The dramatic expansion of the internet over the past twenty years has presented us with new challenges regarding human rights, specifically the balancing of the rights to freedom of the media and freedom of expression on the one hand, and the rights to privacy and data protection on the other.
Typing one’s name into a search engine, however unknown we may consider ourselves to be, can wield a range of results about ourselves, from social media pages to news and other forms of information. Most of us have a digital identity made up of fragments of the past and present, which persist over time. This digital identity is knowingly or unknowingly used by other actors on the internet for purposes we may not be aware of.
Edward Snowdon’s revelations in 2013 about the surveillance programmes operated by the US’ National Security Agency and the UK’s GCHQ have heightened concern about the protection of our right to privacy and data protection in Europe.
Both the right to a private life and the right to data protection are protected under EU law and the European Convention on Human Rights. Neither are absolute though – your right to privacy and data protection may be limited in certain circumstances. Making use of these exceptions, government surveillance programmes have relied on national security to justify intrusions into privacy. These restrictions have been made all the more difficult to question as information on these limitations is kept secret. The development of the right to be forgotten also raises serious questions over the role of private companies in deciding when a right has been violated.
The right to privacy and the right to data protection are protected under the EU’s Charter of Fundamental Rights in Articles 7 and 8 respectively. The right to a private life is also protected in the European space and in all EU countries under Article 8 of the European Convention on Human Rights. Data protection is regulated throughout the EU under the Data Protection directive, passed in 1995, which required EU member states to pass national laws on data protection.
The 1995 Data Protection Directive ensures that individuals have strong rights over the processing and controlling of data concerning them, including the right to object to the processing of data and the right to access data. The “controller” of the data must ensure that information is collected for “specific, explicit and legitimate purposes,” and must make every effort to ensure that the data is accurate, and rectify or erase it if it is not. The Data Protection Directive does however impose the obligation of Member States to provide a number of exceptions in cases of public interest, for example the same data protection standards do not apply in instances of journalistic or artistic or literary expression.
Recent rulings by the European Court of Justice have stated that, “the right to data protection is not … an absolute right but must be considered in relation to its function in society,” and should be measured using the principle of proportionality. Freedom of expression in particular often comes into conflict with the right to data protection, given its nature as another fundamental right which, in contrast to the prohibition of torture or slavery say, is not absolute and instead has to be “viewed in relation to its social purpose.”
The EU’s data protection regime It is also going through a process of revision. In 2012 the European Commission proposed a new data protection regulation, which would seek to harmonise the way member states deal with data protection, explicitly include the right to be forgotten and obliging non-European firms offering services to Europeans to conform with EU data privacy rules.
You can find out more here: http://www.echr.coe.int/Documents/Handbook_data_protection_ENG.pdf
You have the right to: