Skip to main content
SpringerLink
Log in

From Unsolicited Communications to Unsolicited Adjustments

Redefining a Key Mechanism for Privacy Protection

  • Chapter
  • First Online:
Data Protection in a Profiled World

Abstract

The right to respect for private life is developed in European legal frameworks through different legal notions and instruments. One of such mechanisms for privacy protection, constantly backed up by the European Union (EU) legislator for already more than a decade, is the regulation of so-called unsolicited communications. This contribution explores this EU approach and argues that, in the light of current and upcoming developments, a profound revision of the notion might be needed. More concretely, it concludes that there is a need to move from a regulation of unsolicited communications to the regulation of unsolicited ‘adjustments’ (i.e., automatic adaptations of software or devices).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Article 8 of the ECHR: “(1) Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.

  2. 2.

    It will be noted that Article 8 of the ECHR does not mention the term ‘privacy’, but refers to the right of respect for one’s private life. This notion, which has been developed over the years by the European Court of Human Rights in an activist fashion, has an open and evolving nature: thus, it has been judged that it may be not only impossible, but also useless to define it (F. Rigaux, “La protection de la vie privée et des autres biens de la personnalité” (Bruxelles: Bruylant, 1990), 725). The notion is related to, but not fully coincidental with the notions of ‘privacy’ as conceived by American or British legal frameworks. The notion of ‘privacy’ has been extensively debated from different perspectives (see, notably: F.D. Schoeman, ed., “Philosophical Dimensions of Privacy: An Anthology” (Cambridge: Cambridge Univ. Press, 1984) and should in any case also be considered as referring to a plurality of values (on the relation between both notions, see, among others: M. Hildebrandt, “Profiling and the Identity of the European Citizen”, in Profiling the European Citizen: Cross-Disciplinary Perspectives, eds. M. Hildebrandt and S. Gutwirth, 303–43 (New York: Springer, 2008b).

  3. 3.

    S. Gutwirth, “Privacy and the Information Age” (Lanham: Rowman & Littlefield Publ., 2002), 16–20 and 83–108.

  4. 4.

    Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28/1/1981 (Convention No. 108), and Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows, Strasbourg, 8/12/2001.

  5. 5.

    See, notably: OECD-Guidelines on the Transborder Flows of Personal Data, Paris, 23 September 1980 (via www.oecd.org) and the Directive 95/46/EC of the European Parliament and Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L281 (23.11.1995): 31–50.

  6. 6.

    See, in this sense: D. Korff, “The Legal Framework: An Analysis of the “Constitutional” European Approach to Issues of Data Protection and Law Enforcement”, UK Information Commissioner Study Project: Privacy & Law Enforcement, Foundation for Information Policy Research (FIPR).

  7. 7.

    Cf. P. De Hert and S. Gutwirth, “Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power”, in Privacy and the Criminal Law, eds. E. Claes, A. Duff, and S. Gutwirth, 61–104 (Antwerp: Intersentia, 2006) and P. De Hert. and S. Gutwirth, “European Data Protection’s Constitutional Project. Its Problematic Recognition in Strasbourg and Luxembourg”, in Reinventing Data Protection? eds. S. Gutwirth et al., 3–44 (Dordrecht: Springer, 2006). The impact of the progressive emancipation of the right to the protection of personal data, both on its very content and on the content of the right to privacy, is still to be fully assessed. Such an assessment would in particular need to take into account the complexity of the EU system for the protection of fundamental rights, in which different levels of protection (the Council of Europe, the EU and the national legal frameworks) coexist and influence each other.

  8. 8.

    For example, the judiciary and the legislator were forced to rethink how to ensure the confidentiality of communications with the advent of the telephone, with the European Court of Human Rights eventually taking the view that the numbers dialled are an integral element in the communications made by telephone (Malone v. The United Kingdom, n 8691/79 A n 95, § 84 (European Court of Human Rights, 2 August 1984) and consequently inspiring regulation from this perspective.

  9. 9.

    Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the Protection of Consumers in respect of distance contracts, Official Journal L144 (4.6.1997): 19–27. See also: Lodewijk F. Asscher and Sjo Anne Hoogcarspel, “Regulating Spam: A European Perspective After the Adoption of the E-Privacy Directive” (The Hague: T.M.C. Asser Press, 2006), 20.

  10. 10.

    Recital (17) of Directive 97/7/EC.

  11. 11.

    Article 10(1) of Directive 97/7/EC.

  12. 12.

    Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector, Official Journal L24 (30.1.1998): 1–8.

  13. 13.

    Recital (22) of Directive 97/66/EC.

  14. 14.

    Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Official Journal L178, (4.6.1997): 1–16.

  15. 15.

    L. F. Asscher and S. A. Hoogcarspel (2006), op. cit., 21.

  16. 16.

    Recital (30) of Directive 2000/31/EC.

  17. 17.

    Article 7 of Directive 2000/31/EC.

  18. 18.

    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal L201 (31.7.2002): 37–47. Directive 2002/58/EC replaced Directive 97/66/EC.

  19. 19.

    Directive 2002/58/EC, Recital (40).

  20. 20.

    Directive 2002/58/EC, Article 13(1). Notwithstanding this general rule, Article 13(2) established that where a natural or legal person obtains from its customers their electronic contact details for electronic mail, in the context of the sale of a product or a service, in accordance with Directive 95/46/EC, the same person may use these details for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use. It shall be noted that, although Article 13 aims at harmonising the conditions under which electronic communications can be used for marketing purposes, there is a general understanding that some of the concepts it uses appear to be subject to differences of interpretation in EU Member States (Article 29 Data Protection Working Party 2004, Opinion 5/2004 on Unsolicited Communications for Marketing Purposes Under Article 13 of Directive 2002/58/EC, WP 90, Brussels, 27 February, 2).

  21. 21.

    Which can be understood as the will to adopt regulation applicable regardless of technological change. On technological neutrality, see: B.J. Koops, “Should ICT Regulation Be Technology-Neutral?” in Starting Points for ICT Regulation. Deconstructing Prevalent Policy One-Liners, eds. B.J. Koops et al., 77–108 (The Hague: T.M.C. Asser Press, 2006). As an example of a policy document arguing in favour of technological neutrality, see, for instance: Organisation for Economic Co-operation and Development (OECD), “RFID Radio Frequency Identification: OECD Policy Guidance: A Focus on Information Security and Privacy Applications, Impacts and Country Initiatives”, OECD Digital Economy Papers, No. 150 (2008, 6).

  22. 22.

    This should not be interpreted as implying that other provisions contained in the Directives dealing with the regulation of unsolicited communications are not designed to develop the protection of personal data. Directive 2002/58/EC, for instance, is indeed partially concerned with ‘particularising’ the protection granted by Directive 95/46/EC (see Article 1(2) of Directive 2002/58/EC: “The provisions of this Directive particularise and complement Directive 95/46/EC for the purposes mentioned in paragraph 1”).

  23. 23.

    Even though it is not exclusively concerned with the protection of natural persons, but also with the protection of legal persons (see, notably, Recitals (12) and (45) and Article 1(2) of Directive 2002/58/EC).

  24. 24.

    Thus demonstrating the relevance of relying on a notion of privacy as a concept serving a multiplicity of values (see note 2). See also: A. Rouvroy and Poullet, “The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy”, in Reinventing Data Protection? eds. S. Gutwirth et al. 45–76 (Dordrecht: Springer, 2009).

  25. 25.

    See, for instance: Múgica S. Cavanillas, “Dos derechos emergentes del consumidor: a no ser molestado y a una interacción informativa”. Revista general de legislación y jurisprudencia 2 (2008): 175–93. The connections between consumer law and privacy protection have been increasingly explored during the past years, especially as privacy has been positioned as a key element of consumer confidence in the digital environment (see, for instance: Y. Poullet, “Les aspects juridiques des systèmes d’information”. Lex Electronica 10 (3) (2006): 15, also available online at http://www.lex-electronica.org/articles/v10-3/poullet.htm; F. Alleweldt et al., “Consumer Confidence in the Digital Environment”, Briefing Note, European Parliament, PE382.173 p. 11), but much more could be certainly be done to reinforce them, in particular by reinforcing the effectiveness of privacy protection through consumer law mechanisms.

  26. 26.

    Council Directive 89/552/EEC of 3 October 1989 on the coordination of certain provisions laid down by Law, Regulation Or Administrative Action in Member States concerning the pursuit of television broadcasting activities, Official Journal of the European Communities L298 (17.10.1989): 23–30.

  27. 27.

    See Article 11 of Directive 89/552/EEC.

  28. 28.

    Directive 97/36/EC of the European Parliament and of the Council of 30 June 1997 amending Council Directive 89/552/EEC on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the pursuit of television broadcasting activities, Official Journal of the European Communities L202 (30.7.1997): 60–70.

  29. 29.

    Directive 2007/65/EC of the European Parliament and of the Council of 11 December 2007 amending Council Directive 89/552/EEC on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the pursuit of television broadcasting activities, Official Journal of the European Communities L332 (18.12.2007): 27–45.

  30. 30.

    The intention here is thus not to preserve the privacy of individuals against the risks of television consumption, but to make sure that individuals can access television programmes without suffering the burden of excessive advertising. For an understanding of television as a force marking the destruction of privacy by taking individuals away from their private intensions, see: Mills C. Wright, “The Power Elite” (New York: Oxford Univ. Press, 1956, 2000), 314.

  31. 31.

    About “ambient intelligence” techniques and impacts, read Wright et al., “Safeguards in a World of Ambient Intelligence” (Dordrecht: Springer, 2008); and M. Hildebrandt, “Profiling and the Rule of Law”, Identity in Information Society (IDIS) 1 (1) (2008a): 6.

  32. 32.

    For instance, Directive 2002/58/EC defines ‘communication’ as “any information exchanged or conveyed between a finite number of parties by means of a publicly available electronic communications service” (Article 2(d)).

  33. 33.

    Cf. González Fuster G. and S. Gutwirth, “Privacy 2.0?” Revue du droit des Technologies de l’Information, Doctrine 32 (2008): 357–59.

  34. 34.

    Five French NGOs (Résistance à l’agression publicitaire, Souriez vous êtes filmés, Big Brother Awards, Robin des toits and Le Publiphobe) introduced a complaint against the companies responsible for the advertisement in the Parisian underground because of the mentioned screens. For the official press release dated from April 22, 2009 see: http://bigbrotherawards.eu.org/Ecrans-de-pub-interactifs-la-RATP-et.html.

  35. 35.

    Called Majority Report.

  36. 36.

    Commission nationale de l’informatique et des libertés (CNIL).

  37. 37.

    For its press release, see: http://www.cnil.fr/index.php?id=2538&tx_ttnews[backPid]=17&tx_ttnews[swords]=Recommandation%20de%20la%20CNIL&tx_ttnews[tt_news]=440&cHash=b9249cf46d

  38. 38.

    And as the actual determination of the age and gender of audience was not being operated in that particular case.

  39. 39.

    Closed-circuit television.

  40. 40.

    Named Quividi.

  41. 41.

    See: http://www.quividi.com/fr/message_targeting.html

  42. 42.

    See, notably: L. A. Bygrave, “Data Protection Law: Approaching Its Rationale, Logic and Limits” (The Hague: Kluwer Law International, 2002); Y. Poullet, “Pour une troisième génération de réglementations de protection des données” Jusletter, also available online at http://jusletter.weblaw.ch/article/de/_4213; and, in relation to profiling in particular, M. Hildebrandt and S. Gutwirth (2008b), op. cit.

  43. 43.

    Defined as “any information relating to an identified or identifiable natural person (‘data subject’)” in Directive 95/46/EC (Article 2(a)).

  44. 44.

    These observations are not meant to suggest that the current problems faced by personal data protection law are insurmountable. Many efforts have been deployed to refine and reinforce data protection law, and they should certainly be backed up.

  45. 45.

    For the moment, regulated mainly through self-regulation efforts. See, for instance: International Advertising Bureau (IAB), “Good Practice Principles for Online Behavioural Advertising” (2009); Federal Trade Commission, “FTC Report: Self-Regulatory Principles for Online Behavioral Advertising” (February 2009). Online behavioural advertising practices can also be instructive from the perspective of the regulation of unsolicited adjustments because of the innovative and sometimes subtle ways in which marketing practices sometimes take place, for instance by embedding product endorsements or blurring distinctions between advertising and editorial contents (The Public Voice, “Fuelling Creativity, Ensuring Consumer and Privacy Protection, Building Confidence and Benefiting from Convergence”, Civil Society Background Paper, (2008), 24).

  46. 46.

    Such as Article 15 of Directive 95/46/EC.

  47. 47.

    This approach would be fully consistent with Sunstein’s very important analysis of the possible negative impact on citizenship of excessive consumer choice (Cass R. Sunstein “Republic.com 2.0” (Princeton, PA: Princeton Univ. Press, 2007), 136). Unregulated unsolicited adjustments would not serve consumer choice, but could, on the contrary, tend to eradicate it by replacing it by the absolute impossibility of the choice for consumers, and the imposition on them of a certain vision of reality, predetermined by third parties. This imposition could have the same negative impact on citizenship as excessive consumer choice, or, possibly, even worse effects. Only by preserving the possibility for individuals to be released from these practices and confronted with the unexpected and the presumably unwanted can their ability to chose be ensured.

References

  • Alleweldt, F., F. Anna, and A. Merle. 2007. Consumer confidence in the digital environment. Briefing note, European Parliament, PE382.173.

    Google Scholar 

  • Article 29 Data Protection Working Party. 2004. Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC. WP 90. Brussels, 27 February.

    Google Scholar 

  • Asscher, L.F., and S.A. Hoogcarspel. 2006. Regulating spam: A European perspective after the adoption of the E-Privacy directive. The Hague: T.M.C. Asser Press.

    Google Scholar 

  • Bygrave, L.A. 2002. Data protection law: Approaching its rationale, logic and limits. The Hague: Kluwer Law International.

    Google Scholar 

  • Cavanillas Múgica, S. 2008. Dos derechos emergentes del consumidor: A no ser molestado y a una interacción informativa. Revista general de legislación y jurisprudencia 2: 175–93.

    Google Scholar 

  • De Hert, P., and S. Gutwirth. 2006. Privacy, data protection and law enforcement. Opacity of the individual and transparency of powe. In Privacy and the criminal law, eds. E. Claes, A. Duff, and S. Gutwirth, 60–104. Oxford: Intersentia.

    Google Scholar 

  • De Hert, P., and S. Gutwirth. 2009. European data protection’s constitutional project. Its problematic recognition in Strasbourg and Luxembourg. In Reinventing data protection? eds. S. Gutwirth, Y. Poullet, P. De Hert, and C. de Terwangne, 3–44. Dordrecht: Springer.

    Chapter  Google Scholar 

  • Federal Trade Commission. 2009. FTC report: Self-regulatory principles for online behavioral advertising. FTC, February.

    Google Scholar 

  • González Fuster, G., and S. Gutwirth. 2008. Privacy 2.0? Revue du droit des Technologies de l’Information, Doctrine, 32: 349–59.

    Google Scholar 

  • Gutwirth, Serge. 2002. Privacy and the information age. Lanham: Rowman & Littlefield Publ.

    Google Scholar 

  • Hildebrandt, M. 2008a. Profiling and the rule of law. Identity in Information Society (IDIS) 1 (1): 55–70.

    Article  Google Scholar 

  • Hildebrandt, M. 2008b. Profiling and the identity of the European citizen. In Profiling the European citizen: Cross-disciplinary perspectives, eds. M. Hildebrandt and S. Gutwirth, 303–43. Profiling the European Citizen: Cross-Disciplinary Perspectives New York: Springer.

    Google Scholar 

  • International Advertising Bureau (IAB). 2009. Good practice principles online behavioural advertising.

    Google Scholar 

  • Koops, B.J. 2006. Should ICT regulation be technology-neutral? In Starting points for ICT regulation. Deconstructing prevalent policy one-liners, eds. B.J. Koops, M. Lips, C. Prins, and M. Schellekens, 77–108. The Hague: T.M.C. Asser Press.

    Google Scholar 

  • Korff, D. 2004. The legal framework: an analysis of the “constitutional” European approach to issues of data protection and law enforcement. UK Information Commissioner Study Project: Privacy & Law Enforcement, Foundation for Information Policy Research (FIPR).

    Google Scholar 

  • Organisation for Economic Co-operation and Development (OECD). 2008. RFID radio frequency identification: OECD policy guidance: A focus on information security and privacy applications, impacts and country initiatives. Paper presented at the meeting of the OECD Ministeriel, Seoul (OECD Digital Economy Papers, No. 150).

    Google Scholar 

  • Poullet, Y. 2006. Les aspects juridiques des systèmes d’information. Lex Electronica 10 (3). Also available online at http://www.lex-electronica.org/articles/v10-3/poullet.htm.

    Google Scholar 

  • Rigaux, F. 1990. La protection de la vie privée et des autres biens de la personnalité. Brussels: Bruylant.

    Google Scholar 

  • Rouvroy, A., and Poullet, Y. 2009. The right to informational self-determination and the value of self-development: Reassessing the importance of privacy for democracy. In Reinventing data protection? eds. S. Gutwirth, Y. Poullet, P. De Hert, and C. de Terwangne, 45–76. Dordrecht: Springer.

    Chapter  Google Scholar 

  • Schoeman, F.D. ed. 1984. Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge Univ. Press.

    Book  Google Scholar 

  • Sunstein, Cass R. 2007. Republic.com 2.0. Princeton, PA: Princeton Univ. Press.

    Google Scholar 

  • The Public Voice. 2008. Civil society background Paper: Fuelling creativity, ensuring consumer and privacy protection, building confidence and benefiting from convergence. Paper presented at the meeting of the OECD Ministeriel, Seoul.

    Google Scholar 

  • Wright, D., S. Gutwirth, M. Friedewald, Y. Punie, and E. Vildjiounaite, eds. 2008. Safeguards in a world of ambient intelligence. Dordrecht: Springer Science.

    Book  Google Scholar 

  • Wright Mills, C. 1956, 2000. The power elite. New York: Oxford Univ. Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Research Group on Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel (VUB), Brussel, Belgium

    Gloria González Fuster

Authors
  1. Gloria González Fuster
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Serge Gutwirth
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul de Hert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gloria González Fuster .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society, (LSTS), Vrije Universiteit Brussels, Pleinlaan 2, Bruxelles, 1050, Belgium

    Serge Gutwirth

  2. Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium

    Yves Poullet

  3. Center for Law, Science, Technology, and Society Studies (LSTS), Vrije Universiteit Brussel, Pleinlaan 2, Brussels, 1050, Belgium

    Paul De Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

González Fuster, G., Gutwirth, S., Hert, P.d. (2010). From Unsolicited Communications to Unsolicited Adjustments. In: Gutwirth, S., Poullet, Y., De Hert, P. (eds) Data Protection in a Profiled World. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8865-9_6

Download citation

Publish with us

Policies and ethics

Search

Navigation