Content uploaded by Gloria González Fuster
Author content
All content in this area was uploaded by Gloria González Fuster on Jan 08, 2016
Content may be subject to copyright.
Project acronym: PRISMS
Project title: The PRIvacy and Security MirrorS: Towards a European framework
for integrated decision making
Project number: 285399
Programme: Seventh Framework Programme for research and technological devel-
opment
Objective: SEC-2011.6.5-2: The relationship between Human privacy and secu-
rity
Contract type: Collaborative project
Start date of project: 01 February 2012
Duration: 42 months
Deliverable 5.2: Consolidated legal report on the relationship
between security, privacy and personal data protection in EU
law
Authors: Gloria Gonz´alez Fuster, Serge Gutwirth (VUB), Bernadette Somody,
Iv´an Sz´ekely (EKINT)
Dissemination level: Public
Deliverable type: Report
Version: 1.0
Due date: 31 March 2014
Submission date: 19 December 2014
About the PRISMS project
The PRISMS project analyses the traditional trade-o↵model between privacy and security and
devise a more evidence-based perspective for reconciling privacy and security, trust and concern.
It examines how technologies aimed at enhancing security are subjecting citizens to an increasing
amount of surveillance and, in many cases, causing infringements of privacy and fundamental
rights. It conducts both a multidisciplinary inquiry into the concepts of privacy and security and
their relationships and an EU-wide survey to determine whether people evaluate the introduction
of security technologies in terms of a trade-o↵. As a result, the project determines the factors that
a↵ect public assessment of the security and privacy implications of a given security technology.
The project uses these results to devise a decision support system providing users (those who
deploy and operate security systems) insight into the pros and cons, constraints and limits
of specific security investments compared to alternatives taking into account a wider society
context.
Terms of use
This document was developed within the PRISMS project (see http://prismsproject.eu), co-
funded by the European Commission within the Seventh Framework Programme (FP7), by a
consortium, consisting of the following partners:
•Fraunhofer Institute for Systems and Innovation Research (Fraunhofer ISI), co-ordinator,
•Trilateral Research & Consulting LLP,
•Dutch Organization for Applied Scientific Research (TNO),
•Vrije Universiteit Brussel (VUB),
•University of Edinburgh (UEdin),
•E˝otv˝os K´aroly Policy Institute (EKINT),
•Hogeschool Zuyd and
•Market & Opinion Research International Limited (Ipsos-MORI)
This document may be freely used, copied, and distributed provided that the document
itself is not modified or shortened, that full authorship credit is given, and that these terms
of use are not removed but included with every copy. The PRISMS partners shall take no
liability for the completeness, correctness or fitness for use. This document is subject to updates,
revisions, and extensions by the PRISMS consortium. Address questions and comments to:
Michael.Friedewald@isi.fraunhofer.de
Document history
Version Date Changes
1.0 19 December 2014
ii
PRISMS Deliverable 5.2
3
CONTENTS
1!INTRODUCTION ............................................................................... 4!
1.1!Reconciling security and privacy in a complex human rights
architecture ............................................................................................ 4!
1.2!An evolving legal landscape ............................................................. 5!
2!A LEGAL TOOL FOR THE PROSPECTIVE ASSESSMENT OF EU
FUNDAMENTAL RIGHTS COMPLIANCE .............................................. 9 !
2.1!Aim, scope and limitations ............................................................... 9!
2.2!Design: Assessing personal data protection and privacy separately 10!
2.2.1!A legacy of conflation ............................................................................................... 10!
2.2.2!Delineating the contours of each right ..................................................................... 13!
2.2.3!Disentangling the requirements of lawful interferences .......................................... 14!
2.3!How to use the questionnaire ......................................................... 16!
2.4!The questionnaire .......................................................................... 17!
3!BALANCING BY COURTS: THE LEGAL ASPECT OF THE
‘PRIVACY VS. SECURITY’ CONFLICT FROM THE ECTHR
PERSPECTIVE ..................................................................................... 28!
3.1!Subject and scope of the analysis ................................................... 28!
3.1.1!The authority of the ECtHR’s practice ..................................................................... 29!
3.1.2!Information privacy, data protection and the ECtHR’s jurisdiction ....................... 30!
3.2!Test of proportionality in the ‘privacy vs. security’ conflict ........... 34!
3.2.1!Security as a legitimate aim ..................................................................................... 34!
3.2.2!Necessity and proportionality of the limitation of privacy ....................................... 37!
3.3!Concluding remarks on ECtHR case law ........................................ 40!
3.4!Test of proportionality of the ECtHR for the purposes of the DSS .. 41!
4!SECURITY, PRIVACY AND PERSONAL DATA PROTECTION IN
EUROPEAN HUMAN RIGHTS LAW: ‘BALANCING’ MAYBE, BUT NOT
TRADED-OFF ....................................................................................... 45!
4.1!Legal input for the PRISMS DSS ................................................... 45!
4.2!Judicial ‘balancing’ as a strict inquire into necessity? ................... 46!
4.3!Disowning the trade-off model ....................................................... 47!
BIBLIOGRAPHY .................................................................................. 49!
PRISMS Deliverable 5.2
4
1 INTRODUCTION
Gloria González Fuster, Serge Gutwirth
The present deliverable builds on Deliverable 5.11 of Work Package 5 the Privacy and
Security Mirrors (PRISMS) project, which reviewed the conceptualisations of security,
privacy and personal data protection in European Union (EU) law. It aims to offer a detailed
examination of the manner in which those notions currently operate in EU law, in order to
provide the legal knowledge necessary for the development of a Decision Support System
(DSS) assisting the taking of decisions for the deployment of security investments in line with
EU fundamental rights.
Taking into account the existing legal landscape regarding the relationships between security,
privacy and personal data protection in the EU, the deliverable puts forward two main legal
perspectives on these notions’ reconciliation. The first standpoint, presented in Chapter 2, is
centred on the case law of the Court of Justice of the EU (CJEU), based in Luxembourg,
which is the highest interpreter of EU law. The second viewpoint, developed in Chapter 3,
concentrates on the case law of the European Court of Human Rights (ECtHR), based in
Strasbourg, which is the highest interpreter of the European Convention on Human Rights
(ECHR), an instrument legally binding in all EU Member States, as well as crucial for the
interpretation of EU law. Together, these two perspectives provide critical insights on how
European human rights law envisions the simultaneous insurance of security and the
fundamental rights to privacy and personal data protection, and thus the relations between
them.
Finally, Chapter 4 reviews the obtained insights in view of identifying the legal input for the
PRISMS DSS and to illuminate the project’s basic inquiry on the validity of the trade-off
model as basic frame to understand the relations between security, privacy and personal data
protection.
1.1 RECONCILING SECURITY AND PRIVACY IN A COMPLEX HUMAN RIGHTS ARCHITECTURE
As detailed in PRISMS Deliverable 5.1, in EU law the relations between security, privacy and
personal data protection are multiple and complex. This multiplicity and complexity is
partially indebted to the many facets of the term ‘security’, which can have in EU law
different and sometimes contested meanings. ‘Security’ sometimes refers to international
security, while others only to the security of the EU, or strictly to the security of EU’s
Member States, or, still, to ‘public security’ as a non-defined value. Depending on the specific
circumstance of its use, the term ‘security’ might thus denote different realities and practices.
In some concrete instances, its exact meaning and scope might be subject to debate.
Generally speaking, the relation between security, privacy and personal data protection is
played out in EU law at the level of fundamental rights. The rights to respect for private life
and to personal data protection are nowadays both recognised as EU fundamental rights, and
must always be guaranteed as such. This does not mean, however, that they are absolute
rights. On the contrary, both rights can be lawfully limited if necessary for legitimate reasons,
1 González Fuster, Gloria, Serge Gutwirth, Ivan Székely, and Erik Uszkiewicz, "Discussion paper on legal
approaches to security, privacy and personal data protection", PRISMS Deliverable 5.1, 2013.
PRISMS Deliverable 5.2
5
which can include pursuing security purposes –albeit only if in compliance with a series of
applicable requirements.
The most authoritative description of such applicable requirements is to be found in the case
law of the CJEU and of the ECtHR. The two main Chapters of the present deliverable thus
focus respectively on in-depth knowledge obtained from the detailed examination of the body
of case law of each of those Courts on the interrelation between security, privacy and personal
data protection. The separate analysis of the work of each Court is justified by their
increasingly disparate perspectives on the status of the protection of personal data, which is
nowadays recognised as an autonomous fundamental right in EU law (as it is enshrined in a
specific provision of the EU Charter, different from the Charter’s provision on the right to
respect for private life), but not in the ECHR, in which can only be found a single article
devoted to the right to respect for private life, regarded as encompassing the protection of
personal data.
The parallel presentation of the results related to the CJEU and to the ECtHR should not lead
to believe that the two approaches described are not concomitant, at least to a certain extent.
As a matter of fact, they are closely interrelated: as will be shown, the CJEU actively
integrates into its own jurisprudence the case law of the ECtHR on the ECHR, a practice
currently firmly entrenched in its own case law on the identification of the content of EU
fundamental rights, but also the applicable provisions of EU primary law. This practice has
traditionally been particularly important for the interpretation of EU personal data protection
law, notably because the key instrument of EU personal data protection law, that is, Directive
95/46/EC (the ‘Data Protection Directive’),2 explicitly refers to the ECHR.3 Nowadays, one of
the main challenges of the CJEU is to embrace the specificity of EU law in regards to
personal data protection while ensuring consistency with the ECtHR case law on Article 8 of
the ECHR.
Ultimately, both the CJEU and the ECtHR support through their case-law a similar vision of
the reconciliation of security and privacy (and personal data protection), based on the premise
that can only be deemed acceptable the measures that infringe on the rights to privacy and
personal data protection in the name of security that do it in full compliance with a series of
requirements, and on the idea that among such requirements stands out the notion of
proportionality.
1.2 AN EVOLVING LEGAL LANDSCAPE
The requirements that must be considered in order to determine whether any security-related
limitations to the fundamental rights to personal data protection and privacy can be regarded
as lawful in EU law are nowadays, nevertheless, not completely clear. Despite being
recognised at the highest level and as ‘fundamental rights’, both rights are surrounded by a
number of layers of ambiguity.4 This ambiguity concerns in particular the interpretation of the
2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the free movement of such data, OJ L281,
23/11/1995, pp. 31-50.
3 Recital 1 of Directive 95/46/EC.
4 De Vries, Sybe, Ulf Bernitz, and Stephen Weatherill, “Introduction” in Sybe De Vries, Ulf Bernitz, and
Stephen Weatherill (eds.), The Protection of Fundamental Rights in the EU After Lisbon, Hart Publishing,
Oxford and Portland, Oregon, 2013, p. 4.
PRISMS Deliverable 5.2
6
EU Charter taking into account the obligation, established by the very Charter’s horizontal
provisions, according to which the rights of the Charter corresponding to those of the ECHR
shall be interpret equally. This obligation is affected by a persistent uncertainty as to the
actual extent to which Article 7 (on the right to respect for private life) and 8 (on the right to
the protection of personal data) of the Charter correspond or not to Article 8 of the ECHR on
the right to respect of private life.5
Additionally, the impact of the Explanations related to the Charter is also not yet clear. The
rights enshrined in the Charter are indeed to be interpreted with ‘due regard’ to its
accompanying Explanations,6 which notably refer to EU secondary law as establishing
conditions relevant for the exercise of the fundamental right to personal data protection. This
relatively unclear situation confirms the value of following closely the case law of the CJEU
on the matter, a research effort that is at the basis of the following Chapter of this deliverable.
As already advanced in Deliverable 5.1, EU institutions are in any case always obliged to
respect and promote EU fundamental rights, including when their actions target security
purposes. This obligation has been for instance illustratively reflected in the Cybersecurity
Strategy presented in 2013 by the European Commission and the High Representative of the
EU for Foreign Affairs and Security Policy, which emphasised that cybersecurity can only be
sound and effective if based on fundamental rights and freedoms, and that individuals’ rights
cannot be ‘secured’ without safe networks and systems.7
On-going debates about how to reconcile security and the rights to privacy and personal data
protection in EU law turn around the conceptualisations already described in Deliverable
D5.1. They are however also profoundly marked by the 2013 revelations by Edward Snowden
on on-going global mass surveillance. These revelations initially concerned the surveillance
programme named PRISM, designed to allow the United States (US) National Security
Agency (NSA) and Federal Bureau of Investigation (FBI) to directly access the central
servers of leading US Internet companies.8 They eventually came to reveal much wider
surveillance practices, involving not only the US but also EU Member States.9
The ‘Snowden revelations’ (re-)opened debates on both side on the Atlantic on the
instruments needed to effectively reconcile security and privacy.10 Legally speaking, the
5 Describing the situation as confusing: Juliane Kokott and Christoph Sobotta, “The Distinction between Privacy
and Data Protection in the Jurisprudence of the CJEU and the ECtHR”, International Data Privacy Law, 3(4),
2013, p. 223.
6 See notably Art. 6(1) of the Treaty on EU (TEU).
7 European Commission and High Representative of the European Union for Foreign Affairs and Security
Policy, Joint Communication to the European Parliament, the Council, the European Economic and Social
Committee and the Committee of the Regions: Cybersecurity Strategy of the European Union: An Open, Safe
and Secure Cyberspace, JOIN(2013) 1 Final (Brussels, July 2, 2013), 4.
8 On this subject, see, notably: Judith Rauhofer and Caspar Bowden, Protecting Their Own: Fundamental Rights
Implications for EU Data Sovereignty in the Cloud, University of Edinburgh, School of Law, Edinburgh, 2013.
9 See: Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament, LIBE
Committee Inquiry: Electronic mass surveillance of EU citizens, Protecting fundamental rights in a digital age:
Proceedings, Outcome and Background Documents, 2013-2014.
10 See most notably the European Commission’s Communication to the European Parliament and the Council
Rebuilding Trust in EU-US Data Flows, Brussels, 27.11.2013, COM(2013) 846 final.
See, for instance, offering a critical perspective on the trade-off between security and privacy: The President’s
Review Group on Intelligence and Communications Technologies, Liberty and Security in a Changing World:
Report and Recommendations, December 13, 2013 (especially p. 49).
PRISMS Deliverable 5.2
7
implications of these revelations are still unfolding, both in relation to judicial repercussions
and legislative developments.
Judicially, there are a number of important cases related to mass surveillance lodged before
national11 and European courts. In this sense, the ECtHR, on the one hand, has received a
Joint Application of Big Brother Watch, Open Rights Group, English PEN and Dr Constanze
Kurz against the United Kingdom (UK), in which the applicants alleged that they are likely to
have been the subject of generic surveillance by the British intelligence and security
organisation Government Communications Headquarters (GCHQ) and/or that the UK security
services may have been in receipt of foreign intercept material relating to their electronic
communications, such as to give rise to interferences with their rights under Article 8 of the
ECHR.
The CJEU, on the other hand, is to consider a reference for a preliminary ruling from the High
Court of Ireland made on 25 July 2014 in the proceedings between Maximilian Schrems v
Data Protection Commissioner (Case C-362/14), concerning a complaint made to the Data
Protection Commissioner regarding the lack of adequate protections for the data subject
offered by laws and practices applicable to transfers of personal data from the EU to the US.
This case has emerged in the context of a series of complaints supported by the organisation
Europe vs Facebook to clarify the consequences of the Snowden revelations on the level of
protection granted by the Safe Harbour Agreement: they are concretely complaints filed with
the data protection authorities in Ireland, Luxembourg and Germany concerning Apple and
Facebook (in Ireland), Skype and Microsoft (in Luxembourg) and Yahoo! Deutschland (in
Germany).
Regarding legislative activities, discussions on the package introduced by the European
Commission in 2012 are still on-going. The package, it shall be recalled, consists of two
legislative proposals accompanied by a Communication.12 The first is a proposal for a
Regulation on the protection of individuals with regard to the processing of personal data and
on the free movement of such data (proposal for a General Data Protection Regulation),13 to
replace Directive 95/46/EC. The second is a proposal for a Directive on the protection of
individuals with regard to the processing of personal data by competent authorities for the
purposes of prevention, investigation, detection or prosecution of criminal offences or the
execution of criminal penalties, and the free movement of such data,14 to replace Framework
Decision 2008/977/JHA.15 The Snowden revelations especially granted relevance to the
discussions about the provisions of those instruments concerning international transfers of
11 For instance, in France, Poland and the United Kingdom.
12 European Commission, Safeguarding Privacy in a Connected World: A European Data Protection
Framework for the 21st Century, Communication from the Commission to the European Parliament, the
Council, the European Economic and Social Committee and the Committee of the Regions, COM(2012) 9 final,
Brussels, 25.1.2012.
13 European Commission, Proposal for a Regulation of the European Parliament and of the Council on the
protection of individuals with regard to the processing of personal data and on the free movement of such data
(General Data Protection Regulation), COM(2012) 11 final, Brussels, 25.1.2012.
14 European Commission, Proposal for a Directive of the European Parliament and of the Council on the
protection of individuals with regard to the processing of personal data by competent authorities for the
purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal
penalties, and the free movement of such data, COM(2012) 10 final, 25.1.2012, Brussels.
15 Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data
processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008.
PRISMS Deliverable 5.2
8
personal data.16 In this context, much attention was also given to the future of the Safe
Harbour agreement.17
These developments will most probably have an impact on the way in which the right to
respect of private life and the right to the protection of personal data are ensured in EU law.
The present report is nonetheless concerned with current knowledge about the way in which
their relation with security in envisioned, substantiated and articulated in legal practice.
!
16 On this subject, see: Christopher Kuner, Transborder Data Flows and Data Privacy Law, Oxford University
Press, Oxford, 2013.
17 See in particular the European Commission’s Communication to the European Parliament and the Council on
the Functioning of the Safe Harbour from the Perspective of EU Citizens and Companies Established in the EU,
Brussels, 27.11.2013, COM(2013) 847 final.
PRISMS Deliverable 5.2
9
2 A LEGAL TOOL FOR THE PROSPECTIVE ASSESSMENT OF EU
FUNDAMENTAL RIGHTS COMPLIANCE
Gloria González Fuster, Serge Gutwirth
This Chapter presents a questionnaire that can be used as basis for a prospective legal
assessment of whether security investments are compliant with EU fundamental rights to the
respect for private life and to personal data protection, prepared through an in-depth study of
the case law of the CJEU.
2.1 AIM, SCOPE AND LIMITATIONS
The questionnaire has been designed as input for decision support systems to help decision-
making related to potential security investments. It relies on legal knowledge allowing the
assessment of the possible deployment of security initiatives from the perspective of EU
fundamental rights. Additionally, it integrates critical aspects of legal reasoning, related to the
form in which such substantial legal knowledge can be used. Legal reasoning’s specificity
requires embedding in the questionnaire a series of conditions inherent to legal practice.18
These conditions concern concretely the notions of unpredictability and hesitation.
In reference to unpredictability, it must be noted that legal decisions ultimately pertain to the
judges, and cannot be prognosticated. This marks the most elemental limitation of any kind of
prospective, pre-judgment legal assessments, the accuracy of which may only be validated or
invalidated by an eventual judgment that is however necessarily not there (yet). To tackle this
permanent challenge of attempting to attain a result that will inevitably remain unknown, or,
in other words, to multiply the chances of getting closer to what judges could say (if they
were ever asked to decide on the particular issue at stake), the prospective legal assessment
should inasmuch as possible take into account the knowledge that judges could mobilise, and
make use of it in a similar manner.
Regarding hesitation, it is crucial to keep in mind that, when judging, judges must always
choose between irresolute alternatives. They will do so by explicitly opening up multiple
paths, and by providing arguments to opt for one, or for the other. Judgments can in this sense
be read as a staging of choices. The presented questionnaire pursues, by its very form, to
reproduce to some extent such staging. The user of the questionnaire is thus confronted at
each step with a specific alternative, and faced with the need to choose between the proposed
options.
As a consequence of the significance for law’s decision making of unpredictability and
hesitation, the questionnaire cannot be regarded as leading the user to a definite conclusion on
whether the envisaged security investments are in compliance or not with EU fundamental
rights. The questionnaire does not pursue the provision of any absolute legal assessment of
compliance, but rather to function as a heuristic tool throwing light on the possible
fundamental rights implications of the scrutinised measures.
18 On this issue, see notably: Gutwirth, Serge, "Providing the missing link. Law after Latour's passage", to be
published in McGee K. (ed.), Latour and the passage of law, Edinburgh University Press, 2015.
PRISMS Deliverable 5.2
10
2.2 DESIGN: ASSESSING PERSONAL DATA PROTECTION AND PRIVACY SEPARATELY
The questionnaire takes as a starting point the analysis of possible security investments in the
light of the rights laid down in the Charter of Fundamental Rights of the EU,19 thus giving to
this instrument a prominent position in the assessment. This choice is consistent with the
inclination of the EU Court of Justice to address all questions related to the right to privacy
and personal data protection primarily through the lens of the EU Charter, including the cases
in which requests for preliminary rulings submitted to the Court explicitly allude not to the
Charter, but to the other instruments such as the ECHR.20
The questionnaire’s design attempts to mirror the construction typically followed by the
CJEU in its judgements. It first calls for the assessment of whether the measure under
examination shall be regarded or not as a limitation of a EU fundamental right. In case of a
positive answer, it then moves to the assessment of whether the limitation can be regarded as
lawfully or unlawfully limiting the affected fundamental right.
It must be noted, however, that the CJEU’s case law on the limitation of the rights to privacy
and personal data protection is not always following exactly this path, and does not always
assess interferences with the same rights. Major disparities can be detected, concretely, in
relation to whether the legal assessment should take as basic point of reference the right to
personal data protection, or the right to privacy, or, still, both but separately, or both and read
jointly. Inconsistency in this regard can be explained by the only relatively recent emergence
of the fundamental right to personal data protection in EU law.21 A decision on these issues
had nevertheless to be taken in order to structure the questionnaire.
The questionnaire is thus built as an invitation to first consider the possible interference of the
measure investigated with the right to personal data protection, and, second, to carry out a
separate inquiry into the existence of limitations of the right to respect for private life. This
choice has been privileged because it is in accordance with the role granted to the right to
personal data protection in the European Commission’s proposal for a General Data
Protection Regulation, which gives a central role to the right to the protection of personal
data.22
2.2.1 A legacy of conflation
The decision to integrate into the questionnaire the assessment of the rights to respect for
private life and to personal data protection as different rights contrasts nevertheless with a
certain propensity of the CJEU to conflate them, a tendency particularly visible right after the
19 Charter of Fundamental Rights of the European Union, OJ C 83, 30.3.2010.
20 See, for instance, the discussion of the Schecke judgment below.
21 On this process, see notably: Gloria González Fuster, The Emergence of Personal Data Protection as a
Fundamental Right of the EU, Springer, Dordrecht, 2014.
22 In this sense, Art. 1(2) of the proposed Regulation reads: “This Regulation protects the fundamental rights and
freedoms of natural persons, and in particular their right to the protection of personal data”. At national level, it
is interesting to note that some Member States in which there is no recognition of an autonomous right to the
protection of personal data are nevertheless debating on such possibility: this is so, for instance, in France. See:
Conseil d’État, Étude annuelle 2014 du Conseil d’État!: Le numérique et les droits fondamentaux, La
Documentation française, Paris, 2014, p. 10.
PRISMS Deliverable 5.2
11
entry into force of the Lisbon Treaty.23 The Court mentioned the right to the protection of
personal data for the first time only in 2008,24 and has since very rarely openly asserted the
specificity of EU personal data protection in front of the right to respect for private life.25 The
CJEU has indeed in many occasions maintained that the right to respect for private life and
the right to the protection of personal data are ‘closely connected’,26 or even directly decided
to ‘read jointly’ Article 7 and 8 of the EU Charter.27 The Court has traditionally granted much
importance to the ECHR, in which personal data protection operates as an element of Artilce
8 on the right to respect for private life, 28 and this approach has been maintained even after
the entry into force of the Lisbon Treaty and thus of the EU Charter.
An influential elision of the right to personal data protection with the right to privacy was
offered by the CJEU in 2010 by the Schecke judgment,29 following a reference for a
preliminary ruling of the EU Court on the validity of some EU provisions on the financing of
the common agricultural policy (which foresaw the on-line publication of personal data of
beneficiaries of EU funds) and on the interpretation of Directive 95/46/EC. Although the
national referring court had formulated its submission questioning the validity of the
provisions at stake primarily in light of Article 8 of the ECHR, the CJEU explicitly departed
from this framing, taking instead the perspective of the fundamental rights as present in the
Charter.30 Reading the Charter, the Court of Justice noted, it appears two rights should be
taken into account: the right to privacy, enshrined in its Article 7, and the right to personal
data protection, according to this judgment established in its Article 8(1), that is, in only the
first paragraph of the Charter’s Article 8,31 with the exclusion of its two other paragraphs.32
These two rights were presented in the ruling as so ‘closely connected’ with each other that
23 See notably: Orla Lynskey, “Deconstructing Data Protection: The ‘Added-Value’ of a Right to Data Protection
in the EU Legal Order”, International and Comparative Law Quarterly 63, p. 573. Lynskey also argues there is
‘adequate justification’ to treat the two rights separately (see p. 581).
24 Case C‑275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU, 29 January
2008, ECLI:EU:C:2008:54, § 64. The right had also been mentioned by Advocate General Kokott in her Opinion
in the Case, as what was at stake was a request for a preliminary ruling on the interpretation of EU secondary
law in light of the EU Charter requiring taking into account Directive 2002/58/EC (Directive 2002/58/EC of the
European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the
protection of privacy in the electronic communications sector (Directive on privacy and electronic
communications) OJ L201 , 31/07/2002, pp. 37-47), which expressly alludes to Art. 8 of the Charter in its
preamble (Recital 2).
25 As a notable exception, see: Case C-28/08 P, European Commission v The Bavarian Lager Co. Ltd, 29 June
2010, ECLI:EU:C:2010:378.
26 Joined Cases C‑468/10 and C‑469/10, Asociación Nacional de Establecimientos Financieros de Crédito
(ASNEF) (C‑468/10), Federación de Comercio Electrónico y Marketing Directo (FECEMD) (C‑469/10) v
Administración del Estado, 24 November 2011, ECLI:EU:C:2011:777 (hereafter, ‘ASNEF’, § 41).
27 See for instance: Case C-291/12, Michael Schwarz v Stadt Bochum, 17 October 2013, ECLI:EU:C:2013:670
(hereafter, ‘Schwarz’), § 25.
28 Talking about an ‘eagerness to avoid being subsequently wrong-footed by the ECtHR’: Peter Oliver, “The
Protection of Privacy in the Economic Sphere before the European Court of Justice”, Common Market Law
Review 46 (2009), p. 1483.
29 Joined Cases C-92/09 and C-93/09, Volker und Markus Schecke and Eifert, 9 November 2010,
EU:C:2010:662 (hereafter ‘Schecke’).
30 Schecke, § 44-46.
31 Art. 8(1) of the EU Charter states: ‘Everyone has the right to the protection of personal data concerning him or
her’.
32 The EU Charter’s Arts. 8(2) (‘Such data must be processed fairly for specified purposes and on the basis of the
consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of
access to data which has been collected concerning him or her, and the right to have it rectified’) and 8(3)
(‘Compliance with these rules shall be subject to control by an independent authority’).
PRISMS Deliverable 5.2
12
they formed together a composite ‘right to respect for private life with regard to the
processing of personal data’.33
The Schecke ruling actually went even further in the amalgamation of the rights to respect for
private life and to personal data protection. The CJEU merged them by insisting on their close
relationship, but also operated a subtler blending by reading Article 8 of the Charter, on the
right to personal data protection, as if it had been built in the same manner as Article 8 of the
ECHR, on the right to respect for private life. Article 8 of the ECHR indeed consists of two
paragraphs: one enshrining a right to respect for private life, and another describing the
requirements applicable to legitimate interferences with such right. The CJEU attributed the
same structure to Article 8 of the Charter, implying that Article 8(1) should be read as
granting to individuals a right to personal data protection, while Article 8(2) and 8(3) of the
Charter would define the conditions for any limitation to this right to be regarded as lawful.
This interpretation ignored the fact that the Charter’s design differs from the construction of
the ECHR, and that in the Charter the requirements generally applicable to lawful limitations
of the rights are to be found in its final horizontal provisions, concretely in Article 52(1).
In the Schecke judgment, the simultaneous reading of Article 7 and 8 of the Charter after
having reduced the latter exclusively to its first paragraph was followed by an assessment of
whether there had been a lawful limitation of fundamental rights mobilising still the
interpretation of a great number of provisions (Articles 8(2), 8(3), 52(1), 52(3) and 53 of the
Charter), as well as the case law of the ECtHR on the Article 8 of the ECHR. Finally, the
CJEU concluded that the measures at stake had to be declared invalid because the EU
legislature had failed to strike a proper balance between the objective of promoting
transparency and protecting individuals’ rights, but reached such conclusion in a way that
obscured more than illuminated the requirements applicable to interferences with the right to
respect for private life and the protection of personal data.
Nonetheless, and despite the described inconsistencies and weaknesses of CJEU case law on
the protection of personal data, the Luxembourg Court seems increasingly ready to assert that
the Data Protection Directive pursues not only the insurance of the right to privacy, but also
of the right to personal data protection. It has even declared that the provisions of Directive
95/46/EC directly implement the guarantees of the right to personal data protection, as
established by Article 8 of the Charter.34
There have been also some other relevant attempts to further disentangle the right to respect
for private life and the right to the protection of personal data.35 In this sense, in his Opinion
on the Joined Cases C-293/12 and C-594/12, Advocate General Cruz Villalón36 argued that
33 Schecke, § 52.
34 See, in this sense: Minister voor Immigratie, Integratie en Asiel, § 55, and Case C-131/12, Google Spain SL
and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, 13 May
2014, ECLI:EU:C:2014:317 (hereafter, ‘Google’), § 69. This contrasts with the idea that Directive 95/46/EC
‘develops the fundamental right to privacy in so far as it affects the automatic processing of personal data’ as
supported, for instance, by Advocate General Ruiz Jarabo-Colomer in his Opinion in Case C‑553/07 College van
burgemeester en wethouders van Rotterdam v M.E.E. Rijkeboer, delivered on 22 December 2008 (§ 21).
35 In particular Joined Cases C-293/12 and C-594/12, Digital Rights Ireland Ltd (C-293/12) v Minister for
Communications, Marine and Natural Resources and Others and Kärntner Landesregierung (C-594/12) and
Others, 8 April 2014, ECLI:EU:C:2014:238 (hereafter, ‘Digital Rights Ireland’) and, to a certain extent, Google.
36 Opinion of Advocate General Cruz Villalón delivered on 12 December 2013, Joined Cases C-293/12 and C-
594/12, Digital Rights Ireland Ltd (C-293/12) v Minister for Communications, Marine and Natural Resources
and Others and Kärntner Landesregierung (C-594/12) and Others.
PRISMS Deliverable 5.2
13
the right to the protection of personal data is based on the right to respect for private life, with
the result that Articles 7 and 8 of the Charter are so closely linked that they may be regarded
as establishing a single right.37 He also warned, however, that ‘this cannot apply
systematically’, submitting that the link which unites the two rights depends on the nature of
data at issue.38
2.2.2 Delineating the contours of each right
One of the main consequences of the frequent conflation of the rights to respect for private
life and to personal data protection in the case law of the CJEU is that the boundary between
the scope of the two rights is currently not clear. This can be partially explained by the
Court’s recurrent insistence on the fact that the Data Protection Directive, the main source on
personal data protection in EU law for more than a decade, serves the insurance of the right to
respect for private life of Article 8 of the ECHR. In this sense, the Luxembourg Court has for
instance sometimes described as constitutive elements of the right to respect for private life
the possibility for individuals to correct inaccurate data concerning them, and the fact that
such data must be processed lawfully,39 which are actually requirements that appear as such in
Article 8 of the EU Charter, on the right to the protection of personal data.
A particularly controversial issue regarding the adjudication on the right to personal data
protection is the determination of what exactly constitutes an interference with such right.
Peter Hustinx, acting as the European Data Protection Supervisor (EDPS), has notably
insisted on the fact that the mere processing of personal data cannot be regarded as an
interference with the EU right to personal data protection, contrary to an approach repeatedly
endorsed by the CJEU. In his view, the fact that personal data are processed is decisive to
determine whether a measure falls under the scope of Article 8 of the Charter, but it does not
mean as such that there is an interference with the right. Interferences shall be established, he
argues, only if one or more of the main elements of the right to personal data protection (as
described in the second and third paragraphs of Article 8 of the Charter) have not been
respected.40
This approach, in spite of being in full accordance with the wording of the Charter, has not
yet been adopted by the CJEU. The Court, on the contrary, systematically accepts the
existence of an interference with the right to personal data protection merely because there is
personal data processing.41 This is still the case currently, even if the Court seems to be
progressively moving away from the identification of the right exclusively with the first
paragraph of Article 8 of the Charter, which was prominent during a certain period of time,42
37 Ibidem, § 62.
38 Ibidem, § 62.
39 Joined Cases C‑141/12 and C‑372/12, YS (C‑141/12) v Minister voor Immigratie, Integratie en Asiel, and
Minister voor Immigratie, Integratie en Asiel (C‑372/12) v M, S, 17 July 2014, ECLI:EU:C:2014:2081
(hereafter, ‘Minister voor Immigratie, Integratie en Asiel’), § 44.
40 Hustinx, Peter, EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General Data
Protection Regulation, July 2013,
https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Speeches/2
014/14-09-15_Article_EUI_EN.pdf.
41 See, for instance: Case C‐70/10, Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs
SCRL (SABAM), 24 November 2011, ECLI:EU:C:2011:771.
42 Reference is made only to Art. 8(1) of the Charter, for instance, in ASNEF, § 41. See also: Schwartz, § 24.
PRISMS Deliverable 5.2
14
and towards a more regular taking into account of the second and third paragraphs of such
provision.43
The design of the questionnaire has followed the currently established judicial approach. A
partially different questionnaire could have been designed following the idea that there is an
interference with the right to protection of personal data not whenever personal data is
processed, but only in those cases when what is at stake is a measure involving the processing
of personal data not in compliance with the requirements mentioned in Article 8(2) or 8(3) of
the Charter. This would have led to include a set of questions inquiring specifically on
compliance with such requirements.44
2.2.3 Disentangling the requirements of lawful interferences
As a consequence of the proposed separate assessment of the interferences with the right to
personal data protection and with the right to respect for private life, the questionnaire offers
two different sets of questions for each assessment. This raises the challenging issue of
deciding whether these sets of questions shall be identical or different, and, in any case, of
how to determine their content. The issue is difficult to solve because the variable approaches
coexisting in CJEU’s case law sometimes privilege different criteria, as already hinted: in
some cases, the Luxembourg’s Court assessment is openly framed in light of a formal reading
of the requirements emanating from the EU Charter (in particular, Article 52(1) of the
Charter); in many occasions, however, this approach is supplemented by references to the
ECHR and the ECtHR case law thereof, and, more often than not, requirements coming from
the EU Charter and from the ECHR are combined, which can be interpreted as if they were at
least partially equivalent. In this sense, terminology derived from the EU Charter and from the
ECHR appears to be regarded as synonymous at least to some extent: for instance, the
expression ‘limitation to the exercise’ of a right, coming from Article 52(1) of the Charter, is
typically used as equivalent with an ‘interference with’ such right taken from Article 8 of the
ECHR.45
To illustrate the point that, despite their formal resemblance, the requirements applicable to
lawful interferences with the right to respect for private life as described in Article 8(2) of the
ECHR are not exactly identical with the requirements generally applicable to limitations of
the rights enshrined in the Charter (and, thus, applicable to both Article 7, on the right to
respect for private life, and 8, on the protection of personal data), the following table
compares their main components.46
43 For instance, in Minister voor Immigratie, Integratie en Asiel, § 55 (reference to Art. 8(2) of the Charter), or in
Google, § 69.
44 And which could have been based, notably, on Case C-553/07, College van burgemeester en wethouders van
Rotterdam v M.E.E. Rijkeboer, 7 May 2009, ECLI:EU:C:2009:293, on the right of access to data.
45 See, for example: Digital Rights Ireland, § 38 and § 39.
46 It has been noted, in this sense, that the requirements of Art. 52(1) of the Charter are ‘reminiscent’ of those of
Art. 8(2) of the ECHR: European Union Agency for Fundamental Rights (FRA), Handbook on European data
protection law, Publications Office of the European Union, Luxembourg, 2014, p. 69.
PRISMS Deliverable 5.2
15
Article 8(2) of the ECHR
Article 52(1) of the EU Charter
Concerns interferences with the right to
respect for private life established by
Art. 8(1) of the ECHR.
Concerns limitations of:
- the right to respect for private life of Art. 7
EU of the Charter;
- and the right to personal data protection of
Art. 8 of the EU Charter.
Limitations must respect the essence of the
rights.
Interferences must be ‘in accordance with the
law’.
Limitations must be ‘provided for by law’.
Interferences must be ‘necessary in a
democratic society’.
Limitations are permissible only if, ‘subject
to the principle of proportionality’, they are
‘necessary’.
Interferences must pursue one of these
interests:
- ‘national security’;
- ‘public safety’;
- ‘the economic well-being of the country’;
- ‘the prevention of disorder or crime’;
- ‘the protection of health or morals’; or
- ‘the protection of the rights and freedoms of
others’.
Limitations must ‘genuinely meet…’:
- ‘objectives of general interest recognised by
the Union’; or
- ‘the need to protect the rights and freedoms
of others’.
Table 1: Comparison of the main components of Art 8(2) ECHR and Art 52(1) ECHR
In practical terms, these differences can raise concerns mainly in the light of Article 52(3) of
the Charter, which states that, insofar as the Charter contains rights corresponding to those of
the ECHR, ‘the meaning and scope of those rights shall be the same as those laid down by the
said Convention’. As the right to respect for private life seemingly corresponds to a right
contained in the ECHR (in Article 8), should Article 7 be read exclusively in the light of the
ECHR? Should then, for instance, the requirement of respecting the essence of the right,
which is present in Article 52(1) of the Charter but formally absent from the ECHR, not be
applicable? And what about the right to the protection of personal data? Does it correspond to
any extent to the right of Article 8 of the ECHR, which has been interpreted by the ECtHR as
providing some data protection safeguards? Questions such as those have not yet found a
clear answer in the case law of the CJEU. In little more than a decade, the CJEU has moved
from investigating any interference with the rights protected by Directive 95/46/EC
exclusively ‘from the point of view of Article 8’ of the ECHR47 towards deliberately taking
into account the Charter as basic point of reference, but has only provided limited insights on
the implications of regarding the Charter as the basic point of reference. These open question-
marks make the design of the questionnaire particularly challenging.
In its request for a preliminary ruling lodged on 19 December 2012 for Case C-594/12, the
Austrian Verfassungsgerichsthof (Constitutional Court) had asked to the CJEU a set of
important questions on the interpretation of the Treaties referring, in particular, to the
47 Joined Cases C-465/00, C-138/01 and C-139/01, Rechnungshof (C-465/00) and Österreichischer Rundfunk,
Wirtschaftskammer Steiermark, Marktgemeinde Kaltenleutgeben, Land Niederösterreich, Österreichische
Nationalbank, Stadt Wiener Neustadt, Austrian Airlines, Österreichische Luftverkehrs-AG, and between Christa
Neukomm (C-138/01), Joseph Lauermann (C-139/01) and Österreichischer Rundfunk, 20 May 2003,
ECLI:EU:C:2003:294, § 72.
PRISMS Deliverable 5.2
16
requirements applicable to lawful limitations of the right to personal data protection of Article
8 of the Charter. This concerned, concretely, the possible relevance for the interpretation of
Article 8 of the Charter of existing and upcoming EU secondary law, and the role of the case
law of the ECtHR on Article 8 of the ECHR. These questions, however, were left unanswered
in the CJEU judgment in response to the request.48
The questionnaire takes a prudent approach to these not yet clear issues taking as basic guide
for the requirements applicable to limitations to both Article 8 and Article 7 of the Charter
those mentioned in Article 52(1), in the understanding that these should in any case be
complemented with the relevant case law on Article 8 of the ECHR of the ECtHR (which is
further developed in Chapter 3 of the present deliverable). As is perceptible from the limited
guidance provided in some questions, there is still only sparse case law on certain aspects of
these assessments.
The interpretation of Article 52(1) of the EU Charter is further complicated by the fact that it
refers to the need to subject permissible limitations to a ‘principle of proportionality’ without
describing such principle. EU law has traditionally acknowledged a principle of
proportionality, currently enshrined in Article 5(4) of the Treaty on European Union, which
actually refers to proportionality as a general principle of action by the EU, requiring that any
action taken does not go beyond what is necessary to achieve the objectives of EU Treaties. In
contrast, in Article 52(1) of the Charter proportionality must be understood as referring to a
condition for any limitation of fundamental rights.49 Proportionality in the sense of Article
5(4) of the Treaty on EU (TEU) aims to channel EU action with due respect for Member State
competence, whereas proportionality within the meaning of Article 52(1) of the Charter is a
requirement for the legitimacy of any limitation on the exercise of fundamental rights,50 closer
to the proportionality test of Article 8(2) of the ECHR (see Chapter 3) – even if not fully
coincidental with it.
2.3 HOW TO USE THE QUESTIONNAIRE
The questionnaire should be started at Q1. Each question is followed by a brief explanation,
clarifying its meaning and its significance in the general context of the questionnaire. When
available in the case law, concrete examples are provided, preceded by a star (★).
Users should chose one of the suggested answers, which can be a positive or negative answer,
or, in a special case, also ‘I don’t know / I am not sure’. They should then follow the
instructions given after the answer. The answer ‘I don’t know / I am not sure’ will lead to
another question that shall help replying to the initial question.
Throughout the exercise, users should be aware of two basic rules generally applying in
adjudicating on any possible interference with fundamental rights. The first general rule
relates to the need to interpret EU law in a way that allows ensuring the complete protection
of individuals. The second general rule, which is closely linked to the first, concerns the need
to interpret restrictively the permissibility of any limitations.
48 Digital Rights Ireland.
49 In this sense, see for instance: Opinion of Advocate General Cruz Villalón delivered on 12 December 2013,
Joined Cases C-293/12 and C-594/12, Digital Rights Ireland Ltd (C-293/12) v Minister for Communications,
Marine and Natural Resources and Others and Kärntner Landesregierung (C-594/12) and Others, § 133.
50 Ibidem, § 89.
PRISMS Deliverable 5.2
17
• Targeting the insurance of effective protection: The first rule derives from the need
to ensure complete protection of the fundamental rights and freedoms of natural
persons. This translates into the imperative to interpret widely any notions relevant to
determine whether a measure falls under the scope of such rights. The CJEU has
insisted on the fact that EU personal data protection laws pursue the insurance of
fundamental rights and freedoms, and must thus be interpreted and applied so that the
guarantees they provide have full effect, and that effective and complete protection of
individuals is achieved.51 This rule notably refutes the idea that when interpreting EU
personal data protection law should be applied a principle of ‘proportionality’
embodying a ‘moderate approach’ that would prevent ‘unreasonable’ or ‘excessive’
legal consequences52 On the contrary, the interpretation of EU personal data protection
must always pursue the fullest possible protection of the fundamental rights and
freedoms of natural persons.
• Interpreting limits restrictively: The protection of the fundamental rights requires
that any permissible limitations must apply only insofar as it is strictly necessary.53
This implies, for instance, that although EU personal data protection law foresees
some specific derogations from the general principles it establishes, such derogations
can only apply insofar as strictly necessary.54
Finally, it should be noted that some practices might encompass not one, but several measures
constituting different interferences with fundamental rights. For instance, when a legal act
imposes on companies an obligation to store personal data, on the one hand, and establishes
the procedures for third parties to access such data, on the other, these two measures can be
regarded as distinct interferences with the rights of individuals.55 Users should then consider
the necessity of going twice through some series of questions, and possibly through the whole
questionnaire.
2.4 THE QUESTIONNAIRE
Q1: Does the envisaged measure constitute a limitation of the right to personal data
protection?
The right to personal data protection is a fundamental right in EU law. Article 8 of the Charter
of Fundamental Rights of the EU states that everyone has the right to the protection of
personal data concerning them; that such data must be processed fairly, for specified
purposes, and on the basis of the consent of the person concerned or some other legitimate
basis laid down by law; that everyone has the right of access to collected data concerning
them, and the right to have it rectified, and that compliance with these rules shall be subject to
control by an independent authority.
51 See, for example: Google, § 38.
52 An idea supported without success by Advocate General Jääskinen in his Opinion in Case C‑131/12, Google
Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González, delivered
on 25 June 2013: see § 30.
53 See, notably: Case C-73/07, Tietosuojavaltuutettu v Satakunnan Markkinapörssi Oy, Satamedia Oy, 16
December 2008, ECLI:EU:C:2008:727 (hereafter, ‘Satamedia’), § 56.
54 See also: Case C-473/12, Institut professionnel des agents immobiliers (IPI) v Geoffrey Englebert, Immo 9
SPRL, Grégory Francotte, 7 November 2013, ECLI:EU:C:2013:715, § 39; Case C-212/13, František Ryneš v
Úřad pro ochranu osobních údajů, 11 December 2014, ECLI:EU:C:2014:2428, § 28.
55 Digital Rights Ireland, § 34 and § 35.
PRISMS Deliverable 5.2
18
A1.1: Yes, it clearly constitutes a limitation of the right to personal data protection.
Fundamental rights can only be limited under strict requirements. Investigate the
lawfulness of the limitation: go to question Q3.
A1.2: No, it does not constitute a limitation of the right to personal data protection.
The measure might still affect the right to respect for private life. Go to question Q2.
A1.3: I don’t know / I am not sure. Go to question Q4.
Q2: Does the measure constitute an interference with the right to respect for private life?
The right to respect for private life, also known as the right to privacy, is a fundamental right
in EU law. Article 7 of the Charter of Fundamental Rights of the EU, echoing Article 8 of the
European Convention on Human Rights (ECHR), states that everyone has the right to respect
for their private and family life, home and communications. This requires from States not
only to refrain from interfering with the private life of individuals, but also to ensure the
effective enjoyment of this right,56 including in the context of private relations.57
★ To establish the existence of an interference with the fundamental right to privacy, it does
not matter whether the persons concerned have been inconvenienced in any way.58
★ Interception of telephone communications or any other forms electronic communications
by State bodies, including national security agencies, constitutes an interference with the right
to private and family life, home and correspondence.59
The processing of information about individuals can account for an interference with the right
to respect for private life.60 Indeed, the right to personal data protection and the right to
respect for private life sometimes overlap. However, if the processing can be qualified as
constituting a limitation to the right to personal data protection, it is preferable to examine it
from that lens.
A2.1: Yes, it clearly constitutes an interference with the right to respect for private
life, and this interference cannot be reduced to a limitation of the right to personal
data protection. Fundamental rights can only be limited under strict requirements.
Investigate the lawfulness of the interference with the right to respect for private life:
go to question Q5.
A2.2: Actually it constitutes an interference with the right to respect for private life
that could be regarded as a limitation to the right to personal data protection. In this
case, it is more appropriate to examine the measure from the perspective of the right to
personal data protection. Investigate the lawfulness of the limitation to this right: go to
question Q3.
56 Eur. Court H.R., Marckx v Belgium, 13 June 1979, Series A No. 31, § 31.
57 Eur. Court H.R., Stubbings and others v the United Kingdom, 22 October 1996, ECHR 1996-IV.
58 Digital Rights Ireland, § 33.
59 Eur. Court H.R., Liberty and others v the United Kingdom, 1 July 2008, App. No(s). 58243/00, § 56.
60 In this sense: Eur. Court H.R., Leander v Sweden, 26 March 1987, Series A No. 116, § 48; Amann v
Switzerland, 16 February 2000, ECHR 2000-II, § 65 and 69-70; Rotaru v Romania, 4 May 2000, ECHR 2000-V,
§ 43; S and Marper v the United Kingdom, 4 December 2008, ECHR 2008, § 67; Khelili v Switzerland, 18
October 2011, App. No(s). 16188/07, § 55.
PRISMS Deliverable 5.2
19
A2.3: No, it does not constitute an interference with the right to respect for private
life. No other questions need to be considered. Questionnaire completed.
Q3: Does the limitation of the right to personal data protection adversely affect the essence
of the right?
Only the limitations of the right to personal data protection that respect the right’s essence can
be regarded as lawful.61
★ The essence of the right to personal data protection might be adversely affected when the
storage of personal data is not subject to appropriate technical and organisational measures
protecting data against accidental or unlawful destruction, accidental loss or alteration of the
data.62
A.3.1: Yes, the limitation of the right to personal data protection adversely affects its
essence. Limitations of EU fundamental rights are not permissible if they affect the
rights’ essence. Action is required to remedy this. If the measure can be modified to
ensure it does not affect the essence of the right to personal data protection, but still
constitutes a limitation, it needs to be checked against compliance with the other
applicable requirements. Go to Q6.
A.3.2: No, the limitation does not adversely affect the right’s essence. This means it
could be a lawful limitation. The limitation must nevertheless comply with additional
requirements. Go to Q6.
Q4: Does the envisaged measure involve the processing of personal data?
Measures involving the processing of personal data fall under the scope of the right to
personal data protection,63 and can be considered a threat to such right.64 Personal data is any
information relating to an identified or identifiable individual.65
★ Fingerprints constitute personal data.66
★ The minutes in which an officer explains the reasons for a draft decision dealing with an
application for a residence permit may contain personal data, but do not as such constitute
personal data.67 The legal analysis contained in that document is not personal data.
To process personal data is to carry out any operation performed upon personal data, whether
or not by automatic means, such as collecting, recording, organising, storing, adapting or
altering, retrieving, consulting, disclosing or making available, aligning, combining, blocking,
61 Art. 52(1) of the EU Charter.
62 Digital Rights Ireland, § 40.
63 Digital Rights Ireland, § 29 and § 36.
64 Read jointly with Art. 7 Charter. See: Schwarz, § 25.
65 Schwarz, § 26.
66 Schwarz, § 27.
67 Minister voor Immigratie, Integratie en Asiel, § 39.
PRISMS Deliverable 5.2
20
erasing or destructing personal data.68 There is processing of personal data also when the data
has already been previously published in unaltered form in the media.69
★ Loading personal data on an Internet page must be considered processing personal data.70
Remember: all these notions (‘personal data’ and ‘processing of personal data’) need to be
interpreted as widely as necessary to ensure effective and complete protection of
individuals.71
A4.1: Yes, the measure involves the processing of personal data and thus falls under
the scope of the right to personal data protection. The EU Court of Justice regards this
as constituting a limitation of the right to personal data protection. As limitations of
fundamental rights are only acceptable if complying with strict requirements, assess
whether the limitation is lawful: go to question Q3.
A4.2: No. If a measure does not involve the processing of personal data, it shall not be
regarded as falling under the scope of the right to personal data protection. The
measure could nevertheless affect the right to respect for private life. Go to
question Q2.
Q5: Does the limitation of the right to respect for private life adversely affect the essence of
the right?
Only the limitations that respect the right’s essence can be regarded as lawful.72 Some
measures, nevertheless, may impact seriously on a right but still respect its essence.
★ Processing data on electronic communications without acquiring knowledge on the content
of the communications does not adversely affect the essence of the right to privacy.73
A5.1: Yes, the limitation of the right to respect for private life adversely affects its
essence. Limitations of EU fundamental rights are not permissible if they affect the
rights’ essence. Action is required to remedy this. If the measure can be modified to
ensure it does not affect the essence of the right to respect for private life, but still
constitutes an interference with the right, it still needs to be checked against
compliance with the other applicable requirements. Go to Q7.
A5.2: No, the limitation does not adversely affect the right’s essence. The limitation
must nevertheless comply with additional requirements. Go to Q7.
68 Google, § 25, in reference to Directive 95/46/EC.
69 Google § 30, in reference to Directive 95/46/EC (with a reference to Satamedia § 48-49).
70 Google § 26, in reference to Directive 95/46/EC. It should not be regarded, however, as a transfer of personal
data to a third country, even if uploading the data makes the data accessible to anyone who connects to the
internet, including people in a third country: Case C-101/01, Bodil Lindqvist, 6 November 2003,
ECLI:EU:C:2003:596, § 71.
71 Google, § 53.
72 Art. 52(1) of the EU Charter.
73 Digital Rights Ireland, § 39.
PRISMS Deliverable 5.2
21
Q6: Does the limitation of the right to personal data protection pursue an objective of
general interest, or is it justified by the need to protect the rights and freedoms of others?
Limitations on the exercise of EU fundamental rights and freedoms shall be made only if they
are necessary and genuinely meet objectives of general interest recognised by the EU or the
need to protect the rights and freedoms of others.
★ The fight against international terrorism in order to maintain international peace and
security constitutes an objective of general interest.74
★ Fighting against serious crime serves, ultimately, public security, and also constitutes an
objective of general interest.75
★ Aiming to increase the transparency of the use of public funds is an objective of general
interest that can justify the limitation of the right to personal data protection.76
A6.1. Yes, the measure pursues an objective of general interest, or is justified by the
need to protect the rights and freedoms of others. The measure needs nevertheless to
comply with additional requirements. Go to Q8.
A6.2. No, the measure does not pursue an objective of general interest, and is not
justified by the need to protect the rights and freedoms of others. Measures that
constitute a limitation of the right to the protection of personal data are not permissible
if they do not pursue an objective of general interest, or are justified by the need to
protect the rights and freedoms of others. Action is required to ensure that the
measure complies with this requiremnt, or that it no longer constitutes a limitation of
the right to personal data protection. If compliance with this requirement can be
guaranteed, check compliance with additional requirements by going to Q8.
Q7: Does the limitation of the right to respect for private life pursue an objective of general
interest, or is it justified by the need to protect the rights and freedoms of others?
Limitations on the exercise of EU fundamental rights and freedoms shall be made only if they
are necessary and genuinely meet objectives of general interest recognised by the EU or the
need to protect the rights and freedoms of others.
A7.1. Yes, the measure pursues an objective of general interest, or is justified by the
need to protect the rights and freedoms of others. The measure needs nevertheless to
comply with additional requirements. Go to Q9.
A7.2. No, the measure does not pursue an objective of general interest, and is not
justified by the need to protect the rights and freedoms of others. Measures that
constitute a limitation of the right to the respect for private life are not permissible if
74 Digital Rights Ireland, § 42. On the legitimacy of fighting “by all means, in accordance with the Charter of the
United Nations, against the threats to international peace and security posed by acts of terrorism”: Cases
C-402/05 P and C-415/05 P Kadi and Al Barakaat International Foundation v Council and Commission, 3
September 2008, EU:C:2008:461, § 363.
75 Digital Rights Ireland, § 41 and § 42.
76 Schecke, § 71.
PRISMS Deliverable 5.2
22
they do not pursue an objective of general interest, or are justified by the need to
protect the rights and freedoms of others. Action is required to ensure that the
measure complies with this requirement, or that it no longer constitutes a limitation of
the right to respect for private life. If compliance with this requirement can be
guaranteed, check compliance with additional requirements going to Q9.
Q8: Is the measure appropriate for attaining the objective pursued?
This question allows starting to assess whether the measure is in accordance with the principle
of proportionality: measures must be suitable for attaining the objective pursued and do not go
beyond what is necessary to achieve it.77
★ Accessing communications data gives authorities additional opportunities to shed light on
serious crime. It can thus be described as a valuable tool for criminal investigations.
Consequently, storing such data may be considered to be appropriate for attaining the
objective of fighting serious crime.78
★ Storing data on a highly secure storage medium using sophisticated technology is likely to
help attaining the aim of preventing the falsification of passports.79 The fact that the method
use is not wholly reliable is not decisive.80 It is enough that the method significantly reduces
the likelihood of falsification.81
The judicial review of compliance with those conditions generally recognises to the EU
legislature a degree of discretion. The extent of discretion, however, may prove to be limited,
depending on a number of factors, including the area concerned, the nature of the right at
issue, the nature and seriousness of the interference, and the object pursued by the
interference.82 When an interference with EU fundamental rights involves the processing of
personal data, the EU legislature’s discretion is reduced, and the review by the judiciary
should be strict.83
★ Internet and search engines play a very important role in modern society. This renders
ubiquitous the information contained in the list of results offered by search engines,
heightening the interferences with the rights of data subjects linked to such processing of
personal data.84
A8.1: Yes, the measure is appropriate. To check whether it is necessary and does not
go being what is necessary, go to Q10.
A8.2: No, the measure is not appropriate to attain the pursued objective. Measures are
not permissible if they are not appropriate to pursue an objective of general interest.
Action is required to ensure that the measure is appropriate, or that it no longer
77 Schecke, § 74.
78 Digital Rights Ireland, § 49.
79 Schwartz, § 40.
80 Schwartz, § 43.
81 Schwartz, § 43.
82 Digital Rights Ireland, § 47.
83 Digital Rights Ireland, § 48.
84 Google, § 80-81.
PRISMS Deliverable 5.2
23
constitutes a limitation of the right. If it can be modified to ensure its appropriateness,
check compliance with additional requirements going to Q10.
Q9: Is the measure appropriate for attaining the objective pursued?
A9.1: Yes, the measure is appropriate. To check whether it is necessary and does not
go being what is necessary, go to Q11.
A9.2: No, the measure is not appropriate to attain the pursued objective. Measures are
not permissible if they are not appropriate to pursue an objective of general interest.
Action is required to ensure that the measure is appropriate, or that it no longer
constitutes a limitation of the right. If the measure can be modified to ensure its
appropriateness, check compliance with additional requirements going to Q11.
Q10: Does the measure go beyond what is necessary to achieve the pursued objective of
general interest?
The fact that the pursued objective might be of the utmost importance does not justify, in
itself, the necessity of all measures pursuing it.85
★ The fight against serious crime is of the utmost importance to ensure public security, but
this does not mean that to retain communications data shall automatically be considered to be
necessary for the purpose of the fight against serious crime.86
In assessing whether a measure is necessary, one must examine whether it is possible to
envisage measures that would interfere less with fundamental rights but still effectively
contribute to the objective pursued.87
★ Iris-recognition may be an alternative to the taking of fingerprints to prevent passport
falsification. However, nothing suggests that it would interfere less with fundamental rights
than the taking of fingerprints. In addition, iris-recognition is less advanced, and thus possibly
a less effective method. It is also more expensive, and therefore less suitable for general use.
All in all, the existence of this alternative does not compromise the necessity of taking
fingerprints.88
A10.1: Yes, the measure goes beyond what is necessary. This needs to be remedied.
Action is required. If the problem can be solved, go to Q12.
A10.2: No, the measure does not go beyond what is necessary. To continue assessing
the lawfulness of the limitation of the right, go to Q12.
85 Digital Rights Ireland, § 51.
86 Digital Rights Ireland, § 55.
87 Schwartz, § 46.
88 Schwartz, § 51-53.
PRISMS Deliverable 5.2
24
Q11: Does the measure go beyond what is necessary to achieve the pursued objective of
general interest?
The ECHR has held that the adjective ‘necessary’ implies that there exists ‘a pressing social
need’ for the State to act in a particular way and that the measure taken is proportionate to the
legitimate aim pursued.
A11.1: Yes, the measure goes beyond what is necessary. This needs to be remedied.
Action is required. If the problem can be solved, go to Q13.
A11.2: No, the measure does not go beyond what is necessary. To continue assessing
the lawfulness of the limitation of the right, go to Q13.
Q12: Is the measure circumscribed by provisions ensuring that it is actually limited to what
is strictly necessary to pursue the objective?
To make sure that measures do not go beyond what is necessary to achieve the pursued aim, it
must be ensured that there are specific guarantees in place. When a measure entails a wide-
ranging and particularly serious interference with EU fundamental rights, the interference
must be precisely circumscribed by provisions ensuring it is actually limited to what is strictly
necessary.89 Law should lay down clear and precise rules governing the extent of the
interference with fundamental rights,90 including objective criteria.91 The lack of any
differentiation, limitation or exception made in the light of the objective pursued can be
problematic.92
When the measure involves the processing of personal data, this entails the need to ensure that
data are effectively protected from misuse and abuse.93
★ When a measure involves the processing of personal data, it is crucial that law lays down
clear and precise rules governing the measure’s scope and application, and imposing
minimum safeguards so that the persons whose data is processed have sufficient guarantees to
effectively protect their personal data against the risk of abuse and against any unlawful
access and use of that data.94 The need for such safeguards is all the greater where personal
data are subjected to automatic processing and where there is a significant risk of unlawful
access to those data.95
★ When a measure requires the processing of electronic communications data, it must be
taken into account that the use of these communications is very widespread and of growing
importance in people’s everyday lives.96 If the measure covers the communications of all
subscribers and registered users, it must be taken into account that this entails an interference
with the fundamental rights of practically the entire European population.97 The lack of any
89 Digital Rights Ireland, § 65.
90 Digital Rights Ireland, § 65.
91 Digital Rights Ireland, § 60.
92 Digital Rights Ireland, § 57.
93 Schwartz, § 54-55.
94 Digital Rights Ireland, § 54.
95 Digital Rights Ireland, § 54.
96 Digital Rights Ireland, § 56.
97 Digital Rights Ireland, § 56.
PRISMS Deliverable 5.2
25
differentiation, limitation or exception can be problematic if there is no evidence capable of
suggesting that the all the persons affected by a measure pursuing the fight against serious
crime have a link, even if indirect or remote, with serious crime, and if there is no exception
provided to protect the communications data of persons that have obligations of professional
secrecy.98
★ When a measure implying the processing of personal data seeks to contribute to the fight
against serious crime, there must be a relationship between the data and threats to public
security, and the measure must be restricted (i) to data pertaining to a particular time period
and/or a particular geographical zone and/or to a circle of particular persons likely to be
involved in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the
processing of their data, to the prevention, detection or prosecution of serious offences.99
★ When processing of personal data targets the fight against crime, this necessarily involves
the prosecution of crimes and offences committed irrespective of the nationality of their
perpetrators. It is contrary to EU rules on anti-discrimination for Member States to foresee
different rules for the processing of data of nationals of that Member State, and for nationals
of other Member States.100
★ Rules giving access to data should contain substantive and procedural conditions relating to
such access, and to subsequent use of the data.101 They must include objective criteria limiting
the number of persons authorised to access and subsequently use the data, in order to make
sure that processing is limited to what is strictly necessary in light of the objective pursued.102
Procedural conditions might need to include making access to data dependent on a prior
review carried out by a court or by an independent administrative body.103
★ Rules imposing the storage of data should limit the retention period making distinctions on
the basis of the possible usefulness of the data for the purposes of the objective pursued, or
according to the persons concerned.104 Furthermore, the determination of the retention period
must be based on objective criteria, ensuring it is limited to what is strictly necessary.105
★ When data are retained, there must be measures ensuring their effective protection against
the risk of abuse and against any unlawful access and use of that data. Such measures must be
adapted to the quantity of data retained, their possible sensitive nature, and the risk of
unlawful access to that data.106 Additionally, it must be ensured that compliance with the
applicable requirements can be controlled by an independent authority, which might require
data to be retained within the European Union.107
A12.1: Yes, the measure is circumscribed by provisions ensuring it is limited to the
strict necessary. To continue with the assessment, go to Q14.
98 Digital Rights Ireland, § 58.
99 Digital Rights Ireland, § 59.
100 Case C‑524/06, Heinz Huber v Bundesrepublik Deutschland, 16 December 2008, ECLI:EU:C:2008:724, §
78-81.
101 Digital Rights Ireland, § 61.
102 Ibidem, § 62.
103 Idem.
104 Ibidem, § 63.
105 Ibidem, § 64.
106 Ibidem, § 66.
107 Ibidem, § 68.
PRISMS Deliverable 5.2
26
A12.2: No, the measure is not circumscribed by provisions ensuring it is limited to the
strict necessary. In this case, action is required to make sure it does. Once this is
solved, you can move to Q14.
Q13: Is the measure circumscribed by provisions ensuring that it is actually limited to what
is strictly necessary to pursue the identified objective?
To make sure that measures do not go beyond what is necessary to achieve the pursued aim, it
must be ensured that there are specific guarantees in place. When a measure entails a wide-
ranging and particularly serious interference with EU fundamental rights, the interference
must be precisely circumscribed by provisions ensuring it is actually limited to what is strictly
necessary.108
A13.1: Yes, the measure is circumscribed by provisions ensuring it is limited to the
strict necessary. To continue with the assessment, go to Q15.
A13.2: No, the measure is not circumscribed by provisions ensuring it is limited to the
strict necessary. In this case, action is required to make sure it does. Once this is
solved, you can move to Q15.
Q14: Is the limitation provided for by law?
Limitations on the exercise of EU fundamental rights must be provided for by law.109
Insofar as the protection of personal data is concerned, it must be considered that any
processing of personal data must have a legal ground, which could be the consent of the
person concerned or another legitimate basis laid down by law.110
A14.1: Yes, the limitation is provided for by law. The limitation appears to be a lawful
limitation of the right to the protection of personal data. The measure could
nevertheless constitute an interference with the right to respect for private life,
requiring a separate assessment. Go to Q2.
A14.2: No, the limitation is not provided for by law. Limitations of EU fundamental
rights are only permissible if provided for by law. Action is required to address this
problem. If it can solved, the measure can be regarded as in line with EU law
requirements for permissible limitations of the right to the protection of personal data.
The measure could nevertheless constitute an interference with the right to respect for
private life, requiring a separate assessment. Go to Q2.
Q15: Is the interference with the right to respect for private life provided for by law, and in
accordance with the law in the sense of based in domestic law and compatible with the rule
of law?
108 Ibidem,, § 65.
109 Art. 52(1) of the EU Charter.
110 See, in this sense: European Data Protection Supervisor (EDPS), The EDPS as an advisor to EU institutions
on policy and legislation: Building on ten years of experience, Policy Paper, Brussels, June 4 2014.
PRISMS Deliverable 5.2
27
Limitations on the exercise of EU fundamental rights must be provided for by law.111 Insofar
as the right to respect for private life is concerned, this has to be read as corresponding to
need for interferences with this right to be ‘in accordance with the law’ under Article 8(2) of
the ECHR,112 which means that the measure must have some basis in domestic law and be
compatible with the rule of law.
The law must be adequately accessible and foreseeable, that is, formulated with sufficient
precision to enable the individuals to regulate their conduct. Domestic law must afford
adequate legal protection against arbitrariness, indicating with sufficient clarity the scope of
discretion conferred on the competent authorities and the manner of its exercise.113
★ In the context of secret measures of surveillance, law’s foreseeability cannot mean that
individuals should be able to foresee when the authorities are likely to intercept their
communications so that they can adapt their conduct accordingly. However, it is essential to
have clear, detailed rules on interception of telephone conversations, especially as the
technology available for use is continually becoming more sophisticated. The domestic law
must be sufficiently clear in its terms to give citizens an adequate indication as to the
circumstances in which and the conditions on which public authorities are empowered to
resort to any such measures. Moreover, the law must indicate the scope of any discretion
conferred on the competent authorities and the manner of its exercise with sufficient clarity to
give the individual adequate protection against arbitrary interference.114
★ In the context of secret measures of surveillance, the following minimum safeguards
should be set out in statute law in order to avoid abuses of power: the nature of the offences
which may give rise to an interception order; a definition of the categories of people liable to
have their telephones tapped; a limit on the duration of telephone tapping; the procedure to be
followed for examining, using and storing the data obtained; the precautions to be taken when
communicating the data to other parties; and the circumstances in which recordings may or
must be erased or the tapes destroyed.115
A15.1: Yes, the interference with the right to respect for private life is in accordance
with the law. The measure at stake appears to be compliant with the requirements
applicable to lawful limitations of the right to respect for private life. Questionnaire
completed.
A15.2: No, the interference with the right to respect for private life is not in
accordance with the law. The interference cannot be deemed lawful unless in
accordance with the law as described above. Action is required; otherwise, the
measure cannot be regarded as compliant with EU fundamental rights requirements.
111 Art. 52(1) of the EU Charter.
112 Art. 52(3) of the Charter requires the meaning and scope of rights found in both Charter and ECHR to be
interpreted in the same way as those found in the ECHR. See also: José Martín y Pérez de Nanclares, Martín y
Pérez de Nanclares, José. “Comentario al Artículo 7: Respeto de la vida privada y familiar” in Luis N. González
Alonso (ed.), Carta de los Derechos Fundamentales de la Unión Europea: Comentario artículo por artículo,
Fundación BBVA, 2008, p. 217.
113 Eur. Court H.R., Malone v the United Kingdom, 2 August 1984, Series A n° 82, § 66-68.
114 Eur. Court H.R., Weber and Sarabia v Germany, 29 June 2006, ECHR 2006-XI, § 92-94.
115 Weber and Sarabia v Germany, § 95.
PRISMS Deliverable 5.2
28
3 BALANCING BY COURTS: THE LEGAL ASPECT OF THE
‘PRIVACY VS. SECURITY’ CONFLICT FROM THE ECTHR
PERSPECTIVE
Bernadette Somody, Iván Székely
3.1 SUBJECT AND SCOPE OF THE ANALYSIS
How can the ‘privacy vs. security’ conflict be described, analysed and decided from a legal
viewpoint, by means of legal terms? ‘Privacy vs. security’ conflicts as legal problems have to
be decided primarily by courts. From the viewpoint of courts, this is a conflict between
(fundamental) rights and other legitimate interests and its solution needs considering whether
or not the restriction of (information) privacy in the interest of security is justified in a
concrete case. In Europe, the most acknowledged method of the legal evaluation of conflicts
of fundamental rights and legitimate interests in the practice of courts is the test of
proportionality. An analysis in the framework of the test of proportionality and of balancing
between privacy and security, as one of the steps of the tests (namely analysing
proportionality in a narrow sense), is the strictest legal aspect of ‘privacy vs. security’
conflicts.
The test of proportionality is not explicitly recognized by the text of the European Convention
on Human Rights (ECHR). Nevertheless, the European Court of Human Rights (ECtHR)
interprets the limitation clauses attached to Articles 8-11 of the ECHR in accordance with the
concept of proportionality and applies the methodological steps of the test. As an alternative
method to a comparative analysis covering the practices of the national courts (constitutional
and/or supreme courts) of different European countries, studying the ECtHR’s case law
leads to relevant conclusions about the legal evaluation of the ‘privacy vs. security’ conflict.
This scope can be based on the authoritative nature of the ECtHR’s practice: the Strasbourg
Court can reasonably be considered to be the most significant human rights forum in Europe
since it sets the minimal standard of the protection of privacy for European states and its case
law is decisive also for the European Union and the CJEU interpreting the EU Charter of
Fundamental Rights (see below).116
The scope of this study covers the application of the test of proportionality in the ECtHR’s
practice. We focus on the Strasbourg Court’s case law about privacy, especially the
information aspect thereof that provides protection for human personality in connection
with processing data relating to the person. This protection is guaranteed primarily by Article
8 of the ECHR on the right to respect for private and family life (see 3.2 below).
A number of legal theorists and authors have analysed the ECtHR's case law in general and
the application of the proportionality test in particular, presenting the steps of the test in great
detail and quoting the most well-known cases extensively. The value added by the present
study to this corpus of legal literature is the methodological rigor with which we followed and
analysed the steps of the test of proportionality, the great number of cases analysed from this
aspect, and the suggestions made in order to find legal solutions to supersede the predominant
116 It has to be noted that one of the recent judgments of the CJEU on a privacy vs. security issue applied the test
of proportionality in a very detailed and dogmatically rigorous manner. See Judgment in joined Cases C-293/12
and C-594/12 Digital Rights Ireland and Seitlinger and Others of 8 April 2014, on the invalidity of the Data
Retention Directive.
PRISMS Deliverable 5.2
29
concept of ‘balancing’. In this study we did not follow the logic of presenting the individual
cases relevant for our analysis and summarizing the overall conclusions at the end of the
analysis. Instead, we analysed more than hundred individual cases from the practice of the
ECtHR in the preliminary phases of this study and here we show the result of this analysis,
with due reference to the cases when necessary.
The essence of the proportionality test appears to be that the limitation on privacy in the
interest of security can be justified if the two values stand in balance. This method of legal
interpretation seems to be favourable for the trade-off model according to which the debate
between privacy and security is a zero-sum game and we are forced to choose between
them.117 According to the proportionality test, courts have to choose between conflicting
rights and interests and to set up a balance between privacy and security since, as the test of
proportionality suggests, the conflict flows from the very fact that both of them cannot be
secured at the same time. However, both practical experience and empirical surveys show that
there exist means and methods the application of which can strengthen security and privacy at
the same time, and – as the preliminary results of the PRISMS survey suggests – people
regard security and privacy as separate values, thus they want both. Therefore, after analysing
the application of the proportionality test, we attempt to answer the question whether the
trade-off between privacy and security can be superseded within the framework of the
proportionality test.
3.1.1 The authority of the ECtHR’s practice
In order to analyse the ‘privacy vs. security’ balance seemingly prevailing in Europe and its
recent development, we review the relevant case law of the ECtHR from the aspect of the
application of the test of proportionality in the practice of Article 8 of ECHR. We take as a
starting point the fact that the European standard of balancing between privacy and security is
developed and indicated by the ECtHR’s practice on the grounds of the ECHR, especially its
Article 8 on the right to respect for private life. However, prior to the analysis, we have to
present the legal arguments for the authority of the ECtHR’s practice and case law when
one examines the European legal solution for a problem of conflicting values.
The Strasbourg regime (the Convention and the related case law) sets the minimal standard of
privacy protection for the European states being parties to the Convention, at the same time it
is also decisive for the EU and its Member States. Today, the European Union is not a party to
the ECHR and therefore not directly bound by it.118 Nevertheless, the ECHR is undisputedly a
relevant legal document in Europe. Firstly, Article 6 of the Treaty on the European Union
provides that ‘[F]undamental rights, as guaranteed by the European Convention for the
Protection of Human Rights and Fundamental Freedoms and as they result from the
constitutional traditions common to the Member States, shall constitute general principles of
the Union's law’.119 Secondly, according to the well-established case law of the Court of
Justice of the European Union (CJEU), the ECHR constitutes the minimum standard for
human rights in EU law.120 Thirdly, all EU Member States are also bound by the ECHR: they
117 Robert Alexy illustrates the balancing between the two conflicting principles with an indifference curve as it
is used in economics: Robert Alexy, A Theory of Constitutional Rights, Oxford University Press, Oxford, 2002,
pp. 102-105.
118 The EC is presently not competent to accede to the ECHR: Opinion 2/94 Accession to the ECHR [1996] ECR
I-1759.
119 Treaty on the European Union, Article 6(3).
120 Tobias Lock, “The ECJ and the ECtHR: The Future Relationship between the Two European Courts”, The
Law and Practice of International Courts and Tribunals, 8, 2009, p. 376.
PRISMS Deliverable 5.2
30
have an international obligation to comply with the ECHR, even if this does not imply that the
EU itself is bound by the Convention.
As the EU itself is not a member to the Convention, the Convention rights and their
interpretation by the ECtHR have only an indirect influence on the scope of fundamental
rights in the EU that the Union itself cannot be held responsible for possible infringements of
these rights.121 However, all the Member States are bound by the ECHR, therefore when they
are implementing EU law, they must generally comply with the ECHR. This situation led to a
‘silent cooperation’ and mutual respect between the ECtHR and the CJEU, that can be
described as a relationship that is governed not by legal rules but primarily by politics, often
judicial politics; where we find heterarchy, not hierarchy.122 The CJEU regularly refers to the
ECHR and the ECtHR’s case law when adjudicating on fundamental rights in EU law, for
which one of the main sources of inspiration is the ECHR. Therefore, the CJEU’s
interpretation of the fundamental rights in EU law is usually parallel to that of a similar
Convention right by the ECtHR.123
The standard of restricting the right to the protection of personal data in the EU depends on
the practice of the ECtHR (cf. D5.1, Section 3.2). Therefore, the ECtHR’s practice has
authority on the legal solution for the conflicting values in question, and the applied test of
proportionality and the interpretation of the Article 8 of ECHR pursued by the Court is
relevant when one analyses the balance between privacy and security in Europe.
3.1.2 Information privacy, data protection and the ECtHR’s jurisdiction
The right to privacy is one of the human rights of primary importance which protects various
aspects of human personality. Decisional privacy guarantees freedom to make decisions about
one’s body and family. The right to self-determination, as its continental counterpart, covers
matters such as termination of pregnancy, sterilisation, refusing life-sustaining treatments,
consumption of drugs and sexual decision-making. However, several traditional privacy
issues do not raise the question of balancing with security interests at all. Surveillance for
security purposes concerns expressly the right to information privacy. What is at stake is a
special segment of privacy securing protection against collection, use and disclosure of a
citizen’s personal information,124 or in other words, it is the right to control knowledge about
oneself125 or the claim of individuals to determine for themselves when, how and to what
extent information about them is communicated to others.126 Surveillance aimed at enhancing
security affects citizens by the fact that these tools and methods involve the collection,
storage, use and disclosure of their personal information, the exclusion of the access to
personal data related to them or the restriction of the control over their personal information.
In order to analyse the ‘privacy vs. security’ conflict in the framework of the present project,
we shall focus on cases where the intrusion into citizens’ private life is the result of
processing information relating to them.
121 CFTD v European Communities, (App no 8030/77) (1978) D.R. 13, 213; Dufay v European Communities,
(App no 13539/88) (ECommHR 19 Jan 1989).
122 Nico Krisch, “The Open Architecture of European Human Rights Law”, Modern Law Review 71, 2008, p.
201.
123 Tobias Lock ibid: 380.
124 On distinction among different aspects of privacy and defining information privacy see Daniel J. Solove,
Mark Rotenberg, Paul M. Schwartz, Privacy, information and technology, Aspen Publishers, 2006.
125 Charles Fried (1968): Privacy. Yale Law Journal, 77, 475.
126 Alan Westin (1967): Privacy and Freedom. New York: Atheneum, 7.
PRISMS Deliverable 5.2
31
Human rights, including the right to privacy, are formulated and recognised by national
constitutions and international fundamental rights conventions as norms legally binding the
states. The legal protection of human rights rests on their enshrinement in legal documents
and the system of institutions and mechanisms serving their legal enforcement. The ‘privacy
vs. security’ conflict can be examined from the legal viewpoint as the dilemma of the citizens’
legal right to privacy vs. the public interest relating to security. If the subject of the legal
analysis is expressly the practice of a fundamental rights enforcement mechanism based on a
legal document, such as the Strasbourg Court’s case law applying the ECHR in this
contribution, one can identify the exact provision of the legal document applied by the
court or other institution which protects the relevant aspect of human personality, or in
other words which declares the human right concerned as a fundamental legal right. This is
the provision that is referred to and applied in order to judge the conflict brought before the
court or other institution. We argue that in the ECtHR’s practice the protection of
information privacy (the aspect of privacy affected by surveillance) is based on Article 8
of the Convention guaranteeing everyone’s rights to respect for their private and family life,
their home and their correspondence - despite the fact that the Court does not use the category
of personal information or personal data.
While data protection cannot be found either in Article 8 or in any other provision of the
ECHR, the emergence of technology resulted in granting to data protection an increasingly
autonomous status as a fundamental right in recent human rights documents.127 The Council
of Europe (CoE) Convention for the Protection of Individuals with Regard to Automatic
Processing of Personal Data (European Treaty Series no. 108, Strasbourg, 1981) was the first
international legally binding instrument dealing explicitly with data protection, and the
European Union has not only developed legal instruments on data protection, namely the Data
Protection Directive (Directive 46/95/EC) and Regulation (Regulation (EC) No. 45/2001), the
Directive on Privacy and Electronic Communications (Directive 2002/58/EC) and the Data
Retention Directive (2006/24/EC), but also established the right to data protection as a
fundamental right. Data protection is a fundamental right enshrined in Article 8 of the EU’s
Charter of Fundamental Rights, which is distinct from the respect for private and family life
guaranteed in Article 7. This feature sets the EU Charter apart from other major human rights
documents which, for the most part, treat the protection of personal data as an extension of the
right to privacy (see D5.1, Chapter 3-4).
The ECtHR does not clarify the theoretical relation of the right to privacy and to data
protection. This is still an open question, as it can be described with more than one logical
relation within the European legal systems, including the jurisprudence of the ECtHR. The
ECHR does not make a similar distinction between data protection and the right for respect
for private and family life and correspondence, and its principal interpreter, the ECtHR has
not reached a stable standpoint in this issue so far. Since there are existing judgments that
interconnect these notions, it is plausible to argue that these rights have an overlapping
common segment, however privacy protection can aim at a different kind of protection than
data protection does, and, on the other hand, the scope of data protection covers personal
information in a distant or indirect relation with the private sphere.
Nevertheless, throughout its jurisprudence, the ECtHR has examined many situations in
which the issue of data protection arose, and all these cases were adjudged on the basis of
Article 8 of the ECHR, therefore this Article which aims at protecting the right to respect for
127 See Juliane Kokott, Christoph Sobotta, The distinction between privacy and data protection in the
jurisprudence of the CJEU and the ECtHR. International Data Privacy Law, 2013, Vol. 3, No. 4, pp. 222-228.
PRISMS Deliverable 5.2
32
the private and family life, home and correspondence has essential significance in data
protection cases before the ECtHR. Interferences with the right to personal data
protection, including cases concerning protection against the interception of
communications,128 various forms of surveillance129 and storage of personal data by public
authorities130 may be brought before the Strasbourg Court through the allegation of breach
of the rights covered by Article 8. In all cases where data protection issues were disputed
before the Court, the ECtHR had to interpret these rights.
One the one hand, Article 8 guarantees the protection of private life. Surveillance and record-
keeping of personal data are in close connection with the protection of private life. In some
cases, where the Court has to decide whether there was an interference with the applicants’
privacy rights – thus when it examines the applicability of Article 8 – it consequently uses the
notion of private life as a broad term that is not susceptible to exhaustive definition,131 but it
undisputedly covers data protection issues. The Court holds that elements such as gender
identification, name and sexual orientation and sexual life are important elements of the
personal sphere protected by Article 8.132 Article 8 also protects the right to identity and
personal development, and the right to establish and develop relationships with other human
beings and the outside world.133 Its scope may include activities of a professional or business
nature.134 According to the Court, there is a zone of interaction of a person with others, even
in a public context, which may fall within the scope of ‘private life’.135 There are a number of
elements relevant to the consideration of whether a person’s private life is concerned by
measures effected outside a person’s home or private premises. Since there are occasions
when people knowingly or intentionally involve themselves in activities which are or may be
recorded or reported in a public manner, a person’s reasonable expectations as to privacy may
be a significant, although not necessarily conclusive, factor. A person who walks down the
street will, inevitably, be visible to any member of the public who is also present. Monitoring
by technological means of the same public scene (for example, a security guard viewing
through closed-circuit television) is of a similar character. According to the Court, private-life
considerations may arise, however, once any systematic or permanent record comes into
existence of such material from the public domain. It is for this reason that files gathered by
128 For example Malone v. the United Kingdom, no. 8691/79, 2 August 1984, Copland v. the United Kingdom,
no. 62617/00, 3 April 2007.
129 For example Klass and Others v. Germany, no. 5029/71, 6 September 1978, Uzun v. Germany, no. 35623/05,
2 September 2010.
130 For example Leander v. Sweden no. 9248/81, 26 March 1987, S and Marper v. the United Kingdom, no.
30562/04, 4 December 2008.
131 See, for example, Glor v. Switzerland, no. 13444/04, § 52, ECHR 2009; Tysiąc v. Poland, no.5410/03, § 107,
ECHR 2007‑I; Hadri-Vionnet v. Switzerland, no. 55525/00, 14 February 2008, § 51; Pretty v. the United
Kingdom, no. 2346/02, § 61, ECHR 2002‑III; and S. and Marper v. the United Kingdom, nos. 30562/04 and
30566/04, § 66, ECHR 2008.
132 See, for example, B. v. France, 25 March 1992, Series A no. 232-C, § 63; Burghartz v. Switzerland, 22
February 1994, Series A no. 280-B, § 24; Dudgeon v. the United Kingdom, 22 October 1981, Series A no. 45, §
41; and Laskey, Jaggard and Brown v. the United Kingdom, j 19 February 1997, Reports 1997-1, § 36.
133 See, for example Case of Burgartz v. Switzerland, no. 16213/90.
133 Opinion of the Commission, p. 37, § 47, and Friedl v. Austria, 31 January 1995, Series A no. 305-B, opinion
of the Commission, § 45.
134 See Niemietz v. Germany, 16 December 1992, Series A no. 251-B, pp. 33-34, § 29, and Halford v. the United
Kingdom, no. 20605/92, 25 June 1997, § 44.
135 See von Hannover v. Germany (No. 2), nos. 40660/08 and 60641/08, § 95.
PRISMS Deliverable 5.2
33
security services on a particular individual fall within the scope of Article 8, even where the
information has not been gathered by any intrusive or covert method.136
Another element of Article 8 that is frequently referenced in data protection cases is the
right to respect of correspondence. The Court’s case-law has, on numerous occasions, found
that the covert tapping of telephone conversations falls within the scope of Article 8 in both
aspects of the right guaranteed, namely, respect for private life and correspondence. While it
is generally the case that the recordings were made for the purpose of using the content of the
conversations in some way, the Court also stated that recordings taken for use as voice
samples cannot be regarded as falling outside the scope of the protection afforded by Article
8. In some cases, a permanent record has nonetheless been made of the person’s voice and it
is subject to a process of analysis directly relevant to identifying that person in the context of
other personal data. In a case where the applicants being charged by the police had to answer
formal questions in a place where police officers were listening to them, the recording and
analysis of their voices on this occasion must still be regarded as concerning the processing of
personal data about them.137
The close relationship between data protection and the protection of private life and
correspondence is substantiated in further evidence: in cases related to Article 8, ECtHR
from time to time refers to legal documents dealing explicitly with data protection. The
ECtHR enforces the articles of the ECHR, but sometimes it refers to other legal documents of
the Council of Europe, including Convention 108. According to the Court, the protection of
personal data is of fundamental importance to a person’s enjoyment of his or her right to
respect for private and family life as guaranteed by Article 8. In a case related to medical data,
it stated that respecting the confidentiality of health data is a vital principle in the legal
systems of all the Contracting Parties to the ECHR. It is crucial not only to respect the sense
of privacy of a patient but also to preserve his or her confidence in the medical profession and
in the health services in general. The court also stated that without such protection, those in
need of medical assistance may be deterred from revealing such information of a personal and
intimate nature as may be necessary in order to receive appropriate treatment and, even, from
seeking such assistance, thereby endangering their own health and, in the case of
transmissible diseases, that of the community. The Court concludes that the domestic law
must therefore afford appropriate safeguards to prevent any such communication or disclosure
of personal health data as may be inconsistent with the guarantees in Article 8 of the ECHR.
Here the court also referred to Articles 3 para. 2 (c), 5, 6 and 9 of Convention 108 of the
Council of Europe.138 The Court refers to the Convention’s purpose that is ‘to secure in the
territory of each Party for every individual [...] respect for his rights and fundamental
freedoms, and in particular his right to privacy, with regard to automatic processing of
personal data relating to him’, and its definition of personal data, as it is defined as ‘any
information relating to an identified or identifiable individual’. This happened in the case
Amann v. Switzerland,139 where the storing of information about the applicant on a card in a
file was found to be an interference with private life, even though it contained no sensitive
information and had probably never been consulted.140
136 see Rotaru v. Romania, no. 28341/95, §§ 43-44, ECHR 2000-V, P.G. and J.H. v. the United Kingdom no.
44787/98, 25 September 2001, § 59
137 P.G. and J.H. v. the United Kingdom, § 59.
138 Z v Finland, no. 22009/93, 25 February 1997.
139 No. 27798/95, §§ 65-67, ECHR 2000-II
140 See also P.G. and J.H. v. the United Kingdom, §57.
PRISMS Deliverable 5.2
34
3.2 TEST OF PROPORTIONALITY IN THE ‘PRIVACY VS. SECURITY’ CONFLICT
The concept of proportionality was developed by the German Constitutional Court, but
expanded far beyond Germany, and one can say that it became the post-war paradigm of
human rights protection. The doctrine was also adopted by the ECtHR: the interpretation of
the limitation clauses of Articles 8-11 was grounded on proportionality. The Strasbourg
method includes the identification of the legitimate aim of restrictions, and, under the
‘necessary in a democratic society’ clause, the examination of the necessity and
proportionality of limitations.
The ‘privacy vs. security’ conflict can be in the background of cases about the infringement of
Article 8 of the ECHR where the right to respect for private life is limited in the interest of
national security, public safety or prevention of disorder or crime which are possible purposes
of limitation laid down in the referred article of the Convention. When examining the case
law of the ECtHR, we investigate how the Court accepts the reference by the Governments to
the abovementioned legitimate aims and under what circumstances the Court finds the
limitation necessary and how it balances between the conflicting rights and interests (see 3.1
and below).
When we give examples for the interpretation of security as the purpose of the limitation, we
focus on cases where the right to respect for private and family life laid down in Article 8 gets
in conflict with security-related aims. This field of case law covers different situations - e.g.
where because of detention, refusal of a residence permit or expulsion from a country to
another, the applicants were incapacitated to communicate with close relatives; presence on
the funeral of a family member, etc. However, analysing the balance between privacy and
security, in harmony with the subject and goal of the project, we narrowed down the scope to
those cases in which surveillance measures are in interference with information privacy.
These cases concern typical conflicts between security and information privacy/data
protection, such as interception of private communication, secret surveillance of individuals,
registration of citizens in various databases for lustration purposes, investigation of crimes
committed, etc.
3.2.1 Security as a legitimate aim
Deciding about the lawfulness of the limitation of a fundamental right is also a
methodological challenge. Should it be a constitutional or a conventional right, the
responsible court - a constitutional court or the Strasbourg Court - can make its decision
verifiable, increase its persuasiveness and secure its authority if it follows the steps of the
limitation test where only the last step is the balancing between the conflicting rights and
interests which involves, by its nature, moral arguments. Prior to that, the human rights
courts, thus the ECtHR, too, have to decide, firstly, whether a fundamental right, protected by
the given constitution or the Convention, is concerned, and secondly, whether the quality of
the law restricting the right meets the requirements. Applying the proportionality test, the
evaluation of proportionality in a narrow sense is preceded, even if these structural elements
of the test are not clearly identifiable in each decision, by three sub-questions, as illustrated in
Figure 1: the identification of a legitimate aim, the rational connection between the aim and
the measure restricting the right, and the necessity of that measure.141
141 From the most current jurisprudence see: Aharon Barak, Proportionality: Constitutional Rights and their
Limitations, Cambridge University Press, Cambridge, 2012.
PRISMS Deliverable 5.2
35
Figure 1. Methodological steps of the test of proportionality
One can present the practice of the Strasbourg Court in a very similar way. As it is stated
again and again in the ECtHR’s rulings, a governmental measure will violate Article 8 unless,
firstly, it is in accordance with the law, which besides a legal basis in domestic law also
prescribes quality requirements; secondly, it pursues one or more of the legitimate aims set
out in paragraph 2 of the Article; and finally, it is necessary in a democratic society, where the
latter clause (the formula used by the text of the Convention) covers the requirements of
necessity and proportionality of the infringement to its purposes. The structure of the Court’s
decisions, in many cases even the inner titles thereof, clearly illustrate the way in which the
ECtHR follows these steps as the methodology of the legal evaluation.
In this part of our analysis, we focus on the identification and the justification of the
legitimate aim that, among the components of the test of proportionality, obviously has the
closest and the most evident connection with security issues. The legitimate aim expresses
that the interest competing with privacy is a security-related purpose.
A purpose can justify the limitation of a fundamental right if it is considered legitimate in the
society, if it is expresses a value on which the society is founded. In a constitutional
democracy, generally speaking, safeguarding human rights and, to a certain extent, satisfying
public interests can be taken into account as legitimate purposes. However, from the
viewpoint of a legal examination, the public interest of security as one of the legitimate
aims does not need further justification when it or certain aspects thereof are explicitly
named in the relevant limitation clause. The ECHR contains special limitation clauses listing
legitimate purposes. First of all, one can observe that the possible legitimate aims are
exhaustively enumerated also in the limitation clause attached to the declaration on the right
PRISMS Deliverable 5.2
36
to respect for private life. According to the second paragraph of Article 8, the interference
must pursue national security, public safety or the economic wellbeing of the country, the
prevention of disorder or crime, the protection of health or morals, or the protection of the
rights and freedoms of others.
On the one hand, we can state that security as the purpose of a limitation can be considered a
legitimate aim. On the other hand, however, are only acceptable those aspects of security
which are explicitly listed in the cited paragraph. On the basis of the text of Article 8, the
ECtHR is entitled to take security into account as national security, public safety or the
prevention of disorder or crime. From a descriptive viewpoint it can be stated that security is
present in the Strasbourg Court’s practice as any of the mentioned categories.
Identifying the legitimate aim and deciding whether or not the limitation imposed on the right
to privacy serves this aim are the matter of facts and rational argumentation. At least in
theoretical terms, these steps of the limitation test do not leave room for the discretion which
manifests in the last phase of the test, namely in proportionality stricto sensu. It could be a yes
or no question of whether or not security (or more precisely enumerated aspects thereof) stand
in conflict with right to privacy in the given situation.
Being a question of facts and having an expressis verbis basis in the text of the Convention,
the realisation of the public interest of security could be considered as a strict requirement of
the proportionality test applied in ‘privacy vs. security’ conflicts. In fact, however, the
examination of the legitimate aim proves that this is the weakest component of this
methodology.
When analysing the ECtHR’s case law on privacy and security one can identify several
components of the right to privacy on the basis of which the scope of this fundamental right
can be determined rather precisely (several examples were cited above in 1.2.). However, we
cannot reach a similar result regarding the security-related purposes of limitation. The content
of the relevant legitimate aims (national security, etc.) expressly listed in Article 8 is not
expounded in the Court’s practice. We cannot find abstract definitions or explanations in the
decisions from which the notion of different aspects of security or security in general can be
built up. The lack of defined contours of these categories is also proved by the fact that
generally the Court does not refer to a single purpose of the limitation which can assumedly
be selected as the relevant aspect of security in the case. The ECtHR often lists two or three
security-related categories from Article 8(2), without defining the specific relevance of the
different purposes.
The most frequently used formula by the Court simply enumerates in one sentence a set of
legitimate aims that may be taken into account, for example ‘the interests of national security
or the economic well-being of the country or, just as equally, for the prevention of disorder or
crime’.142 In other cases, the legitimate aims are not even specified in the judgment, the Court
only declares that the ‘restrictions pursued one or more of the legitimate aims enumerated in
Article 8 § 2’.143 The eventuality of the referred legitimate aims is best proven when the
wording of the judgment indicates exemplification, for example when the Court states that
‘[i]n the Court's view, it is not open to doubt that the monitoring of the applicant's
142 Example from case Mubilanzila Mayeka and Kaniki Mitunga v. Belgium, no. 13178/03, 12 October 2006, §
79.
143 See for example Nada v. Switzerland, no. 10593/08, 12 September 2012, § 174.
PRISMS Deliverable 5.2
37
correspondence pursued the legitimate aims of, inter alia, protecting ‘national security’
and/or preventing ‘disorder or crime’ referred to in Article 8 § 2’.144
Analysing the cases where security-related purposes justified the limitation, one can find only
a few sentences about the relevant legitimate aim where generally the ECtHR is satisfied with
the mere indication of the purpose. The Court does not make an attempt to define the
conception of the referred legitimate aims and avoids any kind of reasoning on how and why
the intervention by the state is serving the referred legitimate aim.
The lack of argumentation is represented by the wording used by the Court in paragraphs of
judgments assessing the existence of one or more relevant legitimate aims of the intervention,
such as ‘the Court finds it established’145 or ‘[t]he Court is prepared to accept’146 what the
Government refers to, or when, according to the Court, the purpose pursued ‘is not open to
doubt’.147 The same occurs when ‘the Court accepts the assertion by the Government’.148 The
lack of a reverse statement of the applicant may be enough for the establishment of the
legitimate aim: ‘the applicant did not appear to deny that the impugned restrictions were
imposed in pursuit of legitimate aims’.149 Furthermore, when none of the parties refer to or
deny the establishment of a legitimate aim, the Court itself may assist them to do so: ‘While
the applicant contested the existence of a legitimate aim, the Government did not expressly
refer to any legitimate aim pursued in this case. The Court, for its part, is ready to accept that
the impugned measure pursued the legitimate aims of safeguarding national security and
preventing disorder’.150 The probability or possibility of the establishment of a legitimate aim
may be enough to satisfy the Court: for instance, the intervention ‘could have been in the
interests’ of the relevant purposes, or ‘the Court therefore concludes that the interference
pursued a legitimate aim…’.151
This leads us to the conclusion that, according to the Court’s view, the reference to the
security-related legitimate purpose of the restriction on privacy basically falls within the
competence of the government, which competence is untouched by the ECHR and is not
subject to reconsideration by the ECtHR, resulting in that Strasbourg organs have very rarely
found a violation of Convention rights by reference to the legitimate aim standard.152
3.2.2 Necessity and proportionality of the limitation of privacy
The proportionality test is a methodological tool: a series of steps should be taken in order to
decide whether a limitation imposed on a fundamental right is justified. As it was mentioned
above, it consists of four components: if the limitation has a legitimate aim and is also
suitable to realize the purpose, the necessity and, finally, the proportionality in a narrow sense
have to be examined. The necessity of a limitation requires the application of the less
restrictive means in order to advance the legitimate aim. The last phase (proportionality in a
narrow sense) is the real field of (judicial) discretion which requires balancing between two
144 Erdem v. Germany, no. 38321/9, 5 July 2001, § 60.
145 Nada v. Switzerland, § 174.
146 Liu v. Russia (No. 2), no. 29157/09, 26 July 2011, § 80.
147 Erdem v. Germany, § 60.
148 Drakšas v. Lithuania, no. 36662/04, 31 July 2012, § 58.
149 Nada v. Switzerland, § 174.
150 Example from Ciubotaru v. Moldova, no. 27138/04, 27 April 2010, § 55.
151 Example from case Mubilanzila Mayeka and Kaniki Mitunga v. Belgium, § 79.
152 The same is true in general, regardless of the connection of purposes with security. Pieter van Dijk et al
(eds.), Theory and Practice of the European Convention on Human Rights, Intersentia, 2006, p. 340.
PRISMS Deliverable 5.2
38
values: on the one hand, the aim of the limitation and, on the other hand, the limited
fundamental right. The limitation of a fundamental right is justified if there is a proper
relation between the benefit gained by the realization of the aim and the harm caused to the
fundamental right.
The Strasbourg Court follows the methodology of proportionality test even if in its practice
the four steps of the examination and the related parts of argumentation are not always
separated very clearly. In the cases where the ECtHR finds a security-related purpose (such as
national security) to be legitimate according to Article 8(2) of the Convention, it steps
forward to the question of necessity and proportionality. As for the limitation criteria
interpreted by the ECtHR following the identification of a legitimate aim, the Court examines
whether the interfering measure can be considered as ‘necessary in a democratic society’ - as
the limitation clauses, including Article 8(2) of the Convention, cover the requirements of
necessity and proportionality in a joint formula.
Since, as we argued above, the ECtHR is rather reluctant to revise the governments’
references to the different interests of security, the emphasis gets to the latter components of
the proportionality test. The general tendency of the Court is similar: it focuses the scrutiny on
the ‘necessary in a democratic society’ standard.153 This also means that the justification of a
limitation on privacy is mostly a matter of balancing. The protection of privacy against the
states’ interests depends on the Court’s discretion manifesting in comparing the weight of the
interest of security with privacy.
We have to add to the methodology of the test of proportionality that the ECtHR has
developed, among others, the notion of the ‘margin of appreciation’. This doctrine provides
some sort of latitude to the national governments in certain cases, namely in lack of a
European agreement, which is taken into consideration by the Strasbourg Court when it
decides on the justification of a limitation and the proportionate balance. As for the limitation
on privacy in the interest of security this concept is of a high importance, in these cases the
ECtHR acknowledges the States’ wide margin of appreciation.
In one of the most referred judgments about the justification of surveillance for security
purposes, the Court summarised the relevant methodological steps of the legal evaluation,
namely the assessment of necessity, proportionality and the consideration of the margin of
appreciation, as follows: ‘The notion of necessity implies that the interference corresponds to
a pressing social need and, in particular, that it is proportionate to the legitimate aim
pursued [...]. However, the Court recognises that the national authorities enjoy a margin of
appreciation, the scope of which will depend not only on the nature of the legitimate aim
pursued but also on the particular nature of the interference involved. In the instant case, the
interest of the respondent State in protecting its national security must be balanced against
the seriousness of the interference with the applicant’s right to respect for his private life’.154
The margin of appreciation is a component of the methodology featuring in the case law of an
international human rights forum, such as the ECtHR. It reflects the connection between the
discretion exercised by the national legislator or judge and that of the international forum on
the grounds of an international law Treaty.155 Thus, the application of the doctrine of the
margin of appreciation is in principle an exclusive characteristic of the ECtHR’s practice.
153 Pieter van Dijk et al, ibid: p.335.
154 Leander v. Sweden, no. 9248/81, 26 March 1987, §§ 58-59.
155 Barak (2012) p. 420.
PRISMS Deliverable 5.2
39
However, analysing the Strasbourg case law several principles and factors can be identified
which are generally to be taken into consideration evaluating the ‘privacy vs. security’
conflict within the framework of the proportionality test. In other words, we can formulate
some auxiliary theses that specify and help the application of the proportionality test to
the specific conflict between surveillance and information privacy by national courts or
other responsible authorities.
A general principle leading the application of the proportionality test states that Article 8(2) is
to be interpreted narrowly. Being exceptions to the right to respect for private life,
permissible limitations, such as the possibility of surveillance, have to be subject to a rigorous
scrutiny. At the same time, the Court emphasises that ‘[p]owers of secret surveillance of
citizens, characterising as they do the police state, are tolerable under the Convention only in
so far as strictly necessary for safeguarding the democratic institutions’.156
Today, surveillance is realized mainly through various technologies of surveillance.157
Therefore, peculiarities of the surveillance technology used in the case under judgment
are to be investigated. The structured analysis of the peculiarities of technologies is relevant
equally when the necessity and when the proportionality of the interference is adjudged. The
use of an intrusive surveillance technology is considered to be necessary only if less intrusive
methods of surveillance were considered ineffective. As for the proportionality in a narrow
sense, the balance between the interest of security and the right to privacy can also be
influenced by the characteristics of the technological means or the use thereof. Several
questions can be raised, such as whether the technology used is interconnected with other
technologies, who has access to the collected data, or when and for how long the surveillance
technology have been operating, and so on.158
The ECtHR found specific guarantees inherent in the protection afforded by Article 8. The
Court indicated that certain procedural guarantees have to be laid down in national
legislation.159 As it was mentioned above, states have wide discretion to apply even secret
surveillance technologies in order to ensure security. The possibility of surveillance, its
legitimacy and even its necessity are hardly doubtful in the ECtHR’s practice. The legal
evaluation of the limitation is focused on its proportionality in a narrow sense. In this respect,
the proportionality of the limitation can be secured by procedural safeguards. In other words,
in order to establish the balance between security served by surveillance measures and
information privacy procedural guarantees have to be taken into consideration. These
safeguards include the effective domestic judicial proceedings; the Court examines whether
the domestic proceedings were attended by sufficient procedural guarantees. The Court
emphasizes that even where national security is at stake, the concepts of lawfulness and the
rule of law in a democratic society require that measures affecting fundamental human rights
must be subject to some form of adversarial proceedings before an independent body
competent to review the reasons for the decision and relevant evidence, if need be with
appropriate procedural limitations on the use of classified information. The individual must be
able to challenge the executive’s assertion that national security is at stake. Failing such
156 E.g. Klass and Others v. Germany, § 42.
157 The technological developments led to new forms of surveillance, and let the collected data to be processed
and analysed en masse. Surveillance has been changed by dataveillance, and it enabled the interconnection of
surveillance capacities overarching different institutions and technologies (Kevin D. Haggerty and Richard V.
Ericson, The New Politics of Surveillance and Visibility, University of Toronto Press, Toronto, 2006, p. 4).
158 Uzun v. Germany, §§ 78-80.
159 Pieter van Dijk et al, ibid: p.745.
PRISMS Deliverable 5.2
40
safeguards, the State authorities would be able to encroach arbitrarily on rights protected by
the Convention.160
The significance of security reasons may depend on the ‘historical’ context that is often
taken into consideration by the Court when it balances between privacy and security. The
Court often states that nowadays democratic societies find themselves threatened by highly
sophisticated forms of espionage and by terrorism, with the result recognised by the Court
that the State must be able, in order effectively to counter such threats, to undertake the secret
surveillance of subversive elements operating within its jurisdiction. The Court therefore
accepts that some surveillance measures, under exceptional conditions, are necessary in a
democratic society in the interests of national security and/or for the prevention of disorder or
crime.161 The intensity of threat of terrorism changes over the years, and the Court is aware of
that: it accepts the context of threat of terror because of actual terror events as a reasoning for
the adoption of intrusive measures by the legislation, but it also warns that the maintaining or
the reinforcement of such measures over the years may not be justified for longer periods of
time.162 Passage of time may also blur the significance of personal data collected and
therefore weakens the connection between the storage of the personal data and its legitimate
aim, security. Continued storage may not be supported by the original reasons that may
become irrelevant and insufficient after a longer period of time.163
3.3 CONCLUDING REMARKS ON ECTHR CASE LAW
The test of proportionality was discussed above from different aspects. Our starting point was
that, theoretically as well as regarding the jurisdiction in Europe, the test is the most
widespread methodology for deciding human rights conflicts. Then, zooming to the practice
of the ECtHR, one can find that the Strasbourg Court applies the proportionality test on the
grounds of the text of the ECHR as well. In the analysis we focused expressly on cases where
the Strasbourg Court had to decide on the justification of surveillance in conflicts between
privacy and security.
In an early stage of our research we hypothesized that certain temporal changes could be
observed in the argumentation of the ECtHR during the decades of its operation, due to the
increasing value of security and the rapid technological developments. We did not exclude the
possible effects of large-scale terror attacks in the reasoning of the Court either. However,
neither of the two hypotheses could be proved during the analysis of the ECtHR's case law.
We also sought the answer for the question whether the trade-off model can be superseded
using this traditional methodology. Besides describing the theory and practice of
proportionality test in the jurisdiction of the ECtHR, we also came up with suggestions about
the development of the methodology in order to narrow down the field of balancing by courts
and to break out of the regular structure of decision-making, which leads to the see-saw effect
characterizing the trade-off model.
160 Liu v. Russia (No. 2). Procedural guarantees were the most significant element of the decision in cases Klass
and Others v. Germany and Leander v. Sweden.
161 Klass and Others v. Germany.
162 Nada v. Switzerland, § 186. The judgment refers to the years of the fear of terror after 9/11.
163 Segerstedt-Wiberg and Others v. Sweden, no. 62332/00, 6 June 2006, § 90.
PRISMS Deliverable 5.2
41
Two different sorts of suggestions were made. Firstly, the significance of facts should be
increased; in other words, more emphasis should be placed on factual circumstances that are
to be taken into consideration before the balancing phase in the series of the methodological
steps of the proportionality test. When deciding about the rational connection between the
purpose of the limitation and the limiting measure, results of other disciplines shall be relied
on. Sociology, criminology, etc. offer scholarly achievements that make the decision on the
suitability of the intrusive measure a question of fact. More cameras, according to the results
of criminology, do not lead to a higher level of security in general.164 As for the necessity of a
measure limiting privacy, non-legal measures have to be taken into account which can be less
intrusive or do not limit rights at all. This is also a question of facts - whether or not there
exist privacy-friendly, even non-surveilling, technologies for the same security purposes. The
balancing phase of the proportionality test is like using a pair of scales. Trade-off can be
prevented in the previous steps of the test.
Secondly, we suggested to build new aspects into the balancing phase of the test. These new
elements are so-called auxiliary theses, such as exceptions shall be interpreted narrowly,
characteristics of surveillance technologies shall be taken into consideration, similarly the
existence and quality of procedural guarantees of privacy protection, and the decision-maker
shall take into account historical circumstances, too. The auxiliary theses, as a sort of
additional components of the proportionality test in surveillance cases, are supposed to make
the procedure of balancing more controllable and verifiable.
3.4 TEST OF PROPORTIONALITY OF THE ECTHR FOR THE PURPOSES OF THE DSS
The subject of our legal analysis was the so-called test of proportionality that is the most
acknowledged method of the legal evaluation of conflicts between fundamental rights and
other legitimate interests (in our case between privacy and security) in the practice of courts.
The two levels of our contribution were the theoretical analysis of the proportionality test as a
methodological tool of human rights courts, and, the description of the practice of the
European Court of Human Rights regarding the proportionality test in privacy vs. security
cases.
We made suggestions in order to strengthen the strict factual components of the test against
the moral balancing between conflicting rights and legitimate interests:
• increasing the significance of legal facts to be taken into consideration, and
• formulating auxiliary theses that specify and help the application of the proportionality
test.
On these grounds the proportionality test as a methodology can be adapted for the purposes of
the Decision Support System (DSS) aimed at helping the decision-making process about the
introducing, or modifying surveillance systems, technologies and applications. It must be
emphasised that it is only the adaptation of the methodology, however, the outcomes of the
legal cases, the conclusions of the legal evaluation made by the Court cannot be adapted,
since these reflect the vertical legal relations between citizens and the state as fundamental
rights holders and duty bearers. Therefore the emphases and the order of the steps of the test
should be modified.
164 There are many studies that have found CCTV to be ineffective. For a collection of these studies see:
http://www.no-cctv.org.uk/caseagainst/reports.asp
PRISMS Deliverable 5.2
42
The methodological steps, derived from the test of proportionality but adjusted to situations
where the PRISMS DSS is supposed to be used, can be applied in order to facilitate decisions
on the application of surveillance technologies. The following list of questions reflects the
structure of decisions from a legal viewpoint:
The starting point is that there exists an intention to apply a surveillance technology. These
questions relate to the limits and restrictions of the application.
1. Does the planned application of surveillance have implications on people’s privacy? It must
be presumed that any kind of the application of surveillance technologies has such
implications, however, there may be exemptions. The question is whether the surveillance in
question can be qualified as such an exemption.
2.1. Does the surveillance in question have a legal ground? Could you identify the relevant
legal ground?
2.2. Could you interpret the legal ground in a strict way? Could the strict interpretation result
that the identified legal ground does not serve as a suitable basis?
2.3. Does the surveillance in question break an explicit legal prohibition?
3. Could you identify the purpose of surveillance in question as precisely as possible?
4.1. Could you identify the security risks that the surveillance is supposed to react against?
4.2. Is the surveillance in question capable of decreasing these security risks?
5.1. Can the purpose served by surveillance (identified in point 3) be achieved without
surveillance?
5.2. Could you identify the characteristics of the surveillance technology planned to be
applied? (E.g. Who will access to the data collected? Where, when and for how long will the
surveillance means be applied?)
5.3. Considering the identified characteristics (see point 5.2.) one by one, can the purpose
served by surveillance (identified in point 3) be achieved by surveillance that intrudes privacy
to a less extent?
6.1. Do the individuals affected by the surveillance in question have the possibility to exert
control over their surveillance?
6.2. Could you identify the possibilities of the individuals? (E.g. are they informed
proactively? Are they given further information about the details? Are they allowed to object
to the surveillance in general or to certain parts of it, etc.)
6.3. Do these possibilities meet all the requirements prescribed by law?
6.4. Besides fulfilling the legal requirements are the above mentioned measures (points 6.1-
6.2) carried out in a ‘data subject friendly’ way?
PRISMS Deliverable 5.2
43
7. Ultimate balancing between the purpose identified in point 3 and the privacy rights.
In order to further advance the conceptualizing of the decision support system, we created a
detailed flowchart (see below), which follows the logic of the above order of questions.
Privacy
implication?
YES NO
In the future?
Legal basis?
Specific
legal basis?
Identify the purpose!
Identify security risks!
Suitable?
YES
YES
Find legal basis
or terminate!
Modify
or terminate!
NO
NO
Modify
or terminate!
NO
Without
surveillance?
YES
YES
Disproportionate
costs?
Explicit
prohibition?
Modify
or terminate!
YESNO
NO
YES NO
Modify
or terminate!
Identify characteristics
of surveillance!
Characteristics 1 Characteristics 2 Characteristics n
YES
START
decision-making!
NO
TERMINATE
[1]
[2.1]
[2.2]
[2.3]
[3]
[4.1]
[4.2]
[5.1]
[5.2]
PRISMS Deliverable 5.2
44
Characteristics 1 Characteristics 2 Characteristics n
Less
intrusive?
Less
intrusive?
Less
intrusive?
Modify!
Apply! Apply!Apply!
Subject
control?
Subject
control?
Subject
control?
Modify! Modify!
Modify!
Meets all
legal req.?
Meets all
legal req.?
Meets all
legal req.?
Modify! Modify!
Modify!
Subject-
friendly?
Subject-
friendly?
Subject-
friendly?
Modify! Modify!
Identify possibilities! Identify possibilities! Identify possibilities!
YES
YES
YES
YES YES
YES
YES
YES
YES
NO NO NO
NO NO NO
NO NO NO
YES YES YESNO NO NO
Balancing between the
purpose and privacy
Modify elements
if necessary
MAKE DECISION!
[5.3] [5.3][5.3]
[6.1] [6.1] [6.1]
[6.2] [6.2] [6.2]
[6.3] [6.3] [6.3]
[6.4] [6.4] [6.4]
[7]
PRISMS Deliverable 5.2
45
4 SECURITY, PRIVACY AND PERSONAL DATA PROTECTION IN
EUROPEAN HUMAN RIGHTS LAW: ‘BALANCING’ MAYBE, BUT
NOT TRADED-OFF
Gloria González Fuster, Serge Gutwirth
!
The two previous Chapters have put forward specific strategies to study the legal
reconciliation of security and privacy, one from the perspective of the case law of the CJEU
(Chapter 2), and the other based on a complementary analysis of the work of the ECtHR
(Chapter 3). This final Chapter comes back to the knowledge acquired on the relationship
between security, privacy and personal data protection in EU law in light, first, of the
objective of elaborating input for the PRISMS DSS, and second, from the perspective of the
project’s basic research question related to the validity of the trade-off model.
4.1 LEGAL INPUT FOR THE PRISMS DSS
The analyses of the case law of the CJEU and of the ECtHR on the relationship between
security, privacy and personal data protection show both concomitances and discrepancies. In
order to define the input that should be incorporated into the PRISMS DSS, it is necessary to
focus on the issues that arise as crucial in the work of the two Courts. This task, however, can
be rendered peculiarly complex by the fact that in the context of the Council of Europe and in
EU law the same terms sometimes operate with slightly different meanings.
This concerns first and foremost the notion of ‘proportionality’. As already hinted, in EU law
proportionality can be both understood as a principle applicable to EU action, acting as a limit
to such action, and as mirroring the proportionality test devolved by the ECtHR under the
expression ‘necessary in a democratic society’. Even in this latter context, regarding
requirements applicable to legitimate interferences with ECHR qualified rights,
proportionality is generally accepted as referring to two different issues: proportionality in a
wider sense would include the requirements of necessity, suitability and proportionality
(again), this time understood in a narrow sense or stricto sensu. Complicating things further,
such proportionality will depend on whether the measure is limited or not to what is strictly
necessary. Additionally, proportionality is also a notion with a specific incarnation in the area
of EU personal data protection law, where it can notably act as a fundamental principle
underlying all provisions.165 And, ultimately, courts are always entitled to carry out the test of
proportionality as they deem necessary in the case at stake, which typically has been bringing
about different approaches and manifestations.166
Another important issue to consider in order to identify the legal content that should be finally
be integrated into the PRISMS DSS is that the case law of the CJEU and of the ECtHR pursue
each different objectives, which affect the way in which each Court adjudicates. In this sense,
for instance, the doctrine of the margin of appreciation, even if crucial to understand the case
165 Gutwirth, Serge, “De toepassing van het finaliteitsbeginsel van de Privacywet van 8 december 1992 tot
bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens”, Tijdschrift
voor Privaatrecht, 4/1993, pp. 1409-1477 and Christopher Kuner, “Proportionality in European Data Protection
Law and Its Importance for Data Processing by Companies”, Privacy & Security Law Report 7, 44, 2008, p.
1617.
166 Noting there is no such as thing as the application of the proportionality principle: Jan H. Jans,
“Proportionality Revisited” Legal Issues of European Integration, 27, no. 3, 2000, p. 264.
PRISMS Deliverable 5.2
46
law coming from Strasbourg, plays a very specific function related to the relation between the
ECHR and its contracting parties, which does not need to be reproduced in a setting such as
those in which the PRISMS DSS is to be used.
Taking all this into account, it seems appropriate to filter the output generated by the analysis
carried out in Chapter 2 and 3, and to ensure that the legal input to be incorporated into the
PRISMS DSS focuses on substantive key issues according to both the Luxembourg and
Strasbourg Courts, notably: the pursuance of a legitimate aim, the existence of a legal ground,
the suitability of the measure to pursue the targeted aim, the strict necessity of the measure
and the safeguards ensuring it does not go beyond to what is necessary (see upcoming
deliverable on PRIMS DSS for further details). Although all these criteria can be traced back
to the implementation of the proportionality test, none of them raises the question of whether
the measure is ‘proportionate’ or ‘disproportionate’ in abstract terms, which has the advantage
of eliminating the ambiguity linked to the use of those terms.
4.2 JUDICIAL ‘BALANCING’ AS A STRICT INQUIRE INTO NECESSITY?
The PRISMS project has as key general concern to illuminate, from different disciplines and
perspectives, the validity of the trade-off model as a way of thinking the relationship between
security and privacy. The trade-off model can be envisioned as the need to opt for either
security without privacy, or for privacy without security, as if security and privacy were
mutually exclusively167 or as if one could only be achieved at the expenses of the other. In a
slightly more refined conception, the trade-off model can also be construed as an imperative
to always balance security and privacy against each other, as if the only possibility to
reinforce security was to diminish the enjoyment of the rights to respect for private life and
personal data protection, and vice versa.
To a certain extent, the judicial approaches reviewed in Chapters 2 and 3 appear to integrate
balancing exercises. Chapter 3 has notably described the essence of the proportionality test as
conditioning interferences with the right to respect for private life to the need to ensure that
privacy and security stand in balance (see concretely Section 3.1).
The exact significance of the balancing operating in human rights law has however been
much discussed in the literature. In this sense, the doctrine has observed that, although indeed
judges do often refer to the gesture of ‘balancing’ and the need to strike fair ‘balances’, in
reality balancing generally functions more as a discursive strategy than as a genuine weighing
operation: balancing, thus, would be something that judges say they do, as opposed to
something they actually do.168
Furthermore, even if the reality of the weighing up of interests and rights by judges is
accepted, it is undisputable that such weighing up is only accepted by the judges in a highly
controlled context, surrounded by specific rules and if accompanied by a series of
requirements that aim to condition or at least affect the result of the weighing operation,
requirements that are conditioned by the judges themselves. These limitations, and the
167 Leading to ‘all-or-nothing’ choices (see, in this sense: Daniel J. Solove, Nothing to Hide: The False Tradeoff
between Privacy and Security (New Haven & London: Yale University Press, 2011).
168 Jacco Bomhoff, Balancing Constitutional Rights: Introduction, LSE Legal Studies Working Paper No.
22/2013, London School of Economics and Political Science Law Department, available at SSRN:
http://ssrn.com/abstract=2343536, p. 2.
PRISMS Deliverable 5.2
47
importance given by the Courts to their refinement, can be understood as signalling the
weaknesses inherent to uncontrolled weighing exercises, and thus, to some extent at least, as a
resistance to reduce judicial decisions to a mere balancing of rights and interests.
Insofar as the CJEU case law is specifically concerned, references to the gesture of
‘balancing’ are present, but in reality they generally allude to the imperative to strictly inquiry
into the necessity of the measures at stake. In this sense, for instance, when in the Schecke
judgment the Court of Justice concludes that EU institutions have not ‘properly balanced’ the
legitimate objective of transparency and the rights enshrined in the Charter’s Article 7
and 8,169 it does so after observing that ‘[t]here is nothing to show’ that, when adopting the
contested provision, EU institutions took into consideration methods which would consistent
with the objective pursued while at the same time causing less interferences with individual
rights.170 The problem is thus that the EU legislator appears to have granted ‘automatic
priority’ to the objective of transparency.171 A proper balance, it can be deduced, might have
been guaranteed if such exploration of the potential less invasive methods would have taken
place.
In practice, the inquiry into the possible existence of less invasive methods is to lead to
incorporate into any invasive measure a set of distinctions based on criteria that objectively
attest of the genuine relation between the measure and the aim pursued. In the Schecke
judgment, where what was at stake was the online publication of personal data related to
beneficiaries of EU aid for the purposes of increasing transparency of public funds, in order to
strike a fair balance EU institutions would have had to draw distinctions ‘based on relevant
criteria such as the periods during which those persons have received such aid, the frequency
of such aid or the nature and amount thereof’.172
From this perspective, balancing can be described as basically representing a fine-tuning of
measures that interfere with fundamental rights to ensure that such interference is as limited
as possible, and the absence of such fine-tuning inevitably leads to un-balanced, excessive,
disproportionate measures. Interestingly, when security measures involve the processing of
personal data, such fine-tuning will inescapably require the taking into account of personal
data protection principles, which transforms personal data protection laws into a sort of
interface, or the hinge allowing security measures to be regarded as legitimate and move
forward.
4.3 DISOWNING THE TRADE-OFF MODEL
What is certain, in any case, is that for the CJEU, and thus for the purposes of EU law, the
idea that it is necessary to chose between a legitimate interest and the insurance of
fundamental rights such as the right to privacy and personal data protection is not tenable.
Such vision was explicitly repudiated by the Luxembourg Court in the Worten judgement,
concerning the monitoring of working conditions, and concretely the obligation to always
allow for immediate consultation by responsible authorities information relating to the
169 Schecke, § 86.
170 Idem, § 81.
171 Idem, § 85.
172 Idem, § 81.
PRISMS Deliverable 5.2
48
workers’ working time.173 In that case, one of the parties had argued that the obligation to
make available working time information would result in disproportionately giving general
access to personal data, but the CJEU asserted that such line of argument could not succeed.
Indeed, the CJEU noted that the making available of some information to a certain party had
to be implemented while at the same time implementing personal data protection provisions
requiring that only those persons duly authorised to access the personal data in question were
entitled to process it.174 It is clear, thus, that processing personal data for a legitimate purpose
does not allow to just generally derogate from personal data protection obligations; on the
contrary, these obligations become crucial to effectively delimit interferences with individual
fundamental rights.
This fact ultimately tends to confirm the idea already advanced in PRISMS Deliverable 5.1
according to which the ‘security / privacy’ dichotomy must be replaced with a triangular
image in which coexist security, privacy and personal data protection. Importantly, this is not
a dual picture where security is on one side opposed to (or confronted with, or weighed up
against) privacy and personal data protection on the other. On the contrary, the picture that
emerges from our analysis is that of a genuinely three-sided relationship, where personal data
protection is often called upon to calibrate or mediate potential disparate tensions emanating
from privacy or security objectives.
173 Case C-342/12, Worten – Equipamentos para o Lar SA v Autoridade para as Condições de Trabalho (ACT),
30 May 2013, ECLI:EU:C:2013:355.
174 Ibidem, § 27.
PRISMS Deliverable 5.2
49
BIBLIOGRAPHY
Alexy, Robert, A Theory of Constitutional Rights, Oxford University Press, Oxford, 2002.
Barak, Aharon, Proportionality: Constitutional Rights and their Limitations, Cambridge
University Press, Cambridge, 2012.
Bomhoff, Jacco, Balancing Constitutional Rights: Introduction, LSE Legal Studies Working
Paper No. 22/2013, London School of Economics and Political Science Law
Department, available at SSRN: http://ssrn.com/abstract=2343536
Conseil d’État, Étude annuelle 2014 du Conseil d’État#: Le numérique et les droits
fondamentaux, La Documentation française, Paris, 2014.
De Vries, Sybe, Ulf Bernitz, and Stephen Weatherill, “Introduction” in Sybe De Vries, Ulf
Bernitz, and Stephen Weatherill (eds.), The Protection of Fundamental Rights in the
EU After Lisbon, Hart Publishing, Oxford and Portland, Oregon, 2013, pp. 1–7.
European Data Protection Supervisor (EDPS), The EDPS as an advisor to EU institutions on
policy and legislation: Building on ten years of experience, Policy Paper, Brussels,
June 4 2014.
European Union Agency for Fundamental Rights (FRA), Handbook on European data
protection law, Publications Office of the European Union, Luxembourg, 2014.
González Fuster, Gloria, The Emergence of Personal Data Protection as a Fundamental
Right of the EU, Springer, Dordrecht, 2014.
González Fuster, Gloria, Serge Gutwirth, Ivan Székely, and Erik Uszkiewicz, "Discussion
paper on legal approaches to security, privacy and personal data protection", PRISMS
Deliverable 5.1, 2013. http://prismsproject.eu/wp-content/uploads/2012/06/PRISMS-
D5-1-Legal-approaches.pdf
Gutwirth, Serge, “De toepassing van het finaliteitsbeginsel van de Privacywet van 8 december
1992 tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking
van persoonsgegevens”, Tijdschrift voor Privaatrecht, 4/1993, pp. 1409-1477.
--- "Providing the missing link. Law after Latour's passage", to be published in McGee
K. (ed.), Latour and the passage of law, Edinburgh University Press, 2015.
Jans, Jan H., “Proportionality Revisited” Legal Issues of European Integration, 27, no. 3
2000, pp. 239–65.
Kevin D. Haggerty and Richard V. Ericson, The New Politics of Surveillance and Visibility,
University of Toronto Press, Toronto, 2006.
Hustinx, Peter, EU Data Protection Law: The Review of Directive 95/46/EC and the
Proposed General Data Protection Regulation, July 2013,
https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDP
S/Publications/Speeches/2014/14-09-15_Article_EUI_EN.pdf.
Kokott, Juliane, and Christoph Sobotta, “The Distinction between Privacy and Data
Protection in the Jurisprudence of the CJEU and the ECtHR”, International Data
Privacy Law, 3(4), 2013, pp. 222–28.
Krisch, Nico, “The Open Architecture of European Human Rights Law”, Modern Law
Review 71, 2008, pp. 183-216.
PRISMS Deliverable 5.2
50
Kuner, Christopher, “Proportionality in European Data Protection Law and its Importance for
Data Processing by Companies”, Privacy & Security Law Report 7, 44, 2008, pp.
1615-19.
--- Transborder Data Flows and Data Privacy Law, Oxford University Press, Oxford,
2013.
Lock, Tobias, “The ECJ and the ECtHR: The Future Relationship between the Two European
Courts”, The Law and Practice of International Courts and Tribunals, 8, 2009.
Lynskey, Orla, “Deconstructing Data Protection: The ‘Added-Value’ of a Right to Data
Protection in the EU Legal Order”, International and Comparative Law Quarterly 63,
pp. 569–97.
Martín y Pérez de Nanclares, José. “Comentario al Artículo 7: Respeto de la vida privada y
familiar” in Luis N. González Alonso (ed.), Carta de los Derechos Fundamentales de
la Unión Europea: Comentario artículo por artículo, Fundación BBVA, 2008, pp.
209–22.
Oliver, Peter, “The Protection of Privacy in the Economic Sphere before the European Court
of Justice”, Common Market Law Review 46 (2009), pp. 1443–83.
Rauhofer, Judith, and Caspar Bowden, Protecting Their Own: Fundamental Rights
Implications for EU Data Sovereignty in the Cloud, University of Edinburgh, School
of Law, Edinburgh, 2013.
Solove, Daniel J., Nothing to Hide: The False Tradeoff between Privacy and Security, Yale
University Press, New Haven and London, 2011.
van Dijk, Pieter et al (eds.), Theory and Practice of the European Convention on Human
Rights, Intersentia, 2006.
