Privacy and data protection
LES 1: INTRODUCTION TO PRIVACY AND DATA PROTECTION
Objectives of ‘privacy and data protection law’
- To learn about privacy and data protection law, with a focus on European Union (EU)
data protection law and most notably about the General Data Protection Regulation
(GDPR).
- To learn also by using the GDPR in practice.
- To learn to think critically about privacy and data protection law.
Why is it important to learn about privacy and data protection?
data processing.
Google, Apple, Facebook, Amazon, Microsoft… these companies are the most
powerful companies. They all have a lot of data of all of us. they have personal data.
clear economic advantage in processing data (to save people etc.) but these have a
clear powerful advantage in processing personal data. but these has a clear economic
power implication. What do they with personal data and is it legal?
Mark Zuckerberg → scandal Meta. Using information that they have from Facebook.
(brother context).
There is a lot of happening about personal data, fundamental issues. We have to understand
the GDPR.
Study materials
a) The Handbook on European data protection law.
o We will discuss the Council of Europe. Then we will dive into data protection
law (the GDPR).
b) The GDPR
o U have to know it enough because we will be talking about the GDPR. It doesn’t
mean u need to know the articles but some of them will come back and you will
know them.
c) The slides of all sessions (which will be made available on Canvas)
About the sessions on the right of access
- All student invited to actively participate.
- The activities are connected the EUROPIA learning Communicate Fate.
o Part of network of universities. One of the things is that we have learning
communities. This course is part of a learning community. The other universities
will do exercises with the right of access.
Are ‘privacy’ and ‘data protection’ the same?
Sometimes, but from a legal perspective there is a difference. Especially in the legal landscape
of the European Union. U have to be aware that the GDPR is about data protection. Data
protection in the European Union is different from privacy. Even if it’s not always clear, but it is
something different. In other legal framework exp. USA, they tend to use the word ’privacy’ as
covering as we called data protection. They call everything privacy. For us it is something
different. There is a right to privacy and right to data protection.
1
,Fundamental rights: constitutional rights. There is a national level (constitutional), then regional
protection, European Union does guarantee some fundamental rights, regional protection from
the Council of Europe. U have also universel protection.
In Belgium there is a right to privacy. Is there a right to data protection? No. Belgium is more
based in this traditional Council of Europe idea. There is no clear separation of the rights
(privacy and data). very different in the European Union where you have now the 2 rights.
- Council of Europe
o Art. 8 ECHR (right to respect for private life)
- European Union: 2 different rights
a. Art. 7 EU Charter of Fundamental Rights (right to respect for private life)
b. Art. 8 EU Charter of Fundamental Rights (right to the protection of personal
data)
c. 20 years ago they had the vision to have a constitution in the European Union.
A moment in history to reassure everyone that they were protected fundamental
rights. The data protection is a new right.
d. ➔ GDPR
International protection
‘privacy’ is a (universal) human right:
- Art. 12 Universal Declaration of Human Rights ( UDHR) (1948): no one shall be
subjected to arbitrary interference with his privacy, family, home or correspondence,
nor to attacks upon his honour and reputation. Everyone has the right to the protection
of the law against such interference or attacks.
- There had been a lot of authoritarian regimes (nazi’s) in the period of time before this
and it was important to settle boundaries for the future to protect human rights.
- Some people connect the right of privacy with the right of free opinion: having the right
to think what you want in your private sphere.
- Art. 17 international covenant on civil and political Rights (ICCPR) 1966:
o No one shall be subjected to arbitrary or unlawful interference with his privacy,
family, home or correspondence, nor to unlawful attacks on his honour
reputation.
o Everyone has the right to the protection of the law against such interference.
Guidelines for the regulation of computerized personal data files, as adopted by UN General
Assembly evolution 45/95 of 14 December 1990.
Sometimes in some context we use the terms as interchangeable and sometimes not. → data
protection is a new right.
Privacy is new in a way, the agreement for this right came after the second world war. It came
also before, one of the key references is the ‘nineteen eighty-four’ book. this was one of the
moments that had been thinking about it and importance of privacy. (big brother)
2
,The panopticon: the idea is if you want to have a prison, if you put a guard in the middle in a
tower and he can see all the prisoners he can keep the control. The prisoners don’t know if the
guard is looking at them or not. These are elements that had been thinking about privacy over
the years.
A very concise history of data protection law
- 1960: first discussion: some companies were using big computers and processing a lot
of information of people. Do we have to do something? In USA and Europa was the
conclusion to regulate.
- 1970: data protection laws start to see the lights
- 1980: international instruments
- 1990: involvement of the European Union
- 2000: EU Charter of fundamental Rights
- 2010: Data protection of reform: Towards the GDPR
- 2020: Challenges of GDPR enforcement other data laws
Data protection: regulating personal data, data protection law started a half century. People
have the feeling that it is new and computer etc. the basic discussions data from many years
ago.
1967: book “privacy&freedom’ – Alan F. Westing => the first book that explains that we have
to do something. It was interesting that this book thought that this has something to do with
privacy. The fact that a huge computer has a lot of information about us. the right to privacy
has to be rethought. We must think about the right of privacy. The author was developing a
right to privacy.
Law Review – Harvard: article right to privacy, it is the most quoted article ever. they
acknowledge that the Bill of Right of the USA did not have a right to privacy and that we need
it now because of the new technology. (then: instant photography).
1973: Records, computers and the rights of citizens. Important to know is that in the USA, they
will have a record and principles very similar to ours but have legislation to regulate the public
sector. What they never did was actively regulating the private sector. For many years they
could do what they want. In Europe it was different, they thought it really mattered.
1970: first European Data protection Law was in Germany. We used to care of the data
processing, but now they are regulating differently it includes general obligations and also
rights. Another important point, Sweden was the second country, and they created the idea of
connecting all this. (1973)
In France there was a development int 1974. There is a huge database. Politician reaction,
they created a commission, and it stills exist.
There are very quickly reactions in Europe.
You have to prevent, you cannot have borders in free flow of information and then they started
to develop a whole mantra about this saying yes the free flow of information is really important
for economy but also for societies in general, we will only develop if we have a free flow of
information for real and we have to act quickly and strongly so all these European countries
started with their data protection don't do these kind of laws because actually we think that it's
not about data protection it is about data protectionism.
3
, This is one of the international instruments we still have → OECD. It is important for those who
don’t have a strong data protection law. It is quite dominated by the USA. They developed
some guidelines where actually the main message was that you may have privacy protection,
but make sure if you have this you feel allowed extent possible the free flow of information so
they very quickly put on the table didn't hear that yes regulating data is fine but the important
thing is that you always make sure that there is this there are no justified obstacles to the
transporter flows of personal data.
The council of Europe was thinking if they need to do something (Strasbourg). There will be
a convention for the protection of individuals with regard to automatic processing of personal
data.
4
