Some History Start of data protection (DP) Sixties in USA (establishment of a national centre for electronic data processing including personal data) Criticism based on “right to privacy” (1890, Warren & Brandeis) demand for legal protection Privacy Act 1974 Discussions also in Europe, between 1970 and 1980 data protection laws in Germany and Austria Landmark: “Census judgement” of the German Constitutional Court “Right on informational self-determination” (right to dispose on own data)
Contemporary data protection law Focussing on Official registration of data processing by private companies Data collection and use by authorities bound on concrete legal aims and the principle of proportionality Right to be informed and to give “informed consent” Right to rectification of irregular data Right to delete unlawfully processed data Effective remedies against violations of the right to data protection by authorities and private companies European standards (EU, CoE) Case-law of the ECtHR and the CJEU binding national legislation and practise
Facing changes Economic and technical globalisation is speeding up, but not legal globalisation, lack of comparable legal standards (example: EU and USA) Rapid development of new IT technologies With unknown threats and dominance of elite of experts Swift from privacy to more publicity Liberal idea of privacy v. democratic idea of transparency “Prevention state” (terrorism and organised crime) Privatisation of state services of general interest But: Change is also a chance Modern means of communication improving organisation and participation of people (Tunesia, Egypt)
Reasons for increased data processing Comprehensible reasons: Fight against terrorism and organised crime (prevention) More complex and globalised world – need of and demand for better organised life and services Intensified marketing and professional networking New kinds of social interaction and political participation Apprehensive reasons: Hunting for and collecting of data for undefined or hidden purposes in the public and private sectors Grotesque demand for a more of security (prevention) Fig leave for better control and surveillance of society – to be in power over people?
Where do we leave tracks on personal data, inter alia? Paying in shops with debit, credit or customer cards Shopping online, as Amazon, eBay & Co. Transferring money or setting up a custody account Filling in a tax forms Monitored in the public by cameras and drones Outing in Blogs, You tube, Twitter and Facebook Using preferred websites in Google & Co Using GPS in cars, boats, walking Making phone/mobile calls or sending e-mails Flying across the Atlantic (PNR, “ethnic profiling”) Using health insurance cards Leaving DNA samples or traces A huge amount of personal data of each of us
Questions One may wonder about excessive reactions against collection and use of personal data Nothing to hide – nothing to fear? Isn’t it the modern way of life? Wouldn’t it be an advantage if anybody knows anything about anybody? Wouldn’t it make the world better? (Marc Zuckerberg, Facebook) Is that true? Can we be sure that our data are not misused? Do we know where and how data are stored and passed on? Who get them, who are using them for which aim? Are our data controlled properly by independent institutions in the public as well as in the private sector? Can we trust internal data protection systems?
Facing threats Influence on various civil liberties Based on a comprehensive knowledge of each of us Often not realised at once – illegal use of data doesn’t hurt Tremendous amount collected by enterprises Indoctrination possible by targeted advertisement, knowledge about personal behaviour of people Greediness of authorities to get personal data New strategies and programmes to achieve more internal security Threat of total surveillance of people “Digitally affected human” instead of free self-determination Contra: EU data protection reform strategy
What can be done? Strengthening of data protection authorities Mandates to act ex officio and randomly Higher financial means and more personnel Highest technical expertise of offices (inspectors) Harmonisation of national laws (worldwide) “Necessity-test” for data processing and “data protection-check” of legislation (also EU law) Improvement of technical safeguards of data “Separation of power over data” doctrin More self-reliance and sensitivity in dealing with personal data (Facebook etc) CSR of companies & Awareness raising
Thank you for your attention! PPT available at: http://bim.lbg.ac.at