Only the practical application of laws specifies their meaning, since different interpretations always affect the content of legislation.
Sometimes differing court interpretations may also pressurise legislators to amend legislation. This has happened in EU law with regard to data protection issues: The age-old data protection directive had become hopelessly outdated, says Susanna Lindroos-Hovinheimo, professor of public law at the Faculty of Law of the University of Helsinki.
“Legislative projects in the EU are slow and political, and they are influenced by numerous interest groups in the background. When the EU failed to make a legislative change fast enough, the European Court of Justice stepped in to speed up the process,” says Lindroos-Hovinheimo.
The Court adopted interpretation practices that strengthened privacy and data protection in particular and the result was the strict Data Protection Act. The fast development of communications technology and, for example, the data leak incident that became known through Edward Snowden, contributed to this.
“First the European Court of Justice reacted and only subsequently did the EU General Data Protection Regulation come into force. Usually the members of parliament first enact acts and decrees, which the courts then apply.”
The professor does not feel that the European Court of Justice wanted to politically step on the toes of legislators.
“It was left with no other choice since the legislative process had stalled. All courts are subject to a duty to adjudicate.”
In data protection, justice is centred on the individual, but is human life like that?
Lindroos-Hovinheimo together with her research group is interested in the forms of privacy reflected by legal praxis. The project Reconfiguring Privacy – A Study of the Political Foundations of Privacy Regulation examines in particular what the value is that is protected in privacy.
The philosophical-ideological background to the protection of privacy is influenced by thinking originating as far back as the 18th century: Western and European legal philosophy is focused on human and fundamental rights and its background is liberalistic and emphasises individual freedom.
“However, the deeper you dig into the subject, the more fundamental the problems related to legal philosophy you encounter. These days lawyers have to, for example, determine what kinds of life, communication or togetherness are generally considered valuable and within which limits. Or, to what extent are we protectable purely as individuals and in which cases as members of a community,” Lindroos-Hovinheimo clarifies.
In legal praxis, interpretations vary greatly between different courts and in issues related to different branches of law.
“In data protection issues, EU legislation and case law have managed to develop technical means and tools to protect privacy, but the individualistic concept of humans in law underlying the protection is artificial,” says Lindroos-Hovinheimo.
She sees the problems we have with data protection as being caused by technical devices and platforms, which increase our ways of communicating, networking and sharing ourselves with others – that is to say, being less private.
“Consequently, the opportunity to be more connected and in new ways has paradoxically forced the courts and legislators to try to resolve how individuals should be protected.”
Individual rights trump economic interests in data protection
According to Lindroos-Hovinheimo, the General Data Protection Regulation of the EU, which came into force in 2018, was in practice drawn up to find a balance between fundamental rights and economic interests in EU law. The regulation has two explicit objectives: on the one hand, to protect people’s privacy in the field of data protection, and, on the other hand, to ensure free movement of data within the EU.
“It doesn’t take long to realise that these goals are in many cases contradictory. At the level of legal praxis, it is not possible for both of these goals to always be achieved simultaneously,” says Lindroos-Hovinheimo.
This contradiction vexes interpreters of the data protection regulation and leaves a great deal of room for interpretation when it comes to the application of the regulation. At the moment, individuals have the upper hand in the interpretations of the European Court of Justice.
“So far, the majority of cases have been adjudicated for the individual’s data protection against economic interests as well as authorities under public law.
“However, there are few legal precedents related to the collection of official information. For example, in issues related to national security, the EU member states have been given the most comprehensive executive powers with regard to data protection. These cases include the police and the defence forces,” says Lindroos-Hovinheimo.
EU protects its single market with tight data protection legislation
At the moment, data protection in the EU is at the highest level globally. The EU has the strictest rules and the possibility of fining those breaching data protection statutes.
The EU’s data protection legislation can be used to effectively oblige parties such as multinational technology companies or network platforms processing personal data to ensure the privacy and personal data protection of individuals in their user registers as well as to promote the smooth and safe use of the internet with mobile devices.
The most fines in matters related to data protection in the EU have been imposed on international or American corporations.
The reasons for the high profile of the EU in data protection matters can only be speculated on, according to Lindroos-Hovinheimo. She says that it is not just a case of altruistic safeguarding of the rights of citizens. Legal sociologists would do well to study this issue more.
“Of course, it is partly a question of economic conflict. The EU is an economic community, which tries to strengthen its foothold in global markets. In these markets, data is key, and, in particular, the fact that the EU’s single market in data transfer is strong and secured.”