Data protection: New forms of community have led to stricter protection of privacy

The legal system balances between fundamental rights and other interests in data protection issues. The strict data protection regulations of the EU are not just a case of altruistically safeguarding the rights of citizens; in the background there is also the Union’s attempt to consolidate its competitive status in the global data market, says Professor Susanna Lindroos-Hovinheimo.

Only the practical application of laws specifies their meaning, since different interpretations always affect the content of legislation.

Sometimes differing court interpretations may also pressurise legislators to amend legislation. This has happened in EU law with regard to data protection issues: The age-old data protection directive had become hopelessly outdated, says Susanna Lindroos-Hovinheimo, professor of public law at the Faculty of Law of the University of Helsinki.

“Legislative projects in the EU are slow and political, and they are influenced by numerous interest groups in the background. When the EU failed to make a legislative change fast enough, the European Court of Justice stepped in to speed up the process,” says Lindroos-Hovinheimo.

The Court adopted interpretation practices that strengthened privacy and data protection in particular and the result was the strict Data Protection Act. The fast development of communications technology and, for example, the data leak incident that became known through Edward Snowden, contributed to this.

“First the European Court of Justice reacted and only subsequently did the EU General Data Protection Regulation come into force. Usually the members of parliament first enact acts and decrees, which the courts then apply.”

The professor does not feel that the European Court of Justice wanted to politically step on the toes of legislators.

“It was left with no other choice since the legislative process had stalled. All courts are subject to a duty to adjudicate.”

In data protection, justice is centred on the individual, but is human life like that?

Lindroos-Hovinheimo together with her research group is interested in the forms of privacy reflected by legal praxis. The project Reconfiguring Privacy – A Study of the Political Foundations of Privacy Regulation examines in particular what the value is that is protected in privacy.

The philosophical-ideological background to the protection of privacy is influenced by thinking originating as far back as the 18th century: Western and European legal philosophy is focused on human and fundamental rights and its background is liberalistic and emphasises individual freedom.

“However, the deeper you dig into the subject, the more fundamental the problems related to legal philosophy you encounter. These days lawyers have to, for example, determine what kinds of life, communication or togetherness are generally considered valuable and within which limits. Or, to what extent are we protectable purely as individuals and in which cases as members of a community,” Lindroos-Hovinheimo clarifies.

In legal praxis, interpretations vary greatly between different courts and in issues related to different branches of law.

“In data protection issues, EU legislation and case law have managed to develop technical means and tools to protect privacy, but the individualistic concept of humans in law underlying the protection is artificial,” says Lindroos-Hovinheimo.

She sees the problems we have with data protection as being caused by technical devices and platforms, which increase our ways of communicating, networking and sharing ourselves with others – that is to say, being less private.

“Consequently, the opportunity to be more connected and in new ways has paradoxically forced the courts and legislators to try to resolve how individuals should be protected.”

Individual rights trump economic interests in data protection

According to Lindroos-Hovinheimo, the General Data Protection Regulation of the EU, which came into force in 2018, was in practice drawn up to find a balance between fundamental rights and economic interests in EU law. The regulation has two explicit objectives: on the one hand, to protect people’s privacy in the field of data protection, and, on the other hand, to ensure free movement of data within the EU.

“It doesn’t take long to realise that these goals are in many cases contradictory. At the level of legal praxis, it is not possible for both of these goals to always be achieved simultaneously,” says Lindroos-Hovinheimo.

This contradiction vexes interpreters of the data protection regulation and leaves a great deal of room for interpretation when it comes to the application of the regulation. At the moment, individuals have the upper hand in the interpretations of the European Court of Justice.

“So far, the majority of cases have been adjudicated for the individual’s data protection against economic interests as well as authorities under public law.

“However, there are few legal precedents related to the collection of official information. For example, in issues related to national security, the EU member states have been given the most comprehensive executive powers with regard to data protection. These cases include the police and the defence forces,” says Lindroos-Hovinheimo.

EU protects its single market with tight data protection legislation

At the moment, data protection in the EU is at the highest level globally. The EU has the strictest rules and the possibility of fining those breaching data protection statutes.

The EU’s data protection legislation can be used to effectively oblige parties such as multinational technology companies or network platforms processing personal data to ensure the privacy and personal data protection of individuals in their user registers as well as to promote the smooth and safe use of the internet with mobile devices.

The most fines in matters related to data protection in the EU have been imposed on international or American corporations.

The reasons for the high profile of the EU in data protection matters can only be speculated on, according to Lindroos-Hovinheimo. She says that it is not just a case of altruistic safeguarding of the rights of citizens. Legal sociologists would do well to study this issue more.

“Of course, it is partly a question of economic conflict. The EU is an economic community, which tries to strengthen its foothold in global markets. In these markets, data is key, and, in particular, the fact that the EU’s single market in data transfer is strong and secured.”

Justice and moderation in the protection of privacy

Over the last decade, the prevalence of privacy protection in the EU has grown enormously. The General Data Protection Regulation of the EU was passed by the decisions of the European Parliament and the Council of Europe in spring 2016. In May 2018, all EU member states adopted the new data protection regulation, which considerably strengthened the protection of privacy.

Lindroos-Hovinheimo considers the General Data Protection Regulation of the EU a useful tool for ordinary citizens.

“People often wonder what information has been collected on them. Now various organisations are obliged to draw up a written description of how they process personal data. In addition, citizens have the right to rectify any erroneous information on them found in registers.”

The professor reminds us that data protection is not merely a question of privacy. The protection of privacy will also secure the preconditions of living and functioning in a democratic society. Data collected in various registers has indirect significance, for example, in an individual’s possibilities for getting a loan or matters related to healthcare.

However, when it comes to demands unreasonably interpreting protection of privacy, Lindroos-Hovinheimo asks people to calm down.

“It must be remembered that privacy is not an absolute right. As long as you live as a member of society, complete privacy is an impossibility.”