Summary of the Privacy and Data Protection course. Including all case law, extensive lecture notes and examples given in class. Result obtained 8.5/10.
Lecture notes – Privacy and Data Protection
Beau van Leenders 2020
Set up
- Data protection part
- Handbook is the centre of the course
o This gives a nice intro to data protection
o Lot of cases: CJEU and ECHR
o Data protection law strongly linked to privacy
- Exam: 3 questions – focused on the handbook
o Course on definitions: not doable by just copying GDPR
o Slides update the 2018 handbook
o Don’t memorize the handbook, clarifies the law – study what the essentials laws are
General remarks
- There are 2 Europes: CoE and EU
o EU DP law it is not very much about privacy and DP
o It is a lot about the institutional framework/dimension
- Article 8 and privacy
o Is there a law, is it justified, is it necessary in democracy?
o 3 golden rules for privacy
- EU charter is the older system – Strasbourg is newer in that sense
o E.g. Essence came from the German Constitution
,Lecture 1 – Capsule 1
Page 15-80 of the Handbook
- Context of EU DP
- Right to DP
- Right to private life and data protection: introduction
- INT legal framework: United Nations
- Council of Europe Convention 108
- EU DP law
Context
- Book discusses both right to DP and Right to privacy
- Focuses on 2 Europes:
o Council of Europe: 48 states including Turkey and Russia
o And focus on EU law (now 27)
- We will see that the legal apparatus of the EU striving for integration is more detailed and
more complex à less discretion to the MS
- Council is more treaty based – more soft law
- Handbook however pays respect to 2 Europes
Council of Europe (CoE)
- (Fundamental right) Article 8 ECHR: right to DP forms part of the right to privacy
o Europe Union has done it differently; Charter has set out right to privacy and the
right to data protection
- The only international legally binding instrument dealing with DP
- No separate right to DP: court considers it under article 8
- DP as such regulated first in the treaty of article 8
European Union
- Privacy and DP formulated each as separate fundamental right
- Charter
o Article 7 Privacy
o Article 8 DP
- GDPR has come in repealing the DP Directive
Origins of both rights and similarities
- Emergence
- Right to respect for private life
o Universal Declaration of UN (mentioned privacy) – so here it started for EU, did not
have it before – copy pasted this
o ECHR – 1950
- Right to personal DP
o Appeared in 1970s: EU has been fostering and supporting this development. And has
recognized this as a separate right.
Closely linked
- Both protect the autonomy and human dignity of individuals
- Enable the enjoyment of other rights
- Freedom of religion or expression etc. are all examples of this – all linked to some kind of
private life
,Differences however are also present
- Philosophy: idea of right to privacy “don’t touch it” – mostly addresses the state
- DP on the other hand à is more okay, we need data – however respect some serious
principles
o Less sacred maybe in some sense
Privacy DP
Prohibition of interference Applies whenever Personal Data are processed
(broader than privacy right)
Situations where “private life” is compromised It is not necessary to show an infringement on
private life for DP rules to be triggered
Depends on the context and facts of each case (Even open data online fall under the discretion
of the EU DP rules)
In CJEU, joined cases C-293/12 and C594/12, digital Rights, found that both rights were at stake
- Handbook gives example of the Digital Rights Ireland case – EU law obliging providers to
keep/store data of consumers for up to 2 years
- This is a lot – court said here both rights are applicable
- Even banal data is stored, however even this can be privacy infringing
- Here you see the switch from one to another
Court said here: blanket retention of data is not what we want in the EU democracy
- So, this was considered invalid (the directive)
International legal framework: United Nations
- We follow international trends in Europe
- The UN is important player, but like with the council of EU
- The older text only mention privacy, not personal data. But with soft law the UN has tried to
update framework. Handbook tries to discuss resolutions
- 2016 – focus started also on the private sector
o E.g. Facebook
The first European Framework: this of the Council and the ECHR
- [self study]
- Council of EU
- ECHR
- ECtHR
What the Council of Europe Convention 108 does: (Framework 1)
- Proposes treaties to MS
- Allows non-EU MS to sign up – mainly oriented at EU, but also making them open more
internationally
o E.g. Cybercrime convention (US and AUS)
- Why so important this convention?
o Many countries signing up for it
o E.g. doing business in EU – then doing business in Brazil – this list of MS is found on
the Council website
Council realized FHR did not speak of DP
- 1981 also a full treaty on Data Protection came alive
- Very authoritative – contained a structure that is copied in the GDPR, since it works
o Definitions
, o Then principles
o Then rights of the subjects
o Then duties for the controller of the data
In the bundle on canvas – find the modernized convention
- Council came up with modern version of the 1981 version
- Often similar to those in the GDPR
- Europe is speaking to the world, with a language borrowed and linked to the language of the
European Union
European Union Framework (2)
- Primary Law: TEU and TFEU (constitutional texts)
- Secondary Law: Regulations, Directives, Decisions of the EU
Interesting is 2000
- Before 2000 there were no fundamental rights
- EU started without Fundamental Human Rights – it adopted the Charter in 2000
- It then included Data Protection as well (became binding since 2009)
- This fulfilled all the elements for them to be a legitimate entity (they now have a set of
rights)
Interesting features
- Article 7 à Respect for private life and family life
- Article 8 of the Charter à Right to protection of Personal Data
o 1. Everyone has the right to protection of personal data
o 2. Data must be processed fairly for specified purposes…
o 3. Compliance with these rules subject to control of independent authority
- The latter is a unique feature – needs its own checks and balance system
Importance given in the 2000 and 2009 texts to Data Protection is very unique
- Article 16 of the TFEU à this is a basic EU text
- EU has the competence to regulate DP
- This is an important one – since as a supranational instance you cannot regulate everything
o Power to MS
o Here the treaty however says when DP is involved – EU can regulate
o Even when DP things do not have anything to do with the internal market e.g.
Data Protection is mentioned twice in primary law!!!
- TFEU
- Charter
Secondary laws:
- First, we had the Data Protection Data Directive 1995
o This was not detailed perfectly to streamline EU internal market
o Too many differences between MS implementation of the Directive
- Now: we have the GDPR (regulation)
o It is law in the MS – no need for implementation
o Direct binding effect
General Data Protection Regulation GDPR
- New ideas arose:
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller beauvanleenders. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.94. You're not tied to anything after your purchase.
