Origins and Historical Context of Data Protection Law Flashcards
What was the rationale for European Data Protection Law?
Increase of computers for communications in 1970s
Trans-border trade
Balance between national concerns for personal freedom and privacy, and the ability to support free trade at European Economic Community (EEC) level
This is also where the EU gets the authority to regulate privacy (free movement)
What does UDHR stand for?
Universal Declaration of Human Rights (1948)
When was UDHR adopted?
1948 - after atrocities of world war 2
UDHR acknowledges…
“the inherent dignity and the equal and inalienable rights of all members of the human race in the foundation of freedom, justice, and peace in the world”
What is article 12 of the UDHR?
Right to privacy
What is article 19 of the UDHR?
Right to freedom of information/transfer of information
What is article 29(2) of the UDHR?
Sets out the circumstances in which limitations
on individual rights are permissible i.e. balancing of rights
What does ECHR stand for?
European Convention of Human Rights
Who was the ECHR drafted by?
Council of Europe
When was the ECHR opened for signature?
1950 in Rome
When was the ECHR entered into force?
1953
What does ECtHR stand for?
European Court of Human Rights (aka the Strasbourg Court)
Where is the ECtHR located?
Strasbourg, France
What is the ECtHR?
A system of enforcement and binding decisions, that may also give advisory opinions on European Convention of Human Rights
What is Article 8 of the ECHR?
The right to privacy: concerns necessity and proportionality, public interest, not an absolute right
What is Article 10 of the ECHR?
Right to freedom of expression/information
What is Article 10(2) of the ECHR?
Balance of freedom of expression/information and reasons to breach rights -
Necessary in a democratic society
National security
Territorial integrity
Public safety
Prevention of disorder or crime
Protection of health or morals
Protection of the reputation or the rights of others
Preventing disclosure of information received in confidence
Maintaining the authority and impartiality of the judiciary
Between the 1960s - 1980s, countries had laws controlling use of personal information by government and large companies. National legislation didn’t adequately protect right to privacy with emerging technological advances. What recommendation was made?
Recommendation 509 on Human Rights and modern scientific and technological developments (Council of Europe, CoE)
In 1973-1973, the Council of Europe made what resolutions? What did they cover?
Resolutions 73/2 and 74/29: principles of data protection in automated databanks
What does OECD stand for?
Organisation for Economic Co-operation and Development
What were the OECD guidelines on the protection of privacy and transborder flows of personal data?
to facilitate the harmonization of data protection law between countries
not legally binding
no distinction between personal info gathered electronically or not
notice or consent
specific purpose for collection
individual rights to obtain information from data controller
balance privacy and free flow of information/trade
domestic laws may have higher standards
What is the Council of Europe convention 108?
For the Protection of Individuals with regard to Automatic Processing of Personal Data)
Legally binding: first binding international instrument to set standards for personal data and balance with free flow of info for int’l trade
Those using personal information have social responsibility to safeguard such personal data
Based on principles of CoE 73/22 and 74/29
Exceptions allowed for signatories when necessary measure in democratic society (e.g. state security or crim investigation) **proportionality
***FREE FLOW OF INFO AMONG SIGNATORIES b/c min level of protection
Additional Protocol addresses transfers to countries that are not signatories
Legitimate interests of the individual
In the public interest
Transfer based on contractual clauses approved by supervisory authority
Mutual assistance with supervisory authorities
CoE Convention 108 was open to signature by…
countries outside Europe!
it’s still the only binding legal instrument with a worldwide scope of application in field of data protection open to any country
When was the Data Protection Directive (95/46/EC) brought into force?
1995 (the European Commission called on the European Parliament in 1976)
What do the directives in the Data Protection Directive (95/46/EC) provide?
Legislation only - methods of implementation are left to the member states.
What convention is the Data Protection Directive (95/46/EC) based on?
Convention 108
What was the drawback of the Data Protection Directive (95/46/EC)? How was this fixed?
Differences in member states led to incorrect implementation/different standards - e.g. requirement to notify local DPAs of processing details. This was fixed by GDPR.
