Tải bản đầy đủ - 0 (trang)
6 Ambitions of the EU in Promoting Fundamental Rights: Understanding the Context of Privacy and Data Protection and the Internet Under EU Law

6 Ambitions of the EU in Promoting Fundamental Rights: Understanding the Context of Privacy and Data Protection and the Internet Under EU Law

Tải bản đầy đủ - 0trang

2.6  Ambitions of the EU in Promoting Fundamental Rights: Understanding…



33



The Court of Justice confirmed in Kadi and Al Barakaat82 the applicability of the

fundamental rights to all situations by ruling that “[T]he obligations imposed by an

international agreement cannot have the effect of prejudicing the constitutional

principles of the EC Treaty, which include the principle that all Community acts

must respect fundamental rights”. Neither this ruling nor this statement is fully

uncontroversial83; both, however, reflect the current state of EU law and confirm the

external effect of EU fundamental rights.

This case law is in line with Article 21 TEU, which expresses the universality and

indivisibility of human rights and fundamental freedoms in relation to external

action of the European Union. Under Article 3(5) TEU, European values are not

confined to the territory of the Union: “In its relations with the wider world, the

Union shall uphold and promote its values and interests and contribute to the protection of its citizens.” Article 21 TEU elaborates: “The Union’s action on the international scene shall be guided by the principles which have inspired its own creation,

development and enlargement”.84 Article 21(3) TEU then clarifies that these principles should not only guide the Union’s external action, but also the external

aspects of all its policies. The European Council states in its famous Laeken

Declaration on the future of Europe (2001)85 that the Union seeks to set globalisation within a moral framework.

Although fundamental rights are applicable to all situations within the scope of

EU law, this broad applicability does not extend the competence of the Union.86

Instead, the broad applicability is a consequence of the broad objectives and activities of the Union, which are a source of interpretation for the Court of Justice.87

Most fundamental rights, including the rights to privacy and data protection, are

not absolute rights. Article 52(1) Charter specifies that the exercising of rights may,

under certain conditions, be limited. The limitation must be provided for by law,

while the essence of the rights must be respected and the limitation must be proportional. A proportionality test is at the core of the Court’s review of limitations of

fundamental rights and takes various factors into account. The Explanations to the

Charter specify that the wording of Article 52(1) Charter was taken from the case

 Joined Cases C-402/05P and 415/05P, Kadi and Al Barakaat, EU:C:2008:461, at 285.

 E.g., the contributions of De Búrca and Halberstam in: Gráinne de Búrca and J.H.H. Weiler

(eds), The Worlds of European Constitutionalism (Contemporary European Politics), (Cambridge

University Press, 2012).

84

 This is also specified in Article 21(2) TEU, which – as far as relevant here – reads: “The Union

shall define and pursue common policies and actions, and shall work for a high degree of cooperation in all fields of international relations, in order to: (a) safeguard its values, fundamental interests, security, independence and integrity; (b) consolidate and support democracy, the rule of law,

human rights and the principles of international law (…).”

85

 European Council, Presidency conclusions – Laeken, 14 and 15 December 2001, incl. Annex I,

Laeken Declaration on the future of the European Union.

86

 Koen Lenaerts and Piet van Nuffel, European Union Law (third edition), Sweet & Maxwell,

2010, at 111. On EU competence, see Chap. 4 of this book.

87

 Case 270/80, Polydor, EU:C:1982:43, at 16, on “interpretation in the light of the Community’s

objectives and activities as defined by Articles 2 and 3 of the EEC Treaty”.

82

83



34



2  Privacy and Data Protection as Values of the EU That Matter, Also…



law of the Court of Justice. Limitations should “not constitute, with regard to the

aim pursued, disproportionate and unreasonable interference undermining the very

substance of those rights”.88 A different test is applied in the specific situation of

when two fundamental rights in the Charter need to be balanced.89



2.6.2  Fundamental Rights Protection and the Internet

The broad applicability of fundamental rights has specific relevance in connection

with the complex and developing information society. Individuals are entitled to the

protection of their fundamental rights when they are active on the internet (online),

in the same way as when they are acting in any other capacity (offline).90 In principle, the outcome must be the same: the same level of protection must be afforded

independently of the circumstances and situations requiring protection, be they

online or offline. The EU institutions and bodies – and the Members States, as far as

they act within the scope of EU law – are obliged to ensure this.

In an internet environment, the protection of EU citizens extends to acts of third-­

country companies and authorities. Protection against actors outside the European

Union is an inherent part of the protection that must be given, as provided for in the

Treaties. Protection is needed in situations where EU citizens do not actively move

outside the Union, or sometimes do not even engage with third-country companies,91

such as where citizens’ personal data are transferred to third countries, sometimes

even without their knowledge, because European governments or companies use

non-EU cloud providers.92

There is a similar need for protection where parties in third countries (companies

and/or authorities) have access to data stored in Europe. An example of the latter is

the transfer of personal data from the European Union to the United States for the

88



 Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on

Article 52.

89

 See Chap. 5, focusing on exceptions and derogations to the rights to privacy and data

protection.

90

 See also the UN Resolution affirming that the same rights that people have offline must also be

protected online: UN General Assembly, Human Rights Council, “The promotion, protection, and

enjoyment of human rights on the Internet”, Doc. No A/HRC/20/L.13, 29 June 2012, available on:

http://daccess-dds-ny.un.org/doc/UNDOC/LTD/G12/147/10/PDF/G1214710.pdf?OpenElement.

See also: UN General Assembly plenary on 18 December 2014, Resolution “Right to Privacy in

the Digital Age” (A/RES/69/166), affirming “that the same rights that people have offline must

also be protected online, including the right to privacy”.

91

 Where EU citizens move outside the Union, they are possibly still entitled to protection under

EU law. This is argued in, for instance, Kuner’s contribution in: Hielke Hijmans and Herke

Kranenborg (eds), Data protection anno 2014: how to restore trust? Contributions in honour of

Peter Hustinx, European Data Protection Supervisor (2004–2014), (Intersentia, 2014). However,

this is a much more complex issue and the need for protection is less evident.

92

 It is for this reason that Directive 95/46/EC contains a chapter on the transfer of personal data to

third countries.



2.7  Fundamental Rights Protection Against Private Parties Acquires a New…



35



purposes of the Terrorist Finance Tracking Program. Under the agreement between

the EU and the US, the Society for Worldwide Interbank Financial Telecommunication

(SWIFT) as a designated provider provides certain financial data of residents of the

EU to the US Treasury Department.93

The broad applicability does not necessarily mean that individuals are entitled to

protection against all risks on the internet. Effective protection against all risks – a

zero-risk approach – would be difficult to achieve, as this book explains in relation

to privacy and data protection. Moreover, fundamental rights coincide and sometimes collide with other fundamental rights and public interests. Trade-offs therefore have to be made, as in the case, for instance, of the trade-off between privacy

and security.



2.7  F

 undamental Rights Protection Against Private Parties

Acquires a New Dimension on the Internet, Particularly

for Privacy and Data Protection

Privacy and data protection need to be ensured on the internet in relationships

between individuals (‘data subjects’) and data controllers; in many situations, the

latter are private parties, including big internet companies, with a strong market

position. Situations where individuals are engaged with other individuals or legal

persons under private law are referred to as horizontal situations. The specific

importance of the protection of individuals against acts of private parties on the

internet justifies discussing these horizontal situations in a separate section.94

The applicability of the Charter in purely horizontal situations remains unclear.

The issue of whether it is applicable may arise in a civil dispute between two private

parties – the data subject and the data controller – but also during an enforcement

action of a supervisory authority against a private data controller. Although the latter

situation may not necessarily qualify as horizontal,95 the underlying issue is the

same: is the Charter directly binding on private parties?

At first sight, the answer to the question of whether the Charter applies in horizontal situations seems to be negative. The Charter does not protect individuals

against other individuals or legal persons under private law, and nor does it bind

private parties. Article 51 Charter is addressed to the EU institutions and bodies, and



93



 Council Decision of 13 July 2010 on the conclusion of the Agreement between the European

Union and the United States of America on the processing and transfer of Financial Messaging

Data from the European Union to the United States for the purposes of the Terrorist Finance

Tracking Program, OJ L 195/3.

94

 See, on powers on the internet, Chap. 3.

95

 The dispute is not horizontal. Mirjam de Mol, “The novel approach of the CJEU on the horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU law?”,

Maastricht Journal of European and Comparative Law, (1–2) pp. 109–135 2011, at 110.



36



2  Privacy and Data Protection as Values of the EU That Matter, Also…



to the Member States when they are implementing EU law.96 This would mean that

private parties, such as the big companies processing large amounts of personal data

on the internet, are prima facie excluded from the personal scope of the Charter.

There is a parallel here with the denial of direct effect of EU directives expressly

directed at Member States and not at individuals.97

At second glance, however, the answer is not evident, despite the fact that much

has been written on the horizontal direct effect of EU law,98 as well as on the application of fundamental rights in relations between private parties (in horizontal

situations),99 including in connection with the Charter.100 Contrary to first impressions, therefore, the main arguments support the direct applicability of the Charter –

in particular, provisions of the Charter with sufficient precision – in horizontal

situations.



2.7.1  F

 our Arguments Supporting Direct Applicability

in Horizontal Situations

Firstly, the Charter is part of EU law and even has the same status as the Treaties.

One of the basic foundations of EU law – as far back as Van Gend and Loos101 – is

that, under certain conditions, individuals have directly enforceable rights and

duties, also vis-à-vis other individuals.102 On the one hand, Article 51(2) Charter

does not extend the field of application of EU law, although, on the other hand, the

Court of Justice declared in Åkerberg Fransson that situations cannot exist within

the scope of EU law without the fundamental rights in the Charter being applicable.103 In this hypothesis, the horizontal effect of the Charter would be the consequence of the existence of directly enforceable rights and duties within the scope of

EU law.

 As broadly interpreted in Case C-617/10, Åkerberg Fransson, EU:C:2013:105.

 Case C-152/84, Marshall I, EU:C:1986:84, at 48.

98

 See: Paul Craig and Gráinne de Búrca, EU Law, Text, Cases and Material (Fifth Edition),

(Oxford University Press, 2011) and the literature mentioned there.

99

 E.g., L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van

privacy W.E.J. Tjeenk Willink, 1992.

100

 E.g., Ward in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter

of Fundamental Rights, A Commentary (Hart Publishing, 2014), under the heading “Issues yet to

be fully resolved by the Court”. See also: Mirjam de Mol, “The novel approach of the CJEU on the

horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU

law?”, Maastricht Journal of European and Comparative Law, 2011 (1–2), pp. 109–135; Allan

Rosas and Lorna Armati, EU Constitutional Law, an Introduction (Hart Publishing, 2010), at

179–180.

101

 Case 26/62, Van Gend & Loos, EU:C:1963:1.

102

 On this, see, e.g.: Eric Engle, “Third Party Effect of Fundamental Rights (Drittwirkung)”, Hanse

Law Review, Vol. 5, No 2, 2009.

103

 Case C-617/10, Åkerberg Fransson, EU:C:2013:105, at. 21.

96

97



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

6 Ambitions of the EU in Promoting Fundamental Rights: Understanding the Context of Privacy and Data Protection and the Internet Under EU Law

Tải bản đầy đủ ngay(0 tr)

×