8 The Right to Privacy, a Broad and Dynamic Concept on the Internet Extending to the Public Sphere
Tải bản đầy đủ - 0trang
40
2 Privacy and Data Protection as Values of the EU That Matter, Also…
In accordance with their text, these articles protect privacy and three other fundamental rights.123 However, apart from what was mentioned in relation to family
life, the distinction between privacy and these other rights is not always fully clear.
This is exemplified by the right to respect of correspondence (in Article 7 Charter:
communications), which is a specific aspect of privacy, as demonstrated by the case
law of the European Court of Human Rights on secret surveillance. This case law
takes the respect of privacy and correspondence together.124
A specific element of the concept of privacy – of relevance for the purpose of this
book – is the concept of informational privacy, as originally developed in the work
of Westin.125 On the internet, the right to privacy, by definition, concerns information, and does not touch upon more spatial concepts of privacy, such as the protection of a person’s home. In any event, technological developments meant that
informational privacy became a central element of privacy protection.126 This book,
with its focus on the internet, obviously deals mainly with this informational privacy. Finally, informational privacy should not be confused with ‘data privacy’, a
term used outside the EU context for a concept that also includes data
protection.127
2.8.2 H
uman Dignity and Personal Autonomy as Underlying
Values and the Broad Scope of Privacy
The ECHR and the Charter do not refer to any underlying values in relation to privacy.128 One can argue that the right to privacy, as described by Warren and Brandeis,
reflects a value in itself. This right reflects individuality or personal freedom129 and
123
Further explained by Paul De Hert, Art. 8 E.V.R.M. en het Belgisch Recht, Bescherming van
privacy, woonst, gezin en communicatie (Mys en Breesch, 1998).
124
See, e.g., Klass and Others v Germany, 1978, Application No. 5029/71, at 41.
125
Alan F. Westin, Privacy and Freedom, New York: Atheneum, 1967. See also: J.C. Buitelaar,
“Privacy: Back to the Roots”, 13 German Law Journal 171–202 (2012), at 187–188; G. González
Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the EU”, Law,
Governance and Technology Series 16, 2014, at 2.1.2.2.
126
Additional reading in Dutch: L.F.M. Verhey, Horizontale werking van grondrechten, in het bijzonder op het recht van privacy, W.E.J. Tjeenk Willink, 1992, at 192–198.
127
As explained later, the distinction between privacy and data protection is a typically European
distinction. See, e.g.: Christopher Kuner, Transborder Data Flows and Data Privacy Law (Oxford
University Press, 2013), at 21, where he deals with data privacy law in a global context, encompassing privacy and data protection.
128
P. De Hert and S. Gutwirth, “Data Protection in the Case Law of Strasbourg and Luxemburg:
Constitutionalisation in Action”, in: S. Gutwirth, et al. (eds), Reinventing data protection?,
Springer, 2009, at II.1.
129
G. González Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the
EU”, Law, Governance and Technology Series 16, 2014, referring to a source mentioning the fortress of personal freedom.
2.8 The Right to Privacy, a Broad and Dynamic Concept on the Internet Extending…
41
may even be opposed to societal needs.130 The arguments of Greenwald, referred to
in Sect. 2.3 of this chapter, illustrate that privacy itself reflects a value, namely the
value of doing things in private. In addition, one can argue – also illustrated by what
Greenwald said – that the right to privacy is a representation of other core ethical
values in society,131 particularly human dignity and autonomy.
Privacy is explained as a representation of human dignity. Privacy is not unique
in this respect, as confirmed by the Explanations to the Charter with reference to the
Universal Declaration of Human Rights: human dignity constitutes the real basis of
fundamental rights.132 Where, however, dignity is understood as the freedom to
shape one’s life, there is a specific association with privacy.133
Privacy is also described as a right to personal autonomy,134 which implies that
an individual must be in control of his or her life.135 Fabre argues that autonomy
reflects a value underlying all fundamental rights.136 Autonomy in connection with
the right to privacy is more limited and relates to an autonomous personal sphere;
this does not mean a limitation to intimacy, but, as explained below, also extends to
wider social relations. As González Fuster explains, privacy is sometimes, but not
always, construed as being the opposite of what is public.137 In this widely understood autonomous personal sphere individuals must have some control138 over how
information about them is used.139
As to the scope of privacy: according to the ECtHR the concept of ‘private life’
is a broad term, which is not susceptible to exhaustive definition.140 Privacy is a
130
Lee A. Bygrave, “Privacy and Data Protection in an International Perspective”, Stockholm
Institute for Scandinavian Law & Lee A. Bygrave 2010, at 171.
131
Wording by P. De Hert and S. Gutwirth, “Data Protection in the Case Law of Strasbourg and
Luxembourg: Constitutionalisation in Action”, in: S. Gutwirth, et al. (eds), Reinventing data protection? Springer, 2009, at II.1.
132
Explanations relating to the Charter of Fundamental Rights, on Article 1.
133
Cathérine Dupré on Article 1, in: Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward
(eds), The EU Charter of Fundamental Rights, A Commentary, Hart Publishing, 2014, e.g., at
01.06.
134
P. Oliver, “The protection of privacy in the economic sphere before the European Court of
Justice”, CMLR, 46, Issue No (Oct), 2009 at 1443. In the same sense, P. Bernal, Internet Privacy
Rights, Rights to Protect Autonomy, Cambridge University Press, 2014, at 2. He defends the belief
that privacy is mainly important as a crucial protector of autonomy.
135
In this sense, it is close to the right to data protection, as developed below.
136
C. Fabre, “Constitutionalising Social Rights”, The Journal of Political Philosophy, Volume 6,
No 3, pp. 264–265, 1998.
137
G. González Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the
EU”, Law, Governance and Technology Series 16, 2014, at 2.1.1.
138
As will be explained in relation to data protection, this does not necessarily mean full control.
139
Alan F. Westin, Privacy and Freedom, New York: Atheneum, 1967, as explained by G. González
Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the EU”, Law,
Governance and Technology Series 16, 2014, at 31.
140
E.g., Pretty v UK, Application No 2346/02, at 61.
42
2 Privacy and Data Protection as Values of the EU That Matter, Also…
notoriously difficult legal concept.141 In the case law, the notion of privacy or private
life has been given a broad scope and also extends to professional and business
activities.142 More generally, privacy includes the right to establish and develop
relationships with other human beings and the outside world.143 Equally, the ECtHR
ruled in Rotaru v Romania that public information, too, can fall within the scope of
private life, but only if it is systematically collected and stored in files held by the
authorities.144 Finally, all modern means of communications are brought under the
scope of privacy of Article 8 ECHR.145 As De Hert and Gutwirth confirm, a broad
and dynamic interpretation was assigned to the right to privacy under Article 8
ECHR. This approach also determines the interpretation of the corresponding right
of Article 7 Charter since the meaning and scope of this corresponding right must
be the same and must not prevent more extensive protection under EU law.146
However, this broad and dynamic interpretation does not necessarily mean that the
ECtHR includes all use of personal information within the scope of privacy.147 It is
this limitation to the scope of privacy that is challenged in Sects. 2.13 and 2.14
below.
The internet also presents challenges to another limitation to the scope of the
right to privacy, at least insofar as privacy is limited to what is not public. More
specifically, the difference between shared, exposed and common activities, which
are open to others, and activities belonging to the closed space or realm148 – or, more
generally, the distinctions between the public sphere and the private sphere – are
becoming blurred, with Web 2.0 and exposure on social media being obvious examples.149 These developments are not strictly linked to the internet, as the Court’s
ruling in Ryneš150 illustrates. This ruling concerns the use of a CCTV camera by a
private person in order to protect his private home that involved capturing images
from a public space near his home151
141
This was said about the right to human dignity in Article 1 Charter by Cathérine Dupré in: Steve
Peers, Tamara Hervey, Jeff Kenner and Angela Ward (eds), The EU Charter of Fundamental
Rights, A Commentary, Hart Publishing, 2014 at, e.g., 01.26.
142
Niemietz v Germany, ECHR (1992), A-251-B, at 29.
143
E.g., Pretty v UK, Application No 2346/02, at 61.
144
Rotaru v Romania, Application No 28341/95, at 43.
145
P. De Hert and S. Gutwirth, “Data Protection in the Case Law of Strasbourg and Luxemburg:
Constitutionalisation in Action”, in: S. Gutwirth, et al. (eds), Reinventing data protection?,
Springer, 2009, at II.1.
146
As stated in Article 52(3) Charter.
147
An overview of the case law on the collection, storage and use of personal data under Article 8
ECHR can be found in: Bernadette Rainey, Elizabeth Wicks, Clare Ovey, 2014, Jacobs, White &
Ovey, The European Convention on Human Rights (sixth edition), Oxford University Press, 2014,
at 377–381.
148
G. González Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of the
EU”, Law, Governance and Technology Series 16, 2014, at 2.1.1.
149
See also Chap. 3 of this book.
150
Case C-212/13, Ryneš, EU:C:2014:2428.
151
Case note Hielke Hijmans, “On Private Persons Monitoring the Public Space”, EDPL (2015) 2.
2.9 Understanding the Nature of the Right to Privacy Through Four Types…
43
This all makes privacy an even more difficult legal concept than before, because
it also further widens the area where claims are made based on the right to privacy
beyond the already broad scope of privacy recognised in the case law of the ECtHR.
2.9 U
nderstanding the Nature of the Right to Privacy
Through Four Types of Qualified Interests: Information
Use by Governments, Health, Vulnerable Groups
and Reputation
The right to privacy is a ‘first-generation’ right that imposes a negative duty to
refrain from interfering with the exercise of the right by the individual.152 Privacy, as
a legal notion, protects the private sphere of the citizen, primarily against intervention by the state.153 The fact that privacy is primarily a duty for governments to
abstain explains why, at an EU level, no general legal instrument comparable to the
general instruments for data protection, such as Directive 95/46, has been adopted
for the protection of the right to privacy. However, there is more to it than that. The
state also has a positive duty to ensure that the right to privacy is respected in horizontal situations between private actors.154 This has led to legislative provisions in a
wide area of government intervention, thus specifying privacy protection in various
sectors of society.155 Moreover, as we have seen in Digital Rights Ireland and
Seitlinger,156 where the legislature imposes interference on the right to privacy, it
should also ensure that appropriate safeguards are foreseen.
As explained above, privacy must be seen as a normative value representing the
human dignity and autonomy of an individual. It is a broad concept that – to a certain extent – encompasses the public sphere. Privacy must be interpreted in a broad
and dynamic way. This is further illustrated by the Court of Justice’s case law, which
emphasises that non-sensitive information may also amount to interference with the
152
J.H. Gerards, “Fundamental rights and other interests – should it really make a difference?”, in:
E. Brems (ed.), Conflicts between Fundamental Rights, Antwerp: Intersentia, 2008, at 657.
153
This is more complicated, but a general theory of privacy is not necessary for this book. See
also: G. González Fuster, “The Emergence of Personal Data Protection as a Fundamental Right of
the EU”, Law, Governance and Technology Series 16, 2014, Chapter 2 and the literature mentioned there.
154
According to the case law of the ECtHR: “… in addition to this primarily negative undertaking,
there may be positive obligations inherent in an effective respect for private or family life. These
obligations may involve the adoption of measures designed to secure respect for private life even
in the sphere of the relations of individuals between themselves”. See, e.g., Von Hannover v
Germany, 2004, Application No 59320/00, at 57.
155
Older examples can be found in L.F.M. Verhey, Horizontale werking van grondrechten, in het
bijzonder op het recht van privacy, W.E.J. Tjeenk Willink, 1992, Chapter 9.
156
Joined Cases C-293/12 and C-594/12, Digital Rights Ireland (C-293/12) and Seitlinger
(C-594/12).
44
2 Privacy and Data Protection as Values of the EU That Matter, Also…
right to privacy and, too, that adverse consequences are not required for such
interference.157
In Digital Rights Ireland and Seitlinger,158 the Court of Justice referred to the
essence of the right to privacy in relation to personal information. The Court considered that the essence of the right to privacy – a notion defined under Article 52(1)
Charter in respect of all fundamental rights – was not affected by Directive 2006/24
on data retention159 since this directive “does not permit the acquisition of knowledge of the content” of communications. Schrems, by contrast, concerned access to
the content, i.e., the inverse situation. According to the Court, generalised access to
the content of electronic communications compromises the essence of the right to
privacy.160
One can argue whether the Court’s specific understanding of this concept of the
essence of privacy makes sense in a developing information society, where traffic
and location data reveal a great deal of the privacy of individuals.161 In any event, the
Court determined that there is an area where there can be serious interference with
the right to privacy, but that is outside its essence, while there is also an area where
such interference compromises the essence.162
2.9.1 F
our Types of Qualified Interests: Information Use
by Governments, Health, Vulnerable Groups
and Reputation
In order to provide a better understanding of informational privacy this book
explores various types of interference. In the case law there are various qualified
interests that may create an interference with privacy. This book considers four
types of qualified interests163: storing, monitoring and interception of information
See, most recently, Case C-362/14, Schrems, EU:C:2015:650, at 87.
Joined Cases C-293/12 and C-594/12, Digital Rights Ireland (C-293/12) and Seitlinger
(C-594/12), at 39.
159
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the
retention of data generated or processed in connection with the provision of publicly available
electronic communications services or of public communications networks and amending
Directive 2002/58/EC, OJ L 105/54.
160
Case C-362/14, Schrems, EU:C:2015:650, at 94.
161
In the era of big data, as explained by Bruce Schneier, Data and Goliath (W.W. Norton &
Company, 2015), mainly in the first part of the book.
162
In a paper of 2013 Gellert and Gutwirth dismissed the assumption that there is an ‘essence’ of
the right to privacy. This dismissal is useful in the sense that it illustrates the complicated nature of
the right to privacy. In view, however, of the recent case law, the statement as such is no longer
valid. Raphael Gellert and Serge Gutwirth, “The legal construction of privacy and data protection”, Computer Law & Security Review 29 (2013), pp. 522–530.
163
The listing in this book is meant to be illustrative, not exhaustive. A similar listing is given by
Christopher Docksey, “Articles 7 and 8 of the EU Charter: two distinct fundamental rights”, in:
157
158