Tải bản đầy đủ - 0trang
36



2  Privacy and Data Protection as Values of the EU That Matter, Also…



to the Member States when they are implementing EU law.96 This would mean that

private parties, such as the big companies processing large amounts of personal data

on the internet, are prima facie excluded from the personal scope of the Charter.

There is a parallel here with the denial of direct effect of EU directives expressly

directed at Member States and not at individuals.97

At second glance, however, the answer is not evident, despite the fact that much

has been written on the horizontal direct effect of EU law,98 as well as on the application of fundamental rights in relations between private parties (in horizontal

situations),99 including in connection with the Charter.100 Contrary to first impressions, therefore, the main arguments support the direct applicability of the Charter –

in particular, provisions of the Charter with sufficient precision – in horizontal

situations.



2.7.1  F

 our Arguments Supporting Direct Applicability

in Horizontal Situations

Firstly, the Charter is part of EU law and even has the same status as the Treaties.

One of the basic foundations of EU law – as far back as Van Gend and Loos101 – is

that, under certain conditions, individuals have directly enforceable rights and

duties, also vis-à-vis other individuals.102 On the one hand, Article 51(2) Charter

does not extend the field of application of EU law, although, on the other hand, the

Court of Justice declared in Åkerberg Fransson that situations cannot exist within

the scope of EU law without the fundamental rights in the Charter being applicable.103 In this hypothesis, the horizontal effect of the Charter would be the consequence of the existence of directly enforceable rights and duties within the scope of

EU law.

 As broadly interpreted in Case C-617/10, Åkerberg Fransson, EU:C:2013:105.

 Case C-152/84, Marshall I, EU:C:1986:84, at 48.

98

 See: Paul Craig and Gráinne de Búrca, EU Law, Text, Cases and Material (Fifth Edition),

(Oxford University Press, 2011) and the literature mentioned there.

99

 E.g., L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van

privacy W.E.J. Tjeenk Willink, 1992.

100

 E.g., Ward in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter

of Fundamental Rights, A Commentary (Hart Publishing, 2014), under the heading “Issues yet to

be fully resolved by the Court”. See also: Mirjam de Mol, “The novel approach of the CJEU on the

horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU

law?”, Maastricht Journal of European and Comparative Law, 2011 (1–2), pp. 109–135; Allan

Rosas and Lorna Armati, EU Constitutional Law, an Introduction (Hart Publishing, 2010), at

179–180.

101

 Case 26/62, Van Gend & Loos, EU:C:1963:1.

102

 On this, see, e.g.: Eric Engle, “Third Party Effect of Fundamental Rights (Drittwirkung)”, Hanse

Law Review, Vol. 5, No 2, 2009.

103

 Case C-617/10, Åkerberg Fransson, EU:C:2013:105, at. 21.

96

97



2.7  Fundamental Rights Protection Against Private Parties Acquires a New…



37



Secondly, the issue has been brought before the Court of Justice, but the case law

is not yet fully clear. In Association de médiation sociale,104 the Court ruled that

Article 27 Charter cannot be invoked in a dispute between individuals. In its reasoning, however, the Court put great emphasis on the specific wording of this article,

which is not appropriate to be directly invoked. This contrasts with the facts that

gave rise to Kücükdeveci105 “in so far as the principle of non-discrimination on

grounds of age at issue in that case, laid down in Article 21(1) Charter, is sufficient

in itself to confer on individuals an individual right which they may invoke as such.”

This supports the argument that certain provisions of the Charter may be applicable

in horizontal situations, on the basis of a reasoning a contrario.

However, the Court has not provided full clarity in this respect since

Kücükdeveci106 was not decided on the basis of the Charter,107 but on the basis of a

provision of a directive with direct effect and with the same substance as Article

21(1) Charter on the discrimination on the basis of age. Commentators have criticised108 the Court for accepting that the Charter’s prohibition of discrimination can

be invoked in relations between private parties, despite the fact that the Explanations

relating to the Charter state that Article 21(1) does not impose a sweeping ban on

discrimination.109 In this hypothesis, the horizontal effect would be the consequence

of the case law on non-discrimination.

Thirdly, an important rationale in the development of the right to data protection

in the 1970s – in addition to the right to privacy – was precisely the possible misuse

of personal information in the private sector.110 Moreover, Article 8 Charter, which

establishes the right to data protection, has Directive 95/46 as one of its main

sources111; the provision originates from a directive based on an internal market

legal basis, currently Article 114 TFEU.

Even where the Charter or provisions in the Charter do not apply directly in horizontal situations, they may apply indirectly because courts interpret instruments of

 Case C-176/12, Association de médiation sociale, EU:C:2014:2. Article 27 Charter deals with

the Workers’ right to information and consultation within the undertaking.

105

 Case C-555/07, Kücükdeveci, EU:C:2010:21.

106

 In this sense, see: Cian C. Murphy, “Using the EU Charter of Fundamental Rights Against

Private Parties after Association de Médiation Sociale”, European Human Rights Law Review,

(2014), at 170.

107

 Although the ruling, dating from 19 January 2010 (i.e. just after the entry into force of the

Lisbon Treaty), mentions the Charter.

108

 Mirjam de Mol, “The novel approach of the CJEU on the horizontal direct effect of the EU

principle of non-discrimination: unbridled expansionism of EU law?”, Maastricht Journal of

European and Comparative Law, 2011 (1–2), pp. 109–135, at 132–135.

109

 Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on

Article 21.

110

 See, e.g.: Peter Hustinx, “EU Data Protection Law: The Review of Directive 95/46/EC and the

Proposed General Data Protection Regulation”, published in the “Collected Courses of the

European University Institute’s Academy of European Law, 24th Session on European Union Law,

1–12 July 2013”, at B.

111

 Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on

Article 8. This is elaborated in Section 10.

104



38



2  Privacy and Data Protection as Values of the EU That Matter, Also…



EU law in the light of the Charter. Examples of this can be found in the case law of

the Court of Justice that take account of the significance of a fundamental right in

the Charter when interpreting an EU directive.112 In this hypothesis, the horizontal

effect – under the doctrine of sympathetic interpretation113 – is based on acts of the

legislator.

Fourthly, the indirect application may also be the result of a positive duty of

governments to protect. Where fundamental rights serve as protection against

breaches by acts of government itself, the obligation of the government can be

described as negative: refrain from action. The government, however, also has a

positive duty, and that is to ensure that fundamental rights are effectively protected

in horizontal situations.114

This is all the more important in the context of the internet, where essential risks

of breaches of fundamental rights are caused by actions of private companies.

Dominant economic players on the internet have a strong position,115 and this hampers the achieving of the objective that the same protection should be given online

as offline. In this hypothesis, the horizontal effect would find its origin in the

­principle of effectiveness. A fundamental right would be ineffective if it protected

only against governments.

All in all, there are good arguments supporting the applicability of certain fundamental rights of the Charter in horizontal relations, in particular on the internet.

These arguments are even more convincing for privacy and data protection since

one of the reasons why the concept of data protection emerged was the possibility

of personal information being misused by the private sector.116 Outside the internet

context, the European Court of Human Rights has accepted horizontal application

of the right to privacy under Article 8 ECHR.117



112

 E.g., Joined Cases C-468/10 and C-469/10, ASNEF and FECEMD, EU:C:2011:777, at 39–40:

“Article 7(f) of Directive 95/46 […] necessitates a balancing of the opposing rights and interests

[…] [. T]he person or the institution which carries out the balancing must take account of the significance of the data subject’s rights arising from Articles 7 and 8 of the Charter of Fundamental

Rights of the European Union”.

113

 Ward in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, The EU Charter of

Fundamental Rights, A Commentary, Hart Publishing, 2014, at 51.47.

114

 This positive duty or, in German, Schutzpflicht is discussed in relation to privacy in Section 9.

115

 As explained in Chap. 3.

116

 Explanatory Memorandum to the Convention for the Protection of Individuals with regard to

Automatic Processing of Personal Data, Strasbourg, 28 January 1981, ETS No 108. See also: Peter

Hustinx, “EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General

Data Protection Regulation”, published in the “Collected Courses of the European University

Institute’s Academy of European Law, 24th Session on European Union Law, 1–12 July 2013”, at

2.B. See further Section 10.

117

 The ECtHR ruled that “… in addition to this primarily negative undertaking, there may be positive obligations inherent in an effective respect for private or family life. These obligations may

involve the adoption of measures designed to secure respect for private life even in the sphere of

the relations of individuals between themselves”. See, e.g., Von Hannover v Germany, 2004,

Application No 59320/00, at 57.



2.8  The Right to Privacy, a Broad and Dynamic Concept on the Internet Extending…



39



2.8  T

 he Right to Privacy, a Broad and Dynamic Concept

on the Internet Extending to the Public Sphere

2.8.1  H

 istorical Development of Privacy, Starting with Warren

and Brandeis

The right to privacy is a concept with a history going back further than the European

Convention on Human Rights. In 1890 Warren and Brandeis wrote a paper, published in the Harvard Law Review,118 which is seen as the origin of this right.119 This

paper is still worth reading because it describes the right to privacy as a “principle

which protects personal writings and any other productions of the intellect or of the

emotions”. The authors also mention “the right to be let alone”.120 This idea of a

right to be let alone is retained by Westin, who wrote an authoritative study on privacy at the dawn of the computer age (1967). He describes privacy in relation to

social participation as the voluntary and temporary withdrawal of a person from

general society, adding that the individual’s desire for privacy is never absolute

since participation in society is an equally powerful desire.

The paper of Warren and Brandeis also distinguishes the right to privacy from

other rights, such as intellectual property rights and the right of freedom of expression. The right to privacy received international recognition immediately after the

Second World War in Article 12 of the Universal Declaration of Human Rights and

later, in 1966, in Article 17 of the International Covenant of Civil and Political

Rights.

In Europe, the right to privacy or a private life is included in Article 8 ECHR,

which protects private and family life, home and correspondence. The scope of this

definition is wider than privacy or private life as Article 8 ECHR and the corresponding Article 7 Charter121 also protect values not connected to privacy, such as

the right to respect for family life that relates to other areas of EU law, such as gender equality, children’s rights and free movement, immigration and asylum.122



118

 Samuel D. Warren and Louis D. Brandeis, “The Right to Privacy”, Harvard Law Review, Vol.

IV, 15 December 1890, No 5.

119

 Although this can be disputed. Warren & Brandeis themselves mention an earlier French law,

the Loi relative à la presse (11 Mai 1868): “11. Toute publication dans un écrit périodique relative

à un fait de la vie privée constitue une contravention punie d’une amende de cinq cent francs. La

poursuite ne pourra être exercée que sur la plainte de la partie intộressộe. Riviốre, Codes Franỗais

et Lois Usuelles. App. Code Pen., at 20.

120

 Alan F. Westin, Privacy and Freedom (Atheneum, 1967), at 7.

121

 As explained by the Explanations relating to the Charter of Fundamental Rights (on Article 7),

a slight change was made to Article 8 ECHR: as a result of developments in technology, the word

‘correspondence’ has been replaced in Article 7 Charter by ‘communications’.

122

 Choudhry in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter

of Fundamental Rights, A Commentary, Hart Publishing, 2014, at 183–222.



40



2  Privacy and Data Protection as Values of the EU That Matter, Also…



In accordance with their text, these articles protect privacy and three other fundamental rights.123 However, apart from what was mentioned in relation to family

life, the distinction between privacy and these other rights is not always fully clear.

This is exemplified by the right to respect of correspondence (in Article 7 Charter:

communications), which is a specific aspect of privacy, as demonstrated by the case

law of the European Court of Human Rights on secret surveillance. This case law

takes the respect of privacy and correspondence together.124

A specific element of the concept of privacy – of relevance for the purpose of this

book – is the concept of informational privacy, as originally developed in the work

of Westin.125 On the internet, the right to privacy, by definition, concerns information, and does not touch upon more spatial concepts of privacy, such as the protection of a person’s home. In any event, technological developments meant that

informational privacy became a central element of privacy protection.126 This book,

with its focus on the internet, obviously deals mainly with this informational privacy. Finally, informational privacy should not be confused with ‘data privacy’, a

term used outside the EU context for a concept that also includes data

protection.127



2.8.2  H

 uman Dignity and Personal Autonomy as Underlying

Values and the Broad Scope of Privacy

The ECHR and the Charter do not refer to any underlying values in relation to privacy.128 One can argue that the right to privacy, as described by Warren and Brandeis,

reflects a value in itself. This right reflects individuality or personal freedom129 and



123



 Further explained by Paul De Hert, Art. 8 E.V.R.M. en het Belgisch Recht, Bescherming van

privacy, woonst, gezin en communicatie (Mys en Breesch, 1998).

124

 See, e.g., Klass and Others v Germany, 1978, Application No. 5029/71, at 41.

125

 Alan F. Westin, Privacy and Freedom, New York: Atheneum, 1967. See also: J.C. Buitelaar,

“Privacy: Back to the Roots”, 13 German Law Journal 171–202 (2012), at 187–188; G. González

Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the EU”, Law,

Governance and Technology Series 16, 2014, at 2.1.2.2.

126

 Additional reading in Dutch: L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van privacy, W.E.J. Tjeenk Willink, 1992, at 192–198.

127

 As explained later, the distinction between privacy and data protection is a typically European

distinction. See, e.g.: Christopher Kuner, Transborder Data Flows and Data Privacy Law (Oxford

University Press, 2013), at 21, where he deals with data privacy law in a global context, encompassing privacy and data protection.

128

 P. De Hert and S. Gutwirth, “Data Protection in the Case Law of Strasbourg and Luxemburg:

Constitutionalisation in Action”, in: S. Gutwirth, et al. (eds), Reinventing data protection?,

Springer, 2009, at II.1.

129

 G. González Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the

EU”, Law, Governance and Technology Series 16, 2014, referring to a source mentioning the fortress of personal freedom.