Conference PaperPDF Available

The Fundamental Rights in Data Protection - a transnational problem with different approaches. a comparative study



Today we can reach every kind of information with just one click. This is a reality in every part of the globe. Access to information is at its highest peak. We never had so easy access to such amount of information. Although this constitutes a great step in globalization and can help straighten international relations, it can also create new problems at a fundamental rights level. When we post on Social Media or fill in a form to create an email account, our personal data travels from one point of the globe to another in nanoseconds. We agree to certain terms and conditions for the use of said tools, but we do not actually know how they can be used by our service provider. Privacy issues arise. Do we really understand the type of information we are providing? Can we expect to have our data protected by our email provider or a social media provider? To what extent can we expect to have our data protected? Various concepts that affect our fundamental rights are here intertwined. We understand now that the issue of data protection is only solved with a working and dynamic balance between essential concepts that we - until the breakthrough of the information era - conceived as absolute, such as privacy and freedom of expression. This balance is assumed differently in regard to the different constitutional cultures and History in the various legal systems. On this communication, we will shine some light on these concepts and their existence in two, very different, juridical systems. We will analyze the recent right to be forgotten under European Law - that was introduced by the influence of European Union’s Court of Justice and now holds within Article 17 of the General Data Protection Regulation – how it is integrally connected to our right to privacy but should be balanced with freedom of expression and the right to information of others. In parallel, we will also understand if these mechanisms established in consequence of the right to be forgotten would work within or if it even can be integrated the Common-Law System, namely the United States legal system. On this line of thought, we also will analyze the well-conceived concept of reasonable expectation of privacy in the Common-Law system, aiming to understand the framework that could accommodate said concept in the European Legal system. The reflection we purpose to undertake aims to understand the line of thought were both systems insert this problem and how the balance between the relevant fundamental rights are made. We believe we are before an essential study that will allow us to reach common ground on a transversal (and transnational) problem that should have a transnational solution.
The Fundamental Rights in Data Protection - A transnational problem with different
approaches: a comparative study
Sofia Felício Caseiro
As the title of this communication explicitly mentions, we will be analysing the thematic of the
fundamental rights affected or protected in data protection from two different points of view -
the European and the American.
Why is this a transnational problem?
Today we cannot deny the influence of the internet in our daily lives. As a global phenomenon,
the internet and more recently social media, now influences how we relate to the world, and how
the world sees us. Our technological footprint is increasingly relevant in how we relate to what
surrounds us, the information we leave with our navigation online is precious information for
marketers, companies, banks and even employers. Therefore, we should be aware of what that
information is, but also, how it is protected.
Protection of Privacy in intimately related to our culture. As such, the concept of privacy differs
between legal systems, as John Dowdell puts it “on the two sides of the Atlantic there are two
different cultures of privacy, which are home to different intuitive sensibilities”. Today, these
diverse sensibilities can interfere with the fundamental rights of a person whose privacy is
violated online. Data Protection obviously depends on the definitions of privacy, and as there is
no uniformization of the understanding on what should be protected or not, on the limit, one’s
information can be available online in the United States, but not available in Europe. These
restrictions in the name of privacy can also mean restrictions of right to information. There is a
fine line between these two concepts, that is highlighted by the blooming of the information era
and fast spreading of information.
We will analyse the different mechanisms that exist in the different legal systems and
understand if they would protect privacy as it is understood at a fundamental level.
What is Privacy in the American System?
The concept of privacy is deeply connected with the tradition and culture.
The embryonical history of the United States of America reveals a tradition wary of the
centralised power. This distrust, that gave rise to a reactionary origin, is enshrined in the roots
of the American legal system. Although the word Privacy is absent from the Declaration of
Independence of the United States, from the Constitution and from the Bill of Rights, we can
find hints of the concept of privacy within the several amendments to the Constitution.
The Fourth Amendment, prohibiting unjustified searches or seizures, indicates the
understanding of the government as the primary enemy of privacy. On the other hand, the First
Amendment introduces the right to a free press, strongly opposing to punishing the
dissemination of truthful information relevant to the public interest.
Privacy is posed into question when the definition of public interest is not directly defined by
the law. In fact, there are no general privacy laws in force in the United States, therefore, case
law prevails in the matter.
The right to privacy is a construction built case by case.
When, the Fourth Amendment was put into question in the case
Katz v. US
(1967), it was the
first time it was considered that government wiretapping was a violation of privacy, fitting onto
the logic of the protection from unjustified searches and seizures by the government. The
Amendment requires that the privacy of an individual can only be violated by the government if
there is a probable cause of a crime, that should be supported by a court issued warrant or a
grand jury subpoena. The limit to the government's action is this expectation of privacy, that
must be reasonable, in the sense that society, in general, should recognise it as such.
Another dimension of privacy was found in the case
NAACP v. Alabama
(1958) in which the
Court recognised the right to associational privacy under the First Amendment.
Griswold v. Connecticut
(1965), another privacy right was created having as basis the First,
Third, Fourth, Fifth and Nine Amendments. Here, the Court invalidated a Connecticut Law
prohibiting ‘contraceptives and the practice of medical professionals assisting anyone in
acquiring contraceptives’, stating that the reproductive autonomy in a marriage is a ‘right to
privacy older than the Bill of Rights’. This privacy was given to unmarried couples later in 1972
Eisenstadt v. Baird
, and the right of privacy in intimate relations was cemented then.
As Professor James Whitman wisely points out, the American privacy is understood as liberty
from the government, therefore we can find, within the Supreme Court, inconsistent case law
when First Amendment’s protection of freedom of the press is faced with the plaintiff's privacy.
If the government is involved, institutions tend to shift in favour of privacy.
What is Privacy in the European System?
The concept of privacy in the European legal system is notably different from the American. In
Europe, although freedom of the press is important and relevant, it does not prevail above the
privacy of individuals. Recalling, again, the teaching of John Dowdell, as well as in America privacy
is an issue of liberty, in Europe, it is considered a matter of dignity. Americans are more tolerant
to injuries to private interests of individuals, to sustain a maximally free press, as Europeans are
more tolerant to government surveillance and access to their homes. We can understand a
higher confidence in the government in Europe, in detriment of confidence in the market, which
Americans face as trustworthy.
Within the European Union legal acquis, right to privacy is an autonomous fundamental right,
under Article 8 of the Charter of Fundamental Rights of the European Union. This article lays
down the principles for the correct treatment of data, also legitimising secondary legislation on
the matter. (As we know, under article 6 of the European Union Treaty, the Charter as the same
force as the Treaty, being a part of the European Constitutional Law). The content of Article 8
of the Charter was inspired by the Article 8 of the European Convention on Human Rights, but
also by Convention 108 of the Council of Europe - the Convention for the Protection of
Individuals regarding Automatic Process of Personal Data, which was signed by all the EU
Article 8 of the ECHR features the right for the respect of a private life. However, it does not
define privacy as a concept. Private life is wider than the right to privacy because it concerns a
sphere within which everyone can freely pursue the development and fulfilment of its
personality. The article also establishes the limitations on which these rights can be interfered
with. The limitation test - to evaluate if article 8(1) can be surpassed - includes 3 criteria. First,
As we can see in
Florida Star v. JBF
Hanlon v. Berger
the interference must be in accordance with the law, then it must pursue one or more legitimate
aims and lastly, it must be “necessary for a democratic society to achieve those aims”.
Article 8 also imposes a positive obligation upon the signatory states. The states are obliged to
act and take active steps onto ensuring the enjoyment of rights protected by the Convention.
As to secondary legislation, the first Directive on data protection dates to 1995 (Directive
95/46/EC). In its Article 1, it defines that a right to privacy must be ensured to protect natural
person’s fundamental rights and freedoms. This legislation was, in fact, a milestone in the history
of personal data. However, with the evolution of technology, the need emerged to strengthen
what was previously defined, with more detail considering the massive circulation of data online.
The General Data Protection Regulation (Regulation (EU) 2016/679) - that will entry into force
in May 2018 - is the result of the rethinking of the European Data Protection System.
How is it Privacy protected?
Europe - right to be forgotten
The Right to be Forgotten is, understood by some (John Dowdell), as the strongest online
privacy protection to date.
To understand the Right to be Forgotten, we should understand the relationship between data
protection and privacy. Simply put: the right to privacy, which protects the private life, is broader
than data protection, because it includes more dimensions. Data Protection only includes the
processing of personal information related to an identifiable person regardless of whether their
processing has any effect on privacy. It is when the two meet that the problem can emerge, and
protection instruments like the right to be forgotten, can be activated.
Although the
Costeja v. Google
decision represents a threshold in the history of the right to be
forgotten, this protection mechanism has been in practice in some European Countries for a
few years.
In the UK, the Rehabilitation of Offenders Act of 1974, introduce the practice of, after a certain
period of time, criminal convictions and other similar information would not be regarded when
obtaining insurance or seeking employment. Le droit d’oubli was recognised in French Law in
2010, 4 years before European Court of Justice decided that Mr Costeja had the right to be
forgotten by Google.
In the case of Mr Costeja, the prejudicial question sent to the court concerned the Directive
95/65/EC and its definition of data controller. Ultimately, this decision influenced the clarified
Right to be Erased (Right to be forgotten) that is laid out in Article 17 of the new General Data
Protection Regulation, in the sense that it would be applicable to online data, and that search
engines, like Google, are considered data controllers and as such must comply with the duties
established in the Regulation.
This new instrument is the product of a reform on data protection legislation that began in
2012. From this reform, two instruments emerged: a new Directive that regulates areas of police
and judicial cooperation and the new General Data Protection Regulation, which comprehends
a clear modernisation and unification of the rules on data protection.
Article 17 of the new GDPR was widely discussed during the preparation of the regulation. The
denomination was something that changed from the first reading in the European Parliament,
that resulted in the dropping of the denomination of the right to be forgotten, including only
the term “right to be erased”. In the final text of the regulation, both denominations were
included as synonyms.
America Protection of privacy within the Constitution
Protection of privacy in the United States is not regulated by any general law or act. The notion
of privacy expands and contract over time, as a reaction to the realities and views that change
daily. We can organise privacy rights in the US into two categories: one regulated by the
government and the other under common-law.
Privacy regulation is provided by a diverse group of Federal and State laws and regulations that
can overlap each other, and sometimes contradict one another. Adding to these laws and
regulations, Federal Agencies developed several guidelines and “best practice” rules, but these
do not have force of law. Americans can also see their data protected through broad consumer
laws that prohibit unfair and deceptive practices involving the disclosure of, and security
procedures for protecting, personal information.
President Trump stalled the growth of data
Mariusz Krzysrofek, 867
protection, when he repealed Federal Communications Commission's privacy protections for
internet users. This action took down a landmark policy from the Obama administration. This
policy would have (it would entry into force later 2017) banned Internet providers from
collecting, storing, sharing and selling certain types of customer information (web browsing
history, app usage history, location details, etc) without the user's consent.
What is the best way of protection?
Understanding that this is in fact a transnational problem, and that, at its limit, privacy should
be considered as a Human Right, it is important to open the conversation on what is the best
path to achieve a transnational solution.
Several proposals are on the table:
Some consider that a right to be forgotten should be implemented in the American system. The
issues of this implementation could affect the development and running of tech companies,
therefore, there are strong voices from Silicon Valley raising. Techcrunch (a highly recognised
blog on the technological field) recognises the merit of the right to be forgotten but refers to
its impotency, considering the current working of the internet, and especially social media. They
argue that all the social media platforms provide us with the possibility to delete posts, however,
once the information spreads it is almost impossible to delete it because it will be automatically
archived. The obstacles to the implementation of a right to be forgotten in the United States
do not stop with the lobbying by the companies in Silicon Valley
, they continue with the
articulation needed with the First Amendment. When protecting freedom of speech and of the
press, the First Amendment also establishes that “Congress shall not make no law… abridging”
these rights. These are, as we saw, to the Americans, at a higher level than an individual’s dignity.
Therefore, we comprehend the voices that tell us that a right to be forgotten in the United
States is impossible to uphold.
Some academics assume that the solution should be developed in the basis of a comprehensive
multilateral agreement under which, the different signatories, would define shared principles
and standards for privacy protection, solving the online data protection problem. David Cole and
In 2013, Google paid D.C. lobbyists 15.8 million dollars to influence legislation.
Federico Fabbrini discuss a worldwide charter of privacy principles, while Ian Brown and others
go further, considering an international agreement of cooperation between States, that could
be able to reach nondemocratic states. In this ambitious framework, they consider an agreement
that would gather foreign intelligence, allowing a rapid implementation and legitimacy for
justified intelligence-gathering.
In conclusion, we understand that the restrictions to solve this transnational issue are immense and that
they relate to values enshrined into the different cultures, which can difficult dialogue. But,
understanding that this transnational problem with global implications, should press onto the urgency
in finding a solution. I would love to discuss with you your thoughts and perspectives on the problem
and its solution.
- Thank you
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.