7 Fundamental Rights Protection Against Private Parties Acquires a New Dimension on the Internet, Particularly for Privacy and Data Protection
Tải bản đầy đủ - 0trang
36
2 Privacy and Data Protection as Values of the EU That Matter, Also…
to the Member States when they are implementing EU law.96 This would mean that
private parties, such as the big companies processing large amounts of personal data
on the internet, are prima facie excluded from the personal scope of the Charter.
There is a parallel here with the denial of direct effect of EU directives expressly
directed at Member States and not at individuals.97
At second glance, however, the answer is not evident, despite the fact that much
has been written on the horizontal direct effect of EU law,98 as well as on the application of fundamental rights in relations between private parties (in horizontal
situations),99 including in connection with the Charter.100 Contrary to first impressions, therefore, the main arguments support the direct applicability of the Charter –
in particular, provisions of the Charter with sufficient precision – in horizontal
situations.
2.7.1 F
our Arguments Supporting Direct Applicability
in Horizontal Situations
Firstly, the Charter is part of EU law and even has the same status as the Treaties.
One of the basic foundations of EU law – as far back as Van Gend and Loos101 – is
that, under certain conditions, individuals have directly enforceable rights and
duties, also vis-à-vis other individuals.102 On the one hand, Article 51(2) Charter
does not extend the field of application of EU law, although, on the other hand, the
Court of Justice declared in Åkerberg Fransson that situations cannot exist within
the scope of EU law without the fundamental rights in the Charter being applicable.103 In this hypothesis, the horizontal effect of the Charter would be the consequence of the existence of directly enforceable rights and duties within the scope of
EU law.
As broadly interpreted in Case C-617/10, Åkerberg Fransson, EU:C:2013:105.
Case C-152/84, Marshall I, EU:C:1986:84, at 48.
98
See: Paul Craig and Gráinne de Búrca, EU Law, Text, Cases and Material (Fifth Edition),
(Oxford University Press, 2011) and the literature mentioned there.
99
E.g., L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van
privacy W.E.J. Tjeenk Willink, 1992.
100
E.g., Ward in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter
of Fundamental Rights, A Commentary (Hart Publishing, 2014), under the heading “Issues yet to
be fully resolved by the Court”. See also: Mirjam de Mol, “The novel approach of the CJEU on the
horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU
law?”, Maastricht Journal of European and Comparative Law, 2011 (1–2), pp. 109–135; Allan
Rosas and Lorna Armati, EU Constitutional Law, an Introduction (Hart Publishing, 2010), at
179–180.
101
Case 26/62, Van Gend & Loos, EU:C:1963:1.
102
On this, see, e.g.: Eric Engle, “Third Party Effect of Fundamental Rights (Drittwirkung)”, Hanse
Law Review, Vol. 5, No 2, 2009.
103
Case C-617/10, Åkerberg Fransson, EU:C:2013:105, at. 21.
96
97
2.7 Fundamental Rights Protection Against Private Parties Acquires a New…
37
Secondly, the issue has been brought before the Court of Justice, but the case law
is not yet fully clear. In Association de médiation sociale,104 the Court ruled that
Article 27 Charter cannot be invoked in a dispute between individuals. In its reasoning, however, the Court put great emphasis on the specific wording of this article,
which is not appropriate to be directly invoked. This contrasts with the facts that
gave rise to Kücükdeveci105 “in so far as the principle of non-discrimination on
grounds of age at issue in that case, laid down in Article 21(1) Charter, is sufficient
in itself to confer on individuals an individual right which they may invoke as such.”
This supports the argument that certain provisions of the Charter may be applicable
in horizontal situations, on the basis of a reasoning a contrario.
However, the Court has not provided full clarity in this respect since
Kücükdeveci106 was not decided on the basis of the Charter,107 but on the basis of a
provision of a directive with direct effect and with the same substance as Article
21(1) Charter on the discrimination on the basis of age. Commentators have criticised108 the Court for accepting that the Charter’s prohibition of discrimination can
be invoked in relations between private parties, despite the fact that the Explanations
relating to the Charter state that Article 21(1) does not impose a sweeping ban on
discrimination.109 In this hypothesis, the horizontal effect would be the consequence
of the case law on non-discrimination.
Thirdly, an important rationale in the development of the right to data protection
in the 1970s – in addition to the right to privacy – was precisely the possible misuse
of personal information in the private sector.110 Moreover, Article 8 Charter, which
establishes the right to data protection, has Directive 95/46 as one of its main
sources111; the provision originates from a directive based on an internal market
legal basis, currently Article 114 TFEU.
Even where the Charter or provisions in the Charter do not apply directly in horizontal situations, they may apply indirectly because courts interpret instruments of
Case C-176/12, Association de médiation sociale, EU:C:2014:2. Article 27 Charter deals with
the Workers’ right to information and consultation within the undertaking.
105
Case C-555/07, Kücükdeveci, EU:C:2010:21.
106
In this sense, see: Cian C. Murphy, “Using the EU Charter of Fundamental Rights Against
Private Parties after Association de Médiation Sociale”, European Human Rights Law Review,
(2014), at 170.
107
Although the ruling, dating from 19 January 2010 (i.e. just after the entry into force of the
Lisbon Treaty), mentions the Charter.
108
Mirjam de Mol, “The novel approach of the CJEU on the horizontal direct effect of the EU
principle of non-discrimination: unbridled expansionism of EU law?”, Maastricht Journal of
European and Comparative Law, 2011 (1–2), pp. 109–135, at 132–135.
109
Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on
Article 21.
110
See, e.g.: Peter Hustinx, “EU Data Protection Law: The Review of Directive 95/46/EC and the
Proposed General Data Protection Regulation”, published in the “Collected Courses of the
European University Institute’s Academy of European Law, 24th Session on European Union Law,
1–12 July 2013”, at B.
111
Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on
Article 8. This is elaborated in Section 10.
104
38
2 Privacy and Data Protection as Values of the EU That Matter, Also…
EU law in the light of the Charter. Examples of this can be found in the case law of
the Court of Justice that take account of the significance of a fundamental right in
the Charter when interpreting an EU directive.112 In this hypothesis, the horizontal
effect – under the doctrine of sympathetic interpretation113 – is based on acts of the
legislator.
Fourthly, the indirect application may also be the result of a positive duty of
governments to protect. Where fundamental rights serve as protection against
breaches by acts of government itself, the obligation of the government can be
described as negative: refrain from action. The government, however, also has a
positive duty, and that is to ensure that fundamental rights are effectively protected
in horizontal situations.114
This is all the more important in the context of the internet, where essential risks
of breaches of fundamental rights are caused by actions of private companies.
Dominant economic players on the internet have a strong position,115 and this hampers the achieving of the objective that the same protection should be given online
as offline. In this hypothesis, the horizontal effect would find its origin in the
principle of effectiveness. A fundamental right would be ineffective if it protected
only against governments.
All in all, there are good arguments supporting the applicability of certain fundamental rights of the Charter in horizontal relations, in particular on the internet.
These arguments are even more convincing for privacy and data protection since
one of the reasons why the concept of data protection emerged was the possibility
of personal information being misused by the private sector.116 Outside the internet
context, the European Court of Human Rights has accepted horizontal application
of the right to privacy under Article 8 ECHR.117
112
E.g., Joined Cases C-468/10 and C-469/10, ASNEF and FECEMD, EU:C:2011:777, at 39–40:
“Article 7(f) of Directive 95/46 […] necessitates a balancing of the opposing rights and interests
[…] [. T]he person or the institution which carries out the balancing must take account of the significance of the data subject’s rights arising from Articles 7 and 8 of the Charter of Fundamental
Rights of the European Union”.
113
Ward in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, The EU Charter of
Fundamental Rights, A Commentary, Hart Publishing, 2014, at 51.47.
114
This positive duty or, in German, Schutzpflicht is discussed in relation to privacy in Section 9.
115
As explained in Chap. 3.
116
Explanatory Memorandum to the Convention for the Protection of Individuals with regard to
Automatic Processing of Personal Data, Strasbourg, 28 January 1981, ETS No 108. See also: Peter
Hustinx, “EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General
Data Protection Regulation”, published in the “Collected Courses of the European University
Institute’s Academy of European Law, 24th Session on European Union Law, 1–12 July 2013”, at
2.B. See further Section 10.
117
The ECtHR ruled that “… in addition to this primarily negative undertaking, there may be positive obligations inherent in an effective respect for private or family life. These obligations may
involve the adoption of measures designed to secure respect for private life even in the sphere of
the relations of individuals between themselves”. See, e.g., Von Hannover v Germany, 2004,
Application No 59320/00, at 57.
2.8 The Right to Privacy, a Broad and Dynamic Concept on the Internet Extending…
39
2.8 T
he Right to Privacy, a Broad and Dynamic Concept
on the Internet Extending to the Public Sphere
2.8.1 H
istorical Development of Privacy, Starting with Warren
and Brandeis
The right to privacy is a concept with a history going back further than the European
Convention on Human Rights. In 1890 Warren and Brandeis wrote a paper, published in the Harvard Law Review,118 which is seen as the origin of this right.119 This
paper is still worth reading because it describes the right to privacy as a “principle
which protects personal writings and any other productions of the intellect or of the
emotions”. The authors also mention “the right to be let alone”.120 This idea of a
right to be let alone is retained by Westin, who wrote an authoritative study on privacy at the dawn of the computer age (1967). He describes privacy in relation to
social participation as the voluntary and temporary withdrawal of a person from
general society, adding that the individual’s desire for privacy is never absolute
since participation in society is an equally powerful desire.
The paper of Warren and Brandeis also distinguishes the right to privacy from
other rights, such as intellectual property rights and the right of freedom of expression. The right to privacy received international recognition immediately after the
Second World War in Article 12 of the Universal Declaration of Human Rights and
later, in 1966, in Article 17 of the International Covenant of Civil and Political
Rights.
In Europe, the right to privacy or a private life is included in Article 8 ECHR,
which protects private and family life, home and correspondence. The scope of this
definition is wider than privacy or private life as Article 8 ECHR and the corresponding Article 7 Charter121 also protect values not connected to privacy, such as
the right to respect for family life that relates to other areas of EU law, such as gender equality, children’s rights and free movement, immigration and asylum.122
118
Samuel D. Warren and Louis D. Brandeis, “The Right to Privacy”, Harvard Law Review, Vol.
IV, 15 December 1890, No 5.
119
Although this can be disputed. Warren & Brandeis themselves mention an earlier French law,
the Loi relative à la presse (11 Mai 1868): “11. Toute publication dans un écrit périodique relative
à un fait de la vie privée constitue une contravention punie d’une amende de cinq cent francs. La
poursuite ne pourra être exercée que sur la plainte de la partie intộressộe. Riviốre, Codes Franỗais
et Lois Usuelles. App. Code Pen., at 20.
120
Alan F. Westin, Privacy and Freedom (Atheneum, 1967), at 7.
121
As explained by the Explanations relating to the Charter of Fundamental Rights (on Article 7),
a slight change was made to Article 8 ECHR: as a result of developments in technology, the word
‘correspondence’ has been replaced in Article 7 Charter by ‘communications’.
122
Choudhry in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter
of Fundamental Rights, A Commentary, Hart Publishing, 2014, at 183–222.
40
2 Privacy and Data Protection as Values of the EU That Matter, Also…
In accordance with their text, these articles protect privacy and three other fundamental rights.123 However, apart from what was mentioned in relation to family
life, the distinction between privacy and these other rights is not always fully clear.
This is exemplified by the right to respect of correspondence (in Article 7 Charter:
communications), which is a specific aspect of privacy, as demonstrated by the case
law of the European Court of Human Rights on secret surveillance. This case law
takes the respect of privacy and correspondence together.124
A specific element of the concept of privacy – of relevance for the purpose of this
book – is the concept of informational privacy, as originally developed in the work
of Westin.125 On the internet, the right to privacy, by definition, concerns information, and does not touch upon more spatial concepts of privacy, such as the protection of a person’s home. In any event, technological developments meant that
informational privacy became a central element of privacy protection.126 This book,
with its focus on the internet, obviously deals mainly with this informational privacy. Finally, informational privacy should not be confused with ‘data privacy’, a
term used outside the EU context for a concept that also includes data
protection.127
2.8.2 H
uman Dignity and Personal Autonomy as Underlying
Values and the Broad Scope of Privacy
The ECHR and the Charter do not refer to any underlying values in relation to privacy.128 One can argue that the right to privacy, as described by Warren and Brandeis,
reflects a value in itself. This right reflects individuality or personal freedom129 and
123
Further explained by Paul De Hert, Art. 8 E.V.R.M. en het Belgisch Recht, Bescherming van
privacy, woonst, gezin en communicatie (Mys en Breesch, 1998).
124
See, e.g., Klass and Others v Germany, 1978, Application No. 5029/71, at 41.
125
Alan F. Westin, Privacy and Freedom, New York: Atheneum, 1967. See also: J.C. Buitelaar,
“Privacy: Back to the Roots”, 13 German Law Journal 171–202 (2012), at 187–188; G. González
Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the EU”, Law,
Governance and Technology Series 16, 2014, at 2.1.2.2.
126
Additional reading in Dutch: L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van privacy, W.E.J. Tjeenk Willink, 1992, at 192–198.
127
As explained later, the distinction between privacy and data protection is a typically European
distinction. See, e.g.: Christopher Kuner, Transborder Data Flows and Data Privacy Law (Oxford
University Press, 2013), at 21, where he deals with data privacy law in a global context, encompassing privacy and data protection.
128
P. De Hert and S. Gutwirth, “Data Protection in the Case Law of Strasbourg and Luxemburg:
Constitutionalisation in Action”, in: S. Gutwirth, et al. (eds), Reinventing data protection?,
Springer, 2009, at II.1.
129
G. González Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the
EU”, Law, Governance and Technology Series 16, 2014, referring to a source mentioning the fortress of personal freedom.