Megrendelés

Radim Polcák: Some Notes on Current Paradoxes in the Law on Personal Data Protection* (IJ, 2008/1., (23.), 52-55. o.)

1. Introductory note

Teleology is the core of any legal regulatory instrument. As legal language has limits, we often need to use a purposive interpretation to focus the mind of the lawmaker in respect of the meanings of particular black-letter law terms. Unlike as in Czech law and in some other legal systems, EU law uses recitals to clarify the intention of the lawmaker and so the recital to Directive No. 95/46/EC plays the key role in the interpretation of EU and national data protective regulations.

It is not the writer's intention to analyse the particular provisions of the Directive and confront them with its aims. Rather, the intention is to offer a brief summary of recent experience with the development and application of data protection laws with reference to their most basic and most general teleology. The reason is to emphasise the emerging need for questions, even very basic ones, to be asked frequently - in fact, whenever we speak about this area of legal regulation, its methods and instruments.

In many cases, we are simply used to analyse and process the existing legal norms without feeling a need to question their legitimacy or, in other words, the reason for their existence. As noted by one of Europe's leading legal philosophers, Gustav Radbruch, the law is destined to serve three main purposes, i.e. certainty (safety), fairness (whatever that might mean!) and welfare[1]. Another highly influential legal theoretician, Lawrence Lessig, keeps the task even more simple (and more metaphorical), when he speaks about the need for the legal regulation to "do good." In the last part of his book "Free Culture", Lessig argues that[2]: 'The law should regulate in certain areas of culture - but it should regulate culture only where that regulation does good. Yet lawyers rarely test their power, or the power they promote, against this simple pragmatic question: "Will it do good?" When challenged about the expanding reach of the law, the lawyer answers, "Why not?"

We should, rather, ask, "Why?" Show me why your regulation of culture is needed; show me how it does good - and, until you can show me both, keep your lawyers away.'

In both cases, Radbruch and Lessig argued that we need to ask whether the particular law makes sense or not, and so the writer decided to attempt to confront the recent regulatory personal data protection framework with the very basic question: does it serve the purpose of certainty/fairness/welfare, or, in Lessig's words, does it do good?

Firstly, we shall define what we mean by 'doing good' in terms of personal data. The answer to is to be found in articles 1 and 2 of the recital to the Directive. They read as follows:

'(1) Whereas the objectives of the Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms;

(2) Whereas data-processing systems are designed to serve man; whereas they must, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably the right to privacy, and contribute to economic and social progress, trade expansion and the well-being of individuals.'

We can, in fact, extract from the recital the main aims of the Directive, which are:

1) to create a safer environment for individuals,

2) to protect individual rights and freedoms,

3) to remove barriers to the further integration of Europe, and

4) to enable economic progress.

The main part of the essay attempts to address some of the recent tensions between these aims and the praxis of the data protection concept, and the author thought it rational to show these as regulatory paradoxes.

Paradox 1: safety and fear

National government Acts adopting totally new patterns of protection, as required by the Directive, came into force in many European countries almost literarily overnight. In this way the introduction of personal data protection (PDP) legislation was widely promoted by various public and private institutions in order to ensure that the majority of people would be sufficiently informed of their new rights relating to their personal data.

There is no doubt that, from the legal standpoint, the new protective legislation gave individuals more means of protecting their privacy and discretion (their freedom to

- 52/53 -

act). What should, however, be evaluated is whether, in fact, the beneficiaries of the new regulations both are and feel safer - rather than the changes in their legal position.

Despite the fact that no up-to-date, official public surveys are available, it is not difficult to guess that what resulted from adopting this legislation and from its promotion was less a sense of safety and rather one of anxiety. The chain of logic used by the man in the street to interpret these new measures is likely to be:

1) there is new legislation protecting my personal data;

2) the value and relevance of my personal data must have grown;

3) the reason for protection is obviously a higher risk of the abuse of my data;

4) I need to look after and protect my personal data more carefully.

In this way, adopting the new protective legislation had an effect very different from the creation of a safer environment for European citizens. As many authors observe, the protective legislation developed the concept of individual rights to personal data similar to the concept of property[3]. It is, therefore, obvious that the new form of (value) ownership implies new psychological needs for self-protection, observance and, consequently, a fear of what will happen 'if I am not vigilant enough'.

In the case of many services of the information society, the providers had to start asking their users for permission to collect and use their personal data. This obligation, once again, did not create public trust, but rather raised suspicion and doubt over what negative effects might affect the individual in question if permission were given.

As a result, we can draw the partial conclusion that there was, in fact, no basic change to the value of personal data with the introduction of the new protective legislation, the solitary change appearing in the form of legal (administrative) protection. Notwithstanding this, the reaction of the public was, logically, one of fear and even hysteria.

Paradox 2: subjective values and objective regulation

The limits of privacy and discretion are objectively identifiable, but "ad hoc" always depends on individual circumstances. More than a hundred years ago, in one of the most influential publications on the protection of privacy, Samuel Warren and Louis Brandeis named privacy simply as the 'right to be left alone[4]'. This, more or less metaphorical, expression was later amended by numerous concepts always emphasising both the legal and ethical dimensions of privacy[5].

A teljes tartalom megtekintéséhez jogosultság szükséges.

A Jogkódex-előfizetéséhez tartozó felhasználónévvel és jelszóval is be tud jelentkezni.

Az ORAC Kiadó előfizetéses folyóiratainak „valós idejű” (a nyomtatott lapszámok megjelenésével egyidejű) eléréséhez kérjen ajánlatot a Szakcikk Adatbázis Plusz-ra!

Tartalomjegyzék

Visszaugrás

Ugrás az oldal tetejére