heußner (former judge at the FCC preparing the Census Decision) 1984, 279 (280 f.). Amongst others, the ideas of Westin have been received by the members of the Court, see Ernst Benda (former President of the FCC participating at the Census Decision), 1974, 23 (32).
- 21.
BVerfGE 65, 1, 43.
- 22.
See the considerations of Rouvroy/Poullet (Fn. 12), 52 ff.
- 23.
It is true that the FCC also stated: “The individual does not have a right in the sense of an absolute, unlimitable mastery over ‘his’ or ‘her’ data; he/she is rather a personality that develops within a social community and is dependent upon communication.”, BVerfGE 65, 1, 46. However, these grounds refer to the reservation allowing to limit the scope of protection by means of statutory rules; they do not alter the shaping of the scope of protection.
- 24.
Fried 1968, 475, 482.
- 25.
BVerfGE 65, 1, 46.
- 26.
The core of the right to informational self-determination is not that consent has to play a key role. Theoretically and practically more important is that a constitutional legal basis is necessary to justify data processing.
- 27.
BVerfGE 65, 1, 44 ff.
- 28.
BVerfGE 65, 1, 46.
- 29.
- 30.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281/31.
- 31.
Proposal of the European Commission of 25 January 2012 for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM (2012) 11 final.
- 32.
The requirement that personal data must not be further processed in a way incompatible with the specified purposes sets lower standards than the requirement that further data processing is principally bound to the purposes specified in advance. Additionally, the meaning of “incompatible” requires interpretation. See for the functions of the principle of specifying purposes and of binding data processing to the purposes specified in advance Albers (Fn. 11), 168 f., 498 ff.
- 33.
See, for example, Floridi 2010, 19 ff.
- 34.
See, among others, Waldo et al. 2007, 88 ff.
- 35.
See with regard to communication Ashby 1963, 124: “The information conveyed is not an intrinsic property of the individual message.”
- 36.
- 37.
- 38.
See also Mireille Hildebrandt, Who is Profiling Who? Invisible Visibility, in: Gutwirth et. al. (Fn. 1), 239, 240 ff.
- 39.
Article 3 of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks […], Official Journal L 105/54.
- 40.
See BVerfGE 125, 260 (318 ff.). For a critical review of this Decision see de Vries et al. 2011, 3 ff.
- 41.
For an analysis of the concept of „information privacy“ in the UK see Raab and Goold (Fn. 12).
- 42.
See Fn. 6.
- 43.
See the references in Fn. 29.
- 44.
See Fn. 6.
- 45.
Art. 8 (1) of the EU Charter: “(1) Everyone has the right to the protection of personal data concerning him or her. (2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. (3) Compliance with these rules shall be subject to control by an independent authority.”
- 46.
See ECJ, Rs. C-92/09 u. C-93/09, Schecke and Eifert vs. Land Hessen, http://curia.europa.eu, §§ 45 ff. The differentiation is necessary but not easy due to the interplay between Art. 7 EU Charter in conjunction with Art. 52 (3) EU Charter, Art. 8 ECHR on the one hand and Art. 8 EU Charter on the other.
- 47.
More thoroughly Allen 2000, 861, 865 ff.
- 48.
See, for example, Art. 14, Art. 27 ff. EU Charter.
- 49.
In Germany, the first Senate Decision of the FCC which fundamentally derived rights to know not only from the guarantee to access to the courts, Art. 19 (4) GG, but from Art. 2 (1) in conjunction with Art. 1 (1) GG was not earlier than in 2008, see BVerfGE 120, 351 (362 f.); prior to that see BVerfG (Chamber Decision), NJW 2006, 1116 (1117 ff.). The ECtHR has recognised rights to access to personal files and to obtain information earlier, however, mostly in special cases, see for the rights of persons to receive the information necessary to understand their childhood and development Gaskin vs. United Kingdom, Judgment of 7 July 1989, Application No. 10454/83, for the right of access to health-related (not necessarily personal) data ECtHR, McGinley and Evan vs. UK, Judgment of 9 June 1998, Application Nos. 21825/93, 23414/94 –, Rn. 98 ff; see also ECtHR, Segerstedt-Wiberg, Judgment of 6 July 2006, Application No. 62332/00—, Rn. 99 ff. The Court argues cautiously: “Although the object of Article 8 is essentially that of protecting the individual against arbitrary interference by the public authorities, it does not merely compel the State to abstain from such interference: in addition to this primarily negative undertaking, there may be positive obligations inherent in effective respect for private or family life. In determining whether or not such a positive obligation exists, the Court will have regard to the fair balance that has to be struck between the general interest of the community and the competing interests of the individual, or individuals, concerned […]” (McGinley and Evan vs. UK, Judgment of 9 June 1998, Application Nos. 21825/93, 23414/94—, Rn. 98).
- 50.
- 51.
The fundamental right to the guarantee of the confidentiality and integrity of information technology systems which has been derived from Art. 2 in conjunction with Art. 1 GG by the Federal Constitutional Court in 2008—BVerfGE 120, 274—points in the right direction, but it should be understood merely as a part of data protection.
- 52.
- 53.
See Albers (Fn. 11), 353 ff.
- 54.
Orwell 2008.
- 55.
Bentham 1995, 29 ff.
- 56.
Kafka 2002.
- 57.
Solove 2001, 1393, 1399.
- 58.
Solove (Fn. 57), 1426.
- 59.
For new challenges with regard to ubiquitous computing which affects the current principles of data protection see Čas (Fn. 1), 139, 141 ff.
- 60.
Köhntopp 2001, 55, 56.
- 61.
See also Point 4.1 of this chapter.
- 62.
The scholarly elaborations are heterogeneous in this respect.
- 63.
More closely Albers (Fn. 37), Rn. 106 ff.
- 64.
See Point 4.2 of this chapter.
- 65.
See, i.e., Report from the Commission, First report on the implementation of the Data Protection Directive (95/46 EC), COM (2003) 265 final, 15 f.
- 66.
More profoundly Mayer-Schönberger 2010, 1853, 1873 ff.
- 67.
Point 4.1 of this chapter.
- 68.
See Point 3. of this chapter.
- 69.
References
Abel, Ralf-Bernd. 2003. Geschichte des Datenschutzrechts. In Handbuch Datenschutzrecht, ed. Alexander Roßnagel. München: Beck (Chapter 2.7).
Albers, Marion. 2002. Information als neue Dimension im Recht. Rechtstheorie 33:61–89.
Albers, Marion. 2005. Informationelle Selbstbestimmung. Baden-Baden: Nomos.
Albers, Marion. 2012. Umgang mit personenbezogenen Informationen und Daten. In Grundlagen des Verwaltungsrechts Vol. II, 2nd ed., eds. Wolfgang Hoffmann-Riem, Eberhard Schmidt-Aßmann, Andreas Voßkuhle. München: Beck, § 22.
Allen, Anita L. 2000. Privacy-as-data control: Conceptual, practical, and moral limits of the paradigm, 32 Connecticut Law Review 861–875.
Ashby, William. 1963. An introduction to cybernetics, 5th ed. London: Chapman & Hall.
Bateson, Gregory. 1972. Steps to an ecology of mind. Collected essays in Anthropology, Psychiatry, Evolution, and Epistemology. Chicago: University of Chicago Press.
Benda, Ernst. 1974. Privatsphäre und “Persönlichkeitsprofil”. Ein Beitrag zur Datenschutzdiskussion. In Menschenw ürde und freiheitliche Rechtsordnung, eds. Leibholz, Faller, Mikat, Reis. Tübingen: Mohr. 23–44.
Bennett, Colin, J., Charles, D. Raab. 2003. The Governance of Privacy. Aldershot: Ashgate.
Bentham, Jeremy. 1995. The Panopticon Writings (Edition Miran Boˇtoviˇc). London.
Berlin, Isaiah. 1969. Two concepts of liberty. In Four essays on liberty, ed. Isaiah Berlin. Oxford: Oxford University Press.
Böckenförde, Ernst-Wolfgang. 1974. Grundrechtstheorie und Grundrechtsinterpretation. Neue Juristische Wochenschrift 1529–1538.
Britz, Gabriele. 2010. Informationelle Selbstbestimmung zwischen rechtswissenschaftlicher Grundsatzkritik und Beharren des Bundesverfassungsgerichts. In Offene Rechtswissenschaft, ed. Wolfgang. Hoffmann-Riem, 562–596. Tübingen: Mohr Siebeck.
Bygrave, Lee A. 2002. Data protection law, The Hague: Kluwer.
Čas, Johann. 2011. Ubiquitous computing, privacy and data protection: Options and limitations to reconcile the unprecedented contradictions. In Computers, privacy and data protection: An element of choice, ed. Serge Gutwirth, Yves Poullet, Paul de Hert and Ronald Leenes, 139–169. Dordrecht: Springer.
de Hert, Paul and Serge, Gutwirth. 2009. Data protection in the case law of Strasbourg and Luxemburg: Constitutionalisation in action. In Reinventing data protection? ed. Serge Gutwirth, Yves Poullet, Paul de Hert, Cécile de Terwagne, Sjaak Nouwt, 3–44. Dordrecht: Springer.
de Vries, Katja, Rocco Bellanova, Paul de Hert, and Serge Gutwirth. 2011. The German constitutional court judgment on data retention: Proportionality overrides unlimited surveillance (Doesn’t It?). In Computers, privacy and data protection: an element of choice, ed. Serge Gutwirth, Yves Poullet, Paul de Hert, and Ronald Leenes, 3–23. Dordrecht: Springer.
Floridi, Luciano. 2010. Information. A very short introduction, New York: Oxford University Press.
Fried, Charles. 1968. Privacy. Yale Law Journal 77:475–493.
Heußner, Hermann. 1984. Das informationelle Selbstbestimmungsrecht in der Rechtsprechung des Bundesverfassungsgerichts, Die Sozialgerichtsbarkeit (SGb). 279–285.
Kafka, Franz. 2002. Der Proce ß. Frankfurt a. M.: S. Fischer.
Köhntopp, Marit. 2001. Datenschutz technisch sichern. In Allianz von Medienrecht und Informationstechnik? ed. Alexander Roßnagel,55–66. Baden-Baden: Nomos.
Leenes, Ronald E., Bert-Jaap Koops and Paul de Hert, eds. 2008. Constitutional rights and new technologies. A comparative study. The Hague: Asser Press.
Lübbe-Wolff, Gertrude. 1988. Die Grundrechte als Eingriffsabwehrechte. Baden-Baden: Nomos.
Mayer-Schönberger, Viktor. 1997. Generational development of data protection in Europe. In Technology and privacy: The new landscape, ed. Philip E. Agre, Marc Rotenberg. Cambridge: MIT Press, 219 ff.
Mayer-Schönberger, Viktor. 2010. Beyond privacy, beyond rights—toward a systems theory of information governance. 98 California Law Review 1853–1885.
Nissenbaum, Helen. 2008. Privacy as contextual integrity. 79 Washington Law Review 119–157.
Nissenbaum, Helen. 2010. Privacy in context. Technology, policy, and the integrity of social life. Stanford: Stanford University Press.
Nouwt, Sjaak. 2009. Towards a common European approach to data protection: A critical analysis of data protection perspectives of the Council of Europe and the European Union. In Reinventing data protection? eds. Serge Gutwirth, Yves Poullet, Paul de Hert, Cécile de Terwagne and Sjaak Nouwt, 275–292. Dordrecht: Springer.
Orwell, George. 2008. Nineteen Eighty-Four. London: Penguin.
Poscher, Ralf. 2012. Die Zukunft der informationellen Selbstbestimmung als Recht auf Abwehr von Grundrechtsgefährdungen. In Resilienz in der offenen Gesellschaft, eds. Hans-Helmuth Gander et al., 167–190. Baden-Baden: Nomos.
Raab, Charles. 1993. The governance of data protection. In Modern governance: New government —society interactions, ed. Jan Kooiman, 89–103. London: Sage.
Raab, Charles and Benjamin Goold. 2011. Protecting information privacy. Equality and human rights commission research report series. research report 69.
Rössler, Beate. 2001. Der Wert des Privaten. Frankfurt am Main: Suhrkamp.
Rouvroy, Antoinette, and Yves Poullet. 2009. The right to informational self-determination and the value of self-development: Reassessing the importance of privacy for democracy. In Reinventing data protection? ed. Serge Gutwirth, Yves Poullet, Paul de Hert, Cécile de Terwagne, Sjaak Nouwt, 45–76. Dordrecht: Springer.
Schlink, Bernhard. 1986. Das Recht der informationellen Selbstbestimmung. Der Staat 25:233–250.
Schwartz, Paul. 1989. The computer in German and American constitutional law: Towards an American right of informational self-determination. American Journal of Comparative Law 37:675–701.
Schweizer, Rainer. 2009. Die Rechtsprechung des Europäischen Gerichtshofes für Menschenrechte zum Persönlichkeits- und Datenschutz. Datenschutz und Datensicherheit (DuD) 462–468.
Siemen, Birte. 2006. Datenschutz als europ äisches Grundrecht. Berlin: Duncker & Humblot.
Simitis, Spiros. 1971. Chancen und Gefahren der elektronischen Datenverarbeitung. Neue Juristische Wochenschrift 673–682.
Simitis, Spiros. 2011. Einleitung: Geschichte—Ziele—Prinzipien. In Kommentar zum Bundesdatenschutzgesetz, 7th ed, ed. Simitis, Baden-Baden: Nomos 2011
Solove, Daniel. 2001. Privacy and power: Computer databases and metaphors for information privacy. Stanford Law Review 53:1393–1462.
Solove, Daniel. 2004. The digital person. New York: NYU Press.
Solove, Daniel. 2008. Understanding Privacy. Cambridge: Harvard University Press.
Trute, Hans-Heinrich. 2010. Wissen—Einleitende Bemerkungen. In Wissen —Zur kognitiven Dimension des Rechts, Die Verwaltung, Beiheft 9, ed. Hans C. Röhl, 11–38.
Waldo, James, Herbert S. Lin, and Lynette I. Millett, eds. 2007. Engaging privay and information technology in a digital age. Washington: The National Academies Press.
Warren, Samuel D., Louis D. Brandeis. 1890. The right to privacy. 4/5 Harvard Law Review 193–220.
Westin, Alan F. 1970. Privacy and Freedom. 6th. ed. New York: Atheneum.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Albers, M. (2014). Realizing the Complexity of Data Protection. In: Gutwirth, S., Leenes, R., De Hert, P. (eds) Reloading Data Protection. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-7540-4_11
Download citation
DOI: https://doi.org/10.1007/978-94-007-7540-4_11
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-7539-8
Online ISBN: 978-94-007-7540-4
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)