Table Of ContentThe Emergence of Personal Data Protection
as a Fundamental Right of the EU
Law, Governance and Technology Series
VoLUmE 16
Series Editors:
PomPEU CASANoVAS, UAB Institute of Law and Technology,
Bellaterra, Barcelona, Spain
GIoVANNI SARToR, European University Institute, Florence, Italy
ISSUES IN PRIVACY AND DATA PRoTECTIoN
Sub Series Editor:
Serge Gutwirth
Law, Science, Technology and Society (LSTS)
Vrije Universiteit Brussels (VUB)
Brussel
Belgium
Scientific Advisory Board:
GIANmARIA AJANI, University of Turin, Italy; KEVIN ASHLEY, University of
Pittsburgh, USA; KATIE ATKINSoN, University of Liverpool, UK; TREVoR J.m.
BENCH-CAPoN, University of Liverpool, UK; V. RICHARDS BENJAmINS,
Telefonica, Spain; GUIDo BoELLA, Universita’ degli Studi di Torino, Italy; JooST
BREUKER, Universiteit van Amsterdam, The Netherlands; DANIÈLE BoURCIER,
University of Paris 2-CERSA, France; Tom BRUCE, Cornell University, USA;
NURIA CASELLAS, Institute of Law and Technology, UAB, Spain; CRISTIANo
CASTELFRANCHI, ISTC-CNR, Italy; JACK G. CoNRAD, Thomson Reuters,
USA; RoSARIA CoNTE, ISTC-CNR, Italy; FRANCESCo CoNTINI, IRSIG-
CNR, Italy; JESÚS CoNTRERAS, iSOCO, Spain; JoHN DAVIES, British
Telecommunications plc, UK; JoHN DomINGUE, The Open University, UK;
JAImE DELGADo, Universitat Politécnica de Catalunya, Spain; mARCo FABRI,
IRSIG-CNR, Italy; DIETER FENSEL, University of Innsbruck, Austria; ENRICo
FRANCESCoNI, ITTIG-CNR, Italy; FERNANDo GALINDo, Universidad de
Zaragoza, Spain; ALDo GANGEmI, ISTC-CNR, Italy; mICHAEL GENESERETH,
Stanford University, USA; ASUNCIÓN GÓmEZ-PÉREZ, Universidad Politécnica
de Madrid, Spain; THomAS F. GoRDoN, Fraunhofer FOKUS, Germany; GUIDo
GoVERNAToRI, NICTA, Australia; GRAHAm GREENLEAF, The University
of New South Wales, Australia; mARKo GRoBELNIK, Josef Stefan Institute,
Slovenia; SERGE GUTWIRTH, Vrije Universiteit Brussels; JAmES HENDLER,
Rensselaer Polytechnic Institute, USA; RINKE HoEKSTRA, Universiteit van
Amsterdam, The Netherlands; ETHAN KATSH, University of Massachusetts
Amherst, USA; mARC LAURITSEN, Capstone Practice Systems, Inc., USA;
RoNALD LEENES, Tilburg Institute for Law, Technology, and Society, Tilburg
University, The Netherlands; PHILIP LIETH, Queen’s University Belfast, UK;
ARNo LoDDER, VU University Amsterdam, The Netherlands; JoSÉ mANUEL
LÓPEZ CoBo, Playence, Austria; PIERRE mAZZEGA, LMTG-UMR5563
CNRS/IRD/UPS, France; mARIE-FRANCINE moENS, Katholieke Universiteit
Leuven, Belgium; PABLo NoRIEGA, IIIA-CSIC, Spain; ANJA oSKAmP,
Open Universiteit, The Netherlands; SASCHA oSSoWSKI, Universidad Rey
Juan Carlos, Spain; UGo PAGALLo, Università degli Studi di Torino, Italy;
moNICA PALmIRANI, Università di Bologna, Italy; ABDUL PALIWALA,
University of Warwick, UK; ENRIC PLAZA, IIIA-CSIC, Spain; mARTA PoBLET,
Institute of Law and Technology, UAB, Spain; DANIEL PoULIN, University of
Montreal, Canada; HENRY PRAKKEN, Universiteit Utrecht and The University
of Groningen, The Netherlands; HAIBIN QI, Huazhong University of Science
and Technology, P.R. China; DoRY REILING, Amsterdam District Court, The
Netherlands; PIER CARLo RoSSI, Italy; EDWINA L. RISSLAND, University
of Massachusetts, Amherst, USA; CoLIN RULE, University of Massachusetts,
USA; mARCo SCHoRLEmmER, IIIA-CSIC, Spain; CARLES SIERRA, IIIA-
CSIC, Spain; mIGEL ANGEL SICILIA, Universidad de Alcalá, Spain; RoNALD
W. STAUDT, Chicago-Kent College of Law, USA; RUDI STUDER, Karlsruhe
Institute of Technology, Germany; DANIELA TISCoRNIA, ITTIG-CNR, Italy;
JoAN-JoSEP VALLBÈ, Universitat de Barcelon, Spain; Tom VAN ENGERS,
Universiteit van Amsterdam, The Netherlands; FABIo VITALI, Università di
Bologna, Italy; mARY-ANNE WILLIAmS, The University of Technology, Sydney,
Australia; RADBoUD WINKELS, University of Amsterdam, The Netherlands;
ADAm WYNER, University of Liverpool, UK; HAJImE YoSHINo, Meiji Gakuin
University, Japan; JoHN ZELEZNIKoW, University of Victoria, Australia
For further volumes:
http://www.springer.com/series/8808
Gloria González Fuster
The Emergence of Personal
Data Protection as a
Fundamental Right of the EU
1 3
Gloria González Fuster
Law, Science, Technology and Society
(LSTS)
Vrije Universiteit Brussel (VUB)
Brussels
Belgium
ISSN 2352-1902 ISSN 2352-1910 (electronic)
ISBN 978-3-319-05022-5 ISBN 978-3-319-05023-2 (eBook)
DoI 10.1007/978-3-319-05023-2
Springer Cham Heidelberg New York Dordrecht London
Library of Congress Control Number: 2014934169
© Springer International Publishing Switzerland 2014
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of
the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology
now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection
with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and
executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this
publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s
location, in its current version, and permission for use must always be obtained from Springer. Permissions
for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to
prosecution under the respective Copyright Law.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of publication,
neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
material contained herein.
Printed on acid-free paper
Springer is part of Springer Science+Business media (www.springer.com)
To my father, who has taught me how important it is to
have the freedom to erase names, and to invent them,
and to my mother, who has taught me how important it
is to safeguard them.
Acknowledgements
This book is largely based on a Ph.D. thesis defended at the Faculty of Law and
Criminology of the Vrije Universiteit Brussel (VUB) in may 2013. It would not
have been possible without the help of Prof. Dr. Serge Gutwirth (main supervi-
sor). For his inestimable knowledge, dedicated support, and exceptional kindness,
I consider myself extremely lucky. I am also deeply indebted to Prof. Dr. Paul De
Hert (co-supervisor), without whom my academic career would have been signifi-
cantly less stimulating; to Dr. Antoinette Rouvroy (member of the thesis’ Advisory
Commission), for her advice and sustained encouragement, and to all the members
of the jury for their precious comments and questions: Prof. Dr. Colin Bennett,
Prof. Dr. Em. Bart De Schutter, Prof. Dr. Youri Devuyst, Prof. Dr. mireille Hilde-
brandt, and Dr. Ricard martínez martínez,
I would like to acknowledge the financial support of some projects to which I
contributed while carrying out this research: Reflexive Governance in the Public
Interest (REFGoV), Converging and conflicting ethical values in the internal/ex-
ternal security in continuum in Europe (INEX), and Privacy and Security Mirrors
(PRISmS), all co-funded by the European Union. The collaboration of the staff of
the European Parliament's Register of Documents, and at the Historical Archives of
the European Commission, was particularly helpful. I also thank VUB’s Institute
of European Studies (IES), and the Law, Science, Technology and Society (LSTS)
Research Group for their kind hospitality. I am thankful to all my colleagues; I can-
not mention them all, so I will just mention Rocco Bellanova.
Guillaume De martelaer encouraged me to undertake this research a long time
ago, and has supported me ever since. our son Jean has been waking me up every
morning with a smile. For their help, patience and inspiration, I am profoundly
grateful. I am also very much indebted to Josiane and Guy De martelaer for their af-
fection and availability, and to Daniel González Fuster for his infallible assistance.
Thank you.
ix
Contents
1 I ntroduction ................................................................................................ 1
1.1 T he EU Fundamental Right to the Protection of Personal Data ......... 1
1.2 R esearch Questions ............................................................................. 3
1.3 S cope and Limitations ......................................................................... 4
1.4 A Study of Change in (EU) Law ......................................................... 6
1.4.1 m ultilingualism and EU Law ................................................... 6
1.4.2 T ranslation and EU Law ........................................................... 9
1.4.3 T ranslation, Untranslatability and Law .................................... 11
1.4.4 U ndecidability and Change in Law .......................................... 12
1.5 o utline ................................................................................................. 14
1.6 S ources ................................................................................................ 15
References .................................................................................................... 15
I Before the European Union ....................................................................... 19
2 P rivacy and the Protection of Personal Data Avant la Lettre ................. 21
2.1 I ntroducing Privacy ............................................................................. 21
2.1.1 m apping Privacies .................................................................... 22
2.1.2 ( Re)defining Privacy in the US ................................................ 27
2.2 P rivacy from an International Perspective .......................................... 37
2.2.1 E urope and the Search for (modern) Privacy ........................... 37
2.2.2 P rivacy in other Words? ........................................................... 44
2.3 S ummary ............................................................................................. 48
References .................................................................................................... 49
3 The Surfacing of National Norms on Data Processing in Europe ......... 55
3.1 P ioneering Ad-Hoc Acts ...................................................................... 56
3.1.1 G erman Federal State of Hesse ................................................ 56
3.1.2 S weden ..................................................................................... 58
3.1.3 G ermany ................................................................................... 59
3.1.4 F rance ....................................................................................... 61
3.1.5 o ther Pioneering Acts ............................................................... 65
xi
xii Contents
3.2 E arly Constitutional Recognition ...................................................... 66
3.2.1 P ortugal ................................................................................... 66
3.2.2 A ustria ..................................................................................... 67
3.2.3 S pain ....................................................................................... 68
3.3 S ummary ........................................................................................... 70
References .................................................................................................. 71
4 T he Materialisation of Data Protection in International Instruments 75
4.1 T he oECD and its Guidelines ........................................................... 76
4.1.1 F rom the Computer Utilisation Group to the Data
Bank Panel .............................................................................. 76
4.1.2 T he oECD Guidelines ............................................................ 77
4.2 T he Council of Europe and Convention 108 ..................................... 81
4.2.1 P rivacy as (Insufficiently) Protected by Article 8
of the ECHR ........................................................................... 81
4.2.2 C ouncil of Europe’s Recommendation 73 (22)
and Recommendation 74 (29) ................................................ 84
4.2.3 C ouncil of Europe’s Convention 108 ..................................... 86
4.2.4 I mpact of Convention 108 on National Laws ......................... 92
4.3 E uropean Court of Human Rights Case Law .................................... 94
4.3.1 A Broad Interpretation of the Right to Respect for
Private Life ............................................................................. 95
4.3.2 P rotection of Information Relating to Private Life ................. 96
4.3.3 H ealth Data ............................................................................. 101
4.3.4 A ccess to Data and Article 8 of the ECHR ............................. 102
4.3.5 I ntegration Through Article 8(2) of the ECHR ...................... 103
4.4 S ummary ........................................................................................... 104
References .................................................................................................. 105
II In the European Union ........................................................................... 109
5 T he Beginning of EU Data Protection .................................................... 111
5.1 E arly Involvement ............................................................................. 111
5.1.1 C ommunity Policy on Data Processing .................................. 112
5.1.2 T he 1975 and 1976 Resolutions of the European Parliament 115
5.1.3 C ommission’s First Steps ....................................................... 117
5.1.4 T he 1979 Resolution of the European Parliament .................. 118
5.1.5 E U Data Protection Emerging outside EC Law .................... 122
5.2 D eveloping EC Data Protection Law ................................................ 124
5.2.1 D irective 95/46/EC ................................................................. 124
5.2.2 S cope and Content .................................................................. 136
5.2.3 D irective 97/66/EC ................................................................. 140
5.2.4 D ata Protection and EC Institutions and Bodies .................... 143
5.2.5 T hird Pillar Data Protection .................................................... 145
