Abstract
The right to respect for private life is developed in European legal frameworks through different legal notions and instruments. One of such mechanisms for privacy protection, constantly backed up by the European Union (EU) legislator for already more than a decade, is the regulation of so-called unsolicited communications. This contribution explores this EU approach and argues that, in the light of current and upcoming developments, a profound revision of the notion might be needed. More concretely, it concludes that there is a need to move from a regulation of unsolicited communications to the regulation of unsolicited ‘adjustments’ (i.e., automatic adaptations of software or devices).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Article 8 of the ECHR: “(1) Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.
- 2.
It will be noted that Article 8 of the ECHR does not mention the term ‘privacy’, but refers to the right of respect for one’s private life. This notion, which has been developed over the years by the European Court of Human Rights in an activist fashion, has an open and evolving nature: thus, it has been judged that it may be not only impossible, but also useless to define it (F. Rigaux, “La protection de la vie privée et des autres biens de la personnalité” (Bruxelles: Bruylant, 1990), 725). The notion is related to, but not fully coincidental with the notions of ‘privacy’ as conceived by American or British legal frameworks. The notion of ‘privacy’ has been extensively debated from different perspectives (see, notably: F.D. Schoeman, ed., “Philosophical Dimensions of Privacy: An Anthology” (Cambridge: Cambridge Univ. Press, 1984) and should in any case also be considered as referring to a plurality of values (on the relation between both notions, see, among others: M. Hildebrandt, “Profiling and the Identity of the European Citizen”, in Profiling the European Citizen: Cross-Disciplinary Perspectives, eds. M. Hildebrandt and S. Gutwirth, 303–43 (New York: Springer, 2008b).
- 3.
S. Gutwirth, “Privacy and the Information Age” (Lanham: Rowman & Littlefield Publ., 2002), 16–20 and 83–108.
- 4.
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28/1/1981 (Convention No. 108), and Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows, Strasbourg, 8/12/2001.
- 5.
See, notably: OECD-Guidelines on the Transborder Flows of Personal Data, Paris, 23 September 1980 (via www.oecd.org) and the Directive 95/46/EC of the European Parliament and Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L281 (23.11.1995): 31–50.
- 6.
See, in this sense: D. Korff, “The Legal Framework: An Analysis of the “Constitutional” European Approach to Issues of Data Protection and Law Enforcement”, UK Information Commissioner Study Project: Privacy & Law Enforcement, Foundation for Information Policy Research (FIPR).
- 7.
Cf. P. De Hert and S. Gutwirth, “Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power”, in Privacy and the Criminal Law, eds. E. Claes, A. Duff, and S. Gutwirth, 61–104 (Antwerp: Intersentia, 2006) and P. De Hert. and S. Gutwirth, “European Data Protection’s Constitutional Project. Its Problematic Recognition in Strasbourg and Luxembourg”, in Reinventing Data Protection? eds. S. Gutwirth et al., 3–44 (Dordrecht: Springer, 2006). The impact of the progressive emancipation of the right to the protection of personal data, both on its very content and on the content of the right to privacy, is still to be fully assessed. Such an assessment would in particular need to take into account the complexity of the EU system for the protection of fundamental rights, in which different levels of protection (the Council of Europe, the EU and the national legal frameworks) coexist and influence each other.
- 8.
For example, the judiciary and the legislator were forced to rethink how to ensure the confidentiality of communications with the advent of the telephone, with the European Court of Human Rights eventually taking the view that the numbers dialled are an integral element in the communications made by telephone (Malone v. The United Kingdom, n 8691/79 A n 95, § 84 (European Court of Human Rights, 2 August 1984) and consequently inspiring regulation from this perspective.
- 9.
Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the Protection of Consumers in respect of distance contracts, Official Journal L144 (4.6.1997): 19–27. See also: Lodewijk F. Asscher and Sjo Anne Hoogcarspel, “Regulating Spam: A European Perspective After the Adoption of the E-Privacy Directive” (The Hague: T.M.C. Asser Press, 2006), 20.
- 10.
Recital (17) of Directive 97/7/EC.
- 11.
Article 10(1) of Directive 97/7/EC.
- 12.
Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector, Official Journal L24 (30.1.1998): 1–8.
- 13.
Recital (22) of Directive 97/66/EC.
- 14.
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Official Journal L178, (4.6.1997): 1–16.
- 15.
L. F. Asscher and S. A. Hoogcarspel (2006), op. cit., 21.
- 16.
Recital (30) of Directive 2000/31/EC.
- 17.
Article 7 of Directive 2000/31/EC.
- 18.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal L201 (31.7.2002): 37–47. Directive 2002/58/EC replaced Directive 97/66/EC.
- 19.
Directive 2002/58/EC, Recital (40).
- 20.
Directive 2002/58/EC, Article 13(1). Notwithstanding this general rule, Article 13(2) established that where a natural or legal person obtains from its customers their electronic contact details for electronic mail, in the context of the sale of a product or a service, in accordance with Directive 95/46/EC, the same person may use these details for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use. It shall be noted that, although Article 13 aims at harmonising the conditions under which electronic communications can be used for marketing purposes, there is a general understanding that some of the concepts it uses appear to be subject to differences of interpretation in EU Member States (Article 29 Data Protection Working Party 2004, Opinion 5/2004 on Unsolicited Communications for Marketing Purposes Under Article 13 of Directive 2002/58/EC, WP 90, Brussels, 27 February, 2).
- 21.
Which can be understood as the will to adopt regulation applicable regardless of technological change. On technological neutrality, see: B.J. Koops, “Should ICT Regulation Be Technology-Neutral?” in Starting Points for ICT Regulation. Deconstructing Prevalent Policy One-Liners, eds. B.J. Koops et al., 77–108 (The Hague: T.M.C. Asser Press, 2006). As an example of a policy document arguing in favour of technological neutrality, see, for instance: Organisation for Economic Co-operation and Development (OECD), “RFID Radio Frequency Identification: OECD Policy Guidance: A Focus on Information Security and Privacy Applications, Impacts and Country Initiatives”, OECD Digital Economy Papers, No. 150 (2008, 6).
- 22.
This should not be interpreted as implying that other provisions contained in the Directives dealing with the regulation of unsolicited communications are not designed to develop the protection of personal data. Directive 2002/58/EC, for instance, is indeed partially concerned with ‘particularising’ the protection granted by Directive 95/46/EC (see Article 1(2) of Directive 2002/58/EC: “The provisions of this Directive particularise and complement Directive 95/46/EC for the purposes mentioned in paragraph 1”).
- 23.
Even though it is not exclusively concerned with the protection of natural persons, but also with the protection of legal persons (see, notably, Recitals (12) and (45) and Article 1(2) of Directive 2002/58/EC).
- 24.
Thus demonstrating the relevance of relying on a notion of privacy as a concept serving a multiplicity of values (see note 2). See also: A. Rouvroy and Poullet, “The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy”, in Reinventing Data Protection? eds. S. Gutwirth et al. 45–76 (Dordrecht: Springer, 2009).
- 25.
See, for instance: Múgica S. Cavanillas, “Dos derechos emergentes del consumidor: a no ser molestado y a una interacción informativa”. Revista general de legislación y jurisprudencia 2 (2008): 175–93. The connections between consumer law and privacy protection have been increasingly explored during the past years, especially as privacy has been positioned as a key element of consumer confidence in the digital environment (see, for instance: Y. Poullet, “Les aspects juridiques des systèmes d’information”. Lex Electronica 10 (3) (2006): 15, also available online at http://www.lex-electronica.org/articles/v10-3/poullet.htm; F. Alleweldt et al., “Consumer Confidence in the Digital Environment”, Briefing Note, European Parliament, PE382.173 p. 11), but much more could be certainly be done to reinforce them, in particular by reinforcing the effectiveness of privacy protection through consumer law mechanisms.
- 26.
Council Directive 89/552/EEC of 3 October 1989 on the coordination of certain provisions laid down by Law, Regulation Or Administrative Action in Member States concerning the pursuit of television broadcasting activities, Official Journal of the European Communities L298 (17.10.1989): 23–30.
- 27.
See Article 11 of Directive 89/552/EEC.
- 28.
Directive 97/36/EC of the European Parliament and of the Council of 30 June 1997 amending Council Directive 89/552/EEC on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the pursuit of television broadcasting activities, Official Journal of the European Communities L202 (30.7.1997): 60–70.
- 29.
Directive 2007/65/EC of the European Parliament and of the Council of 11 December 2007 amending Council Directive 89/552/EEC on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the pursuit of television broadcasting activities, Official Journal of the European Communities L332 (18.12.2007): 27–45.
- 30.
The intention here is thus not to preserve the privacy of individuals against the risks of television consumption, but to make sure that individuals can access television programmes without suffering the burden of excessive advertising. For an understanding of television as a force marking the destruction of privacy by taking individuals away from their private intensions, see: Mills C. Wright, “The Power Elite” (New York: Oxford Univ. Press, 1956, 2000), 314.
- 31.
About “ambient intelligence” techniques and impacts, read Wright et al., “Safeguards in a World of Ambient Intelligence” (Dordrecht: Springer, 2008); and M. Hildebrandt, “Profiling and the Rule of Law”, Identity in Information Society (IDIS) 1 (1) (2008a): 6.
- 32.
For instance, Directive 2002/58/EC defines ‘communication’ as “any information exchanged or conveyed between a finite number of parties by means of a publicly available electronic communications service” (Article 2(d)).
- 33.
Cf. González Fuster G. and S. Gutwirth, “Privacy 2.0?” Revue du droit des Technologies de l’Information, Doctrine 32 (2008): 357–59.
- 34.
Five French NGOs (Résistance à l’agression publicitaire, Souriez vous êtes filmés, Big Brother Awards, Robin des toits and Le Publiphobe) introduced a complaint against the companies responsible for the advertisement in the Parisian underground because of the mentioned screens. For the official press release dated from April 22, 2009 see: http://bigbrotherawards.eu.org/Ecrans-de-pub-interactifs-la-RATP-et.html.
- 35.
Called Majority Report.
- 36.
Commission nationale de l’informatique et des libertés (CNIL).
- 37.
For its press release, see: http://www.cnil.fr/index.php?id=2538&tx_ttnews[backPid]=17&tx_ttnews[swords]=Recommandation%20de%20la%20CNIL&tx_ttnews[tt_news]=440&cHash=b9249cf46d
- 38.
And as the actual determination of the age and gender of audience was not being operated in that particular case.
- 39.
Closed-circuit television.
- 40.
Named Quividi.
- 41.
See: http://www.quividi.com/fr/message_targeting.html
- 42.
See, notably: L. A. Bygrave, “Data Protection Law: Approaching Its Rationale, Logic and Limits” (The Hague: Kluwer Law International, 2002); Y. Poullet, “Pour une troisième génération de réglementations de protection des données” Jusletter, also available online at http://jusletter.weblaw.ch/article/de/_4213; and, in relation to profiling in particular, M. Hildebrandt and S. Gutwirth (2008b), op. cit.
- 43.
Defined as “any information relating to an identified or identifiable natural person (‘data subject’)” in Directive 95/46/EC (Article 2(a)).
- 44.
These observations are not meant to suggest that the current problems faced by personal data protection law are insurmountable. Many efforts have been deployed to refine and reinforce data protection law, and they should certainly be backed up.
- 45.
For the moment, regulated mainly through self-regulation efforts. See, for instance: International Advertising Bureau (IAB), “Good Practice Principles for Online Behavioural Advertising” (2009); Federal Trade Commission, “FTC Report: Self-Regulatory Principles for Online Behavioral Advertising” (February 2009). Online behavioural advertising practices can also be instructive from the perspective of the regulation of unsolicited adjustments because of the innovative and sometimes subtle ways in which marketing practices sometimes take place, for instance by embedding product endorsements or blurring distinctions between advertising and editorial contents (The Public Voice, “Fuelling Creativity, Ensuring Consumer and Privacy Protection, Building Confidence and Benefiting from Convergence”, Civil Society Background Paper, (2008), 24).
- 46.
Such as Article 15 of Directive 95/46/EC.
- 47.
This approach would be fully consistent with Sunstein’s very important analysis of the possible negative impact on citizenship of excessive consumer choice (Cass R. Sunstein “Republic.com 2.0” (Princeton, PA: Princeton Univ. Press, 2007), 136). Unregulated unsolicited adjustments would not serve consumer choice, but could, on the contrary, tend to eradicate it by replacing it by the absolute impossibility of the choice for consumers, and the imposition on them of a certain vision of reality, predetermined by third parties. This imposition could have the same negative impact on citizenship as excessive consumer choice, or, possibly, even worse effects. Only by preserving the possibility for individuals to be released from these practices and confronted with the unexpected and the presumably unwanted can their ability to chose be ensured.
References
Alleweldt, F., F. Anna, and A. Merle. 2007. Consumer confidence in the digital environment. Briefing note, European Parliament, PE382.173.
Article 29 Data Protection Working Party. 2004. Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC. WP 90. Brussels, 27 February.
Asscher, L.F., and S.A. Hoogcarspel. 2006. Regulating spam: A European perspective after the adoption of the E-Privacy directive. The Hague: T.M.C. Asser Press.
Bygrave, L.A. 2002. Data protection law: Approaching its rationale, logic and limits. The Hague: Kluwer Law International.
Cavanillas Múgica, S. 2008. Dos derechos emergentes del consumidor: A no ser molestado y a una interacción informativa. Revista general de legislación y jurisprudencia 2: 175–93.
De Hert, P., and S. Gutwirth. 2006. Privacy, data protection and law enforcement. Opacity of the individual and transparency of powe. In Privacy and the criminal law, eds. E. Claes, A. Duff, and S. Gutwirth, 60–104. Oxford: Intersentia.
De Hert, P., and S. Gutwirth. 2009. European data protection’s constitutional project. Its problematic recognition in Strasbourg and Luxembourg. In Reinventing data protection? eds. S. Gutwirth, Y. Poullet, P. De Hert, and C. de Terwangne, 3–44. Dordrecht: Springer.
Federal Trade Commission. 2009. FTC report: Self-regulatory principles for online behavioral advertising. FTC, February.
González Fuster, G., and S. Gutwirth. 2008. Privacy 2.0? Revue du droit des Technologies de l’Information, Doctrine, 32: 349–59.
Gutwirth, Serge. 2002. Privacy and the information age. Lanham: Rowman & Littlefield Publ.
Hildebrandt, M. 2008a. Profiling and the rule of law. Identity in Information Society (IDIS) 1 (1): 55–70.
Hildebrandt, M. 2008b. Profiling and the identity of the European citizen. In Profiling the European citizen: Cross-disciplinary perspectives, eds. M. Hildebrandt and S. Gutwirth, 303–43. Profiling the European Citizen: Cross-Disciplinary Perspectives New York: Springer.
International Advertising Bureau (IAB). 2009. Good practice principles online behavioural advertising.
Koops, B.J. 2006. Should ICT regulation be technology-neutral? In Starting points for ICT regulation. Deconstructing prevalent policy one-liners, eds. B.J. Koops, M. Lips, C. Prins, and M. Schellekens, 77–108. The Hague: T.M.C. Asser Press.
Korff, D. 2004. The legal framework: an analysis of the “constitutional” European approach to issues of data protection and law enforcement. UK Information Commissioner Study Project: Privacy & Law Enforcement, Foundation for Information Policy Research (FIPR).
Organisation for Economic Co-operation and Development (OECD). 2008. RFID radio frequency identification: OECD policy guidance: A focus on information security and privacy applications, impacts and country initiatives. Paper presented at the meeting of the OECD Ministeriel, Seoul (OECD Digital Economy Papers, No. 150).
Poullet, Y. 2006. Les aspects juridiques des systèmes d’information. Lex Electronica 10 (3). Also available online at http://www.lex-electronica.org/articles/v10-3/poullet.htm.
Rigaux, F. 1990. La protection de la vie privée et des autres biens de la personnalité. Brussels: Bruylant.
Rouvroy, A., and Poullet, Y. 2009. The right to informational self-determination and the value of self-development: Reassessing the importance of privacy for democracy. In Reinventing data protection? eds. S. Gutwirth, Y. Poullet, P. De Hert, and C. de Terwangne, 45–76. Dordrecht: Springer.
Schoeman, F.D. ed. 1984. Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge Univ. Press.
Sunstein, Cass R. 2007. Republic.com 2.0. Princeton, PA: Princeton Univ. Press.
The Public Voice. 2008. Civil society background Paper: Fuelling creativity, ensuring consumer and privacy protection, building confidence and benefiting from convergence. Paper presented at the meeting of the OECD Ministeriel, Seoul.
Wright, D., S. Gutwirth, M. Friedewald, Y. Punie, and E. Vildjiounaite, eds. 2008. Safeguards in a world of ambient intelligence. Dordrecht: Springer Science.
Wright Mills, C. 1956, 2000. The power elite. New York: Oxford Univ. Press.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
González Fuster, G., Gutwirth, S., Hert, P.d. (2010). From Unsolicited Communications to Unsolicited Adjustments. In: Gutwirth, S., Poullet, Y., De Hert, P. (eds) Data Protection in a Profiled World. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8865-9_6
Download citation
DOI: https://doi.org/10.1007/978-90-481-8865-9_6
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-8864-2
Online ISBN: 978-90-481-8865-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)