Review of the Data Protection Directive: Is There Need (and Room) For a New Concept of Personal Data?

Chapter

Abstract

The entry into force of the Lisbon Treaty brought some changes to the EU legal framework and some of them have a direct impact on data protection. In this new scenario, the movements requiring the review of the Data Protection Directive gained a new boost.

For the discussion of a possible review of the Directive, the analysis of the concept of personal data is fundamental, because the EU data protection framework has this concept as one of its foundations, since data which are not related to an identified or identifiable person do not fall within the scope of the Data Protection legislation.

Taking into account this scenario, this chapter initially analyses the concept of personal data as provided for by Directive 95/46 and the views of the Article 29 Working Party and of the European Data Protection Supervisor regarding the concepts of personal data and anonymous data. Then, it concentrates on the experiences of France, Italy and UK, seeking to identify the differences in the concept of personal data in these member states. After carrying out these analyses, the chapter proposes some changes on the concept of personal data which could be incorporated in the review of the General Data Protection Directive.

References

  1. Article 29 Working Party. 2007. Opinion 4/2007 on the concept of personal data. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf. Accessed 2 Jan 2011.Google Scholar
  2. Article 29 Working Party. 2008. Opinion 1/2008 on data protection issues related to search engines. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf. Accessed 2 Jan 2011.Google Scholar
  3. Bensoussan, Alain. 2008. Informatiques et libertes. Paris: Éditions Francis Lefebvre.Google Scholar
  4. Bianca, Cesare Massimo, Francesco Donato Busnelli. 2007. La Protezione dei Dati Personali. Tomo II. Milano: CEDAM.Google Scholar
  5. Bygrave, Lee A., and Dag Wiese Schartum. 2009. Consent, proportionality and collective power. In Reinventing data protection? ed. Serge Gutwirth et al, 157–174. Springer.Google Scholar
  6. Buttarelli, Giovanni. 2009. Speaking points of the Assistant European Data Protection Supervisor on the Council Working Group on e-Justice and interconnection of insolvency registers. http://www.edps.europa.eu/EDPSWEB/webdav/shared/Documents/EDPS/Publications/Speeches/2009/09-07-15_eJustice_insolvency_EN.pdf. Accessed 4 Jan 2011.Google Scholar
  7. Carey, Peter. 2000. Data protection in the UK. London: Blackstone Press.Google Scholar
  8. Carey, Peter. 2004. Data protection: A practical guide to UK and EU law. 2nd ed. Oxford: Oxford University Press.Google Scholar
  9. Clayton, Richard. 2008. The Phorm ‘Webwise’ system, http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf. Accessed 7 Nov 2010.Google Scholar
  10. Committee of Ministers of the Council of Europe. 1997. Recommendation No. R (97) 5E on the Protection of Medical Data. https://wcd.coe.int/wcd/com.instranet.InstraServlet?command=com.instranet.CmdBlobGet&InstranetImage=564487&SecMode=1&DocId=560582&Usage=2. Accessed 4 Jan 2011.Google Scholar
  11. De Hert, Paul and Gutwirth, Serge. 2009. Data protection in the case law of Strasbourg and Luxemburg: Constitutionalisation in action. In Reinventing data protection?, ed. Serge Gutwirth et al., 3–44. Springer.Google Scholar
  12. Doneda, Danilo and Viola deAzevedo Cunha, Mario. 2010. Data protection as a trade resource in Mercosur in The Law of Mercosur, ed. Marcílio Toscano Franca Filho et al., 365–386. Oxford: Hart.Google Scholar
  13. England and Wales Court of Appeal. 2003. Durant case. http://www.hmcourts-service.gov.uk/judgmentsfiles/j2136/durant-v-fsa.htm. Accessed 5 Dec 2010.Google Scholar
  14. European Commission. 2010. Draft Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions [COM(2010) 609 final]. http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf. Accessed 3 Jan 2011.Google Scholar
  15. European Court of Human Rights. 2002. Société Colas Est v. France case. Application n 37971/97. http://cmiskp.echr.coe.int/tkp197/view.asp?item=1&portal=hbkm&action=html&highlight=37971/97&sessionid=64275468&skin=hudoc-en. Accessed 4 Jan 2011.Google Scholar
  16. European Court of Justice. 2003. Lindqvist case (C-101). http://curia.europa.eu/jurisp/cgi-bin/gettext.pl?lang=en&num=79968893C19010101&doc=T&ouvert=T&seance=ARRET. Accessed 5 Jan 2011.Google Scholar
  17. European Data Protection Supervisor. 2008. Opinion of 20 May 2008 on the proposal for a Regulation of the European Parliament and of the Council on European Statistics (COM(2007) 625 final). http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2008/08-05-20_Statistics_EN.pdf. Accessed 25 Jan 2010.Google Scholar
  18. European Data Protection Supervisor. 2007. Opinion of 5 September 2007 on the proposal for a Regulation of the European Parliament and of the Council on Community statistics on public health and health and safety at work (COM(2007) 46 final). http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2007/07-09-05_Statistics_health_data_EN.pdf. Accessed 4 Jan 2011.Google Scholar
  19. European Data Protection Supervisor. 2011. Opinion of 18 January 2011 on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions—“A comprehensive approach on personal data protection in the European Union”. http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2011/11-01-14_Personal_Data_Protection_EN.pdf. Accessed 9 Jan 2011.Google Scholar
  20. European Parliament. 2010. SWIFT: MEPs to Vote on Backing or Sacking EU/US Data Sharing Deal, http://www.europarl.europa.eu/news/public/story_page/019-68537-039-02-07-902-20100205STO68536-2010-08-02-2010/default_en.htm. Accessed 19 Feb 2010.Google Scholar
  21. French Act. 1978. n 78–17 on data processing, data files and individual liberties, http://www.cnil.fr/fileadmin/documents/en/Act78–17VA.pdf. Accessed 1 Aug 2011.Google Scholar
  22. Garante per la protezione dei dati personali, Relazione. 2004. L’attuazione del Codice nel quadro della Costituzione per l’Europa. http://www.garanteprivacy.it/garante/document?ID=1093820. Accessed 15 Dec 2010.Google Scholar
  23. Garante per la protezione dei dati personali Provvedimento del 25 luglio. 2007. http://www.garanteprivacy.it/garante/doc.jsp?ID=1434791. Accessed 22 Dec 2010.Google Scholar
  24. Gediel, José Antônio Peres and Corrêa, Adriana Espíndola. 2008. Proteção jurídica de dados pessoais: A intimidade sitiada entre o Estado e o Mercado. Revista da Faculdade de Direito—UFPR 47: 141–153.Google Scholar
  25. Information Commissioner’s Office. 2001. Data Protection Act 1998. Legal guidance, http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/data_protection_act_legal_guidance.pdf. Accessed 4 Jan 2011.Google Scholar
  26. Information Commissioner’s Office. 2007. Data protection technical guidance determining what is personal data. http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/personal_data_flowchart_v1_with_preface001.pdf. Accessed 5 Dec 2010.Google Scholar
  27. Information Commissioner’s Office. 2008. What is personal data?—A quick reference guide. http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/160408_v1.0_determining_what_is_personal_data_-_quick_reference_guide.pdf. Accessed 5 Dec 2010.Google Scholar
  28. Information Commissioner’s Office. 2009. The guide to data protection. http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/the_guide_to_data_protection.pdf. Accessed 4 Jan 2011.Google Scholar
  29. Kuner, Christopher. 2003. European data protection law and online business. Oxford: Oxford University Press.Google Scholar
  30. Kuner, Christopher. 2007. European data protection law—corporate compliance and regulation. Oxford: Oxford University Press.Google Scholar
  31. Lacoste, Jean-Marc. 2008. Pour une pleine et entière reconnaissance du droit à la protection des données à caractère personnel. Dissertation, Université deToulouse.Google Scholar
  32. Laffaire, Marie-Laure. 2005. Protection des données à caractere personnel. Paris: Éditions d’organisation.Google Scholar
  33. Mallet-Poujol, Nathalie. 2006. Protection de la vie privée et des données personnelles (Unofficial translation by the author). Legamedia, Février 2006, http://www.educnet.education.fr/chrgt/guideViePrivee.pdf. Accessed 1 Aug 2011.Google Scholar
  34. Murray, Thomas H. 1997. Genetic exceptionalism and ‘Future diaries’: Is genetic information different from other medical information? In genetic secrets: Protecting privacy and confidentiality in the genetic era, ed. Mark A. Rothstein, 60–76. New Heaven: Yale University Press.Google Scholar
  35. Nouwt, Sjaak. 2009. Towards a common European approach to data protection: A critical analysis of data protection perspectives of the Council of Europe and the European Union. In Reinventing data protection?, ed. Serge Gutwirth et al., 275–292. Springer.Google Scholar
  36. Nugter, A. C. M. 1990. Transborder flow of personal data within the EC: A comparative analysis of the privacy statutes of the Federal Republic of Germany, France, the United Kingdom and the Netherlands and their impact on the private sector. Deventer: Kluwer Law and Taxation.Google Scholar
  37. Ohm, Paul. 2009. Broken promises of privacy: Responding to the surprising failure of anonymization. University of Colorado Law School Legal Studies Research Paper No. 09–12, http://ssrn.com/abstract=1450006. Accessed 7 Nov 2010.Google Scholar
  38. Reding, Viviane. 2011. The upcoming data protection reform for the European Union. International Data Privacy Law 1 (1): 3–5.CrossRefGoogle Scholar
  39. Sarmento e Castro, Catarina. 2005. Direito da informática, privacidade e dados pessoais. Coimbra: Almedina.Google Scholar
  40. Sweeney, Latanya. 2000. Foundations of Privacy Protection from a Computer Science Perspective, http://dataprivacylab.org/projects/disclosurecontrol/paper1.pdf. Accessed 22 Feb 2011.Google Scholar
  41. Tribunale di Roma, Sent. 2000. http://www.ictlex.net/?p=784. Accessed 1 Aug 2011.Google Scholar
  42. Viola de Azevedo Cunha, Mario et al. 2010. La re-identificazione dei dati anonimi e il trattamento dei dati personali per ulteriori finalità: sfide alla privacy. Ciberspazio e Diritto 11 (4): 641–658.Google Scholar
  43. Walden, Ian. 2002. Anonymising personal data. International Journal of Law and Information Technology 10 (2): 224–237.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media B.V. 2012

Authors and Affiliations

  1. 1.European University InstituteFirenzeItaly

Personalised recommendations