Tải bản đầy đủ - 0trang
6 Ambitions of the EU in Promoting Fundamental Rights: Understanding the Context of Privacy and Data Protection and the Internet Under EU Law
2.6 Ambitions of the EU in Promoting Fundamental Rights: Understanding…
The Court of Justice confirmed in Kadi and Al Barakaat82 the applicability of the
fundamental rights to all situations by ruling that “[T]he obligations imposed by an
international agreement cannot have the effect of prejudicing the constitutional
principles of the EC Treaty, which include the principle that all Community acts
must respect fundamental rights”. Neither this ruling nor this statement is fully
uncontroversial83; both, however, reflect the current state of EU law and confirm the
external effect of EU fundamental rights.
This case law is in line with Article 21 TEU, which expresses the universality and
indivisibility of human rights and fundamental freedoms in relation to external
action of the European Union. Under Article 3(5) TEU, European values are not
confined to the territory of the Union: “In its relations with the wider world, the
Union shall uphold and promote its values and interests and contribute to the protection of its citizens.” Article 21 TEU elaborates: “The Union’s action on the international scene shall be guided by the principles which have inspired its own creation,
development and enlargement”.84 Article 21(3) TEU then clarifies that these principles should not only guide the Union’s external action, but also the external
aspects of all its policies. The European Council states in its famous Laeken
Declaration on the future of Europe (2001)85 that the Union seeks to set globalisation within a moral framework.
Although fundamental rights are applicable to all situations within the scope of
EU law, this broad applicability does not extend the competence of the Union.86
Instead, the broad applicability is a consequence of the broad objectives and activities of the Union, which are a source of interpretation for the Court of Justice.87
Most fundamental rights, including the rights to privacy and data protection, are
not absolute rights. Article 52(1) Charter specifies that the exercising of rights may,
under certain conditions, be limited. The limitation must be provided for by law,
while the essence of the rights must be respected and the limitation must be proportional. A proportionality test is at the core of the Court’s review of limitations of
fundamental rights and takes various factors into account. The Explanations to the
Charter specify that the wording of Article 52(1) Charter was taken from the case
Joined Cases C-402/05P and 415/05P, Kadi and Al Barakaat, EU:C:2008:461, at 285.
E.g., the contributions of De Búrca and Halberstam in: Gráinne de Búrca and J.H.H. Weiler
(eds), The Worlds of European Constitutionalism (Contemporary European Politics), (Cambridge
University Press, 2012).
This is also specified in Article 21(2) TEU, which – as far as relevant here – reads: “The Union
shall define and pursue common policies and actions, and shall work for a high degree of cooperation in all fields of international relations, in order to: (a) safeguard its values, fundamental interests, security, independence and integrity; (b) consolidate and support democracy, the rule of law,
human rights and the principles of international law (…).”
European Council, Presidency conclusions – Laeken, 14 and 15 December 2001, incl. Annex I,
Laeken Declaration on the future of the European Union.
Koen Lenaerts and Piet van Nuffel, European Union Law (third edition), Sweet & Maxwell,
2010, at 111. On EU competence, see Chap. 4 of this book.
Case 270/80, Polydor, EU:C:1982:43, at 16, on “interpretation in the light of the Community’s
objectives and activities as defined by Articles 2 and 3 of the EEC Treaty”.
2 Privacy and Data Protection as Values of the EU That Matter, Also…
law of the Court of Justice. Limitations should “not constitute, with regard to the
aim pursued, disproportionate and unreasonable interference undermining the very
substance of those rights”.88 A different test is applied in the specific situation of
when two fundamental rights in the Charter need to be balanced.89
2.6.2 Fundamental Rights Protection and the Internet
The broad applicability of fundamental rights has specific relevance in connection
with the complex and developing information society. Individuals are entitled to the
protection of their fundamental rights when they are active on the internet (online),
in the same way as when they are acting in any other capacity (offline).90 In principle, the outcome must be the same: the same level of protection must be afforded
independently of the circumstances and situations requiring protection, be they
online or offline. The EU institutions and bodies – and the Members States, as far as
they act within the scope of EU law – are obliged to ensure this.
In an internet environment, the protection of EU citizens extends to acts of third-
country companies and authorities. Protection against actors outside the European
Union is an inherent part of the protection that must be given, as provided for in the
Treaties. Protection is needed in situations where EU citizens do not actively move
outside the Union, or sometimes do not even engage with third-country companies,91
such as where citizens’ personal data are transferred to third countries, sometimes
even without their knowledge, because European governments or companies use
non-EU cloud providers.92
There is a similar need for protection where parties in third countries (companies
and/or authorities) have access to data stored in Europe. An example of the latter is
the transfer of personal data from the European Union to the United States for the
Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on
See Chap. 5, focusing on exceptions and derogations to the rights to privacy and data
See also the UN Resolution affirming that the same rights that people have offline must also be
protected online: UN General Assembly, Human Rights Council, “The promotion, protection, and
enjoyment of human rights on the Internet”, Doc. No A/HRC/20/L.13, 29 June 2012, available on:
See also: UN General Assembly plenary on 18 December 2014, Resolution “Right to Privacy in
the Digital Age” (A/RES/69/166), affirming “that the same rights that people have offline must
also be protected online, including the right to privacy”.
Where EU citizens move outside the Union, they are possibly still entitled to protection under
EU law. This is argued in, for instance, Kuner’s contribution in: Hielke Hijmans and Herke
Kranenborg (eds), Data protection anno 2014: how to restore trust? Contributions in honour of
Peter Hustinx, European Data Protection Supervisor (2004–2014), (Intersentia, 2014). However,
this is a much more complex issue and the need for protection is less evident.
It is for this reason that Directive 95/46/EC contains a chapter on the transfer of personal data to
2.7 Fundamental Rights Protection Against Private Parties Acquires a New…
purposes of the Terrorist Finance Tracking Program. Under the agreement between
the EU and the US, the Society for Worldwide Interbank Financial Telecommunication
(SWIFT) as a designated provider provides certain financial data of residents of the
EU to the US Treasury Department.93
The broad applicability does not necessarily mean that individuals are entitled to
protection against all risks on the internet. Effective protection against all risks – a
zero-risk approach – would be difficult to achieve, as this book explains in relation
to privacy and data protection. Moreover, fundamental rights coincide and sometimes collide with other fundamental rights and public interests. Trade-offs therefore have to be made, as in the case, for instance, of the trade-off between privacy
undamental Rights Protection Against Private Parties
Acquires a New Dimension on the Internet, Particularly
for Privacy and Data Protection
Privacy and data protection need to be ensured on the internet in relationships
between individuals (‘data subjects’) and data controllers; in many situations, the
latter are private parties, including big internet companies, with a strong market
position. Situations where individuals are engaged with other individuals or legal
persons under private law are referred to as horizontal situations. The specific
importance of the protection of individuals against acts of private parties on the
internet justifies discussing these horizontal situations in a separate section.94
The applicability of the Charter in purely horizontal situations remains unclear.
The issue of whether it is applicable may arise in a civil dispute between two private
parties – the data subject and the data controller – but also during an enforcement
action of a supervisory authority against a private data controller. Although the latter
situation may not necessarily qualify as horizontal,95 the underlying issue is the
same: is the Charter directly binding on private parties?
At first sight, the answer to the question of whether the Charter applies in horizontal situations seems to be negative. The Charter does not protect individuals
against other individuals or legal persons under private law, and nor does it bind
private parties. Article 51 Charter is addressed to the EU institutions and bodies, and
Council Decision of 13 July 2010 on the conclusion of the Agreement between the European
Union and the United States of America on the processing and transfer of Financial Messaging
Data from the European Union to the United States for the purposes of the Terrorist Finance
Tracking Program, OJ L 195/3.
See, on powers on the internet, Chap. 3.
The dispute is not horizontal. Mirjam de Mol, “The novel approach of the CJEU on the horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU law?”,
Maastricht Journal of European and Comparative Law, (1–2) pp. 109–135 2011, at 110.
2 Privacy and Data Protection as Values of the EU That Matter, Also…
to the Member States when they are implementing EU law.96 This would mean that
private parties, such as the big companies processing large amounts of personal data
on the internet, are prima facie excluded from the personal scope of the Charter.
There is a parallel here with the denial of direct effect of EU directives expressly
directed at Member States and not at individuals.97
At second glance, however, the answer is not evident, despite the fact that much
has been written on the horizontal direct effect of EU law,98 as well as on the application of fundamental rights in relations between private parties (in horizontal
situations),99 including in connection with the Charter.100 Contrary to first impressions, therefore, the main arguments support the direct applicability of the Charter –
in particular, provisions of the Charter with sufficient precision – in horizontal
our Arguments Supporting Direct Applicability
in Horizontal Situations
Firstly, the Charter is part of EU law and even has the same status as the Treaties.
One of the basic foundations of EU law – as far back as Van Gend and Loos101 – is
that, under certain conditions, individuals have directly enforceable rights and
duties, also vis-à-vis other individuals.102 On the one hand, Article 51(2) Charter
does not extend the field of application of EU law, although, on the other hand, the
Court of Justice declared in Åkerberg Fransson that situations cannot exist within
the scope of EU law without the fundamental rights in the Charter being applicable.103 In this hypothesis, the horizontal effect of the Charter would be the consequence of the existence of directly enforceable rights and duties within the scope of
As broadly interpreted in Case C-617/10, Åkerberg Fransson, EU:C:2013:105.
Case C-152/84, Marshall I, EU:C:1986:84, at 48.
See: Paul Craig and Gráinne de Búrca, EU Law, Text, Cases and Material (Fifth Edition),
(Oxford University Press, 2011) and the literature mentioned there.
E.g., L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van
privacy W.E.J. Tjeenk Willink, 1992.
E.g., Ward in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter
of Fundamental Rights, A Commentary (Hart Publishing, 2014), under the heading “Issues yet to
be fully resolved by the Court”. See also: Mirjam de Mol, “The novel approach of the CJEU on the
horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU
law?”, Maastricht Journal of European and Comparative Law, 2011 (1–2), pp. 109–135; Allan
Rosas and Lorna Armati, EU Constitutional Law, an Introduction (Hart Publishing, 2010), at
Case 26/62, Van Gend & Loos, EU:C:1963:1.
On this, see, e.g.: Eric Engle, “Third Party Effect of Fundamental Rights (Drittwirkung)”, Hanse
Law Review, Vol. 5, No 2, 2009.
Case C-617/10, Åkerberg Fransson, EU:C:2013:105, at. 21.