Skip to main content
SpringerLink
Log in

Evolution or Revolution? Steps Forward to a New Generation of Data Protection Regulation

  • Chapter
  • First Online:
Reforming European Data Protection Law

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 20))

Abstract

The birth of data protection regulation in Europe was directly linked to technological developments – mainly to the impressive IT developments of the 70s and their application in public administration. This development has challenged data protection law on every single day ever since. Now, the European data protection law is under revision. One of the most important purposes of the reform is to react to the latest technological developments and to the related social changes once again. The indicated changes are much more than the fine-tuning of the legislation: a new theoretical approach is delineating. The core element of this approach is effectively protecting the individuals’ privacy even if their privacy awareness is low, and even if they do not take steps in order to be protected (“invisible protection”). In this paper the key elements of this new generation of personal data protection regulation are shown. Although some aspects of the Proposal for a Regulation will be highlighted in order to underlay our thesis, a complete and detailed analysis of the Proposal cannot be presented within this paper.

This work was partially supported by the European Union and the European Social Fund through “Jól-lét az információs társadalomban” project (grant no.: TAMOP-4.2.2.C-11/1/KONV-2012-0005).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In addition, the very first publication of the right to privacy written by Warren and Brandeis in 1890 was also motivated by the new technology of a camera, which made it possible to take instantaneous photographs. See Samuel D. Warren and Louis D. Brandeis, “The Right to Privacy”, Harvard Law Review 4 (1890): 195, accessed October 2, 2013, http://heinonline.org/HOL/Page?collection=journals&handle=hein.journals/hlr4&id=205&terms=photograph#207.

  2. 2.

    Viviane Reding, “The upcoming data protection reform for the European Union,” International Data Privacy Law 1 (2011): 3, accessed September 12, 2013, doi: 10.1093/idpl/ipq007.

  3. 3.

    See e.g. Viktor Mayer-Schönberger, “Generational Development of Data Protection in Europe,” in Technology and Privacy: The New Landscape, ed., Philip E. Agre, Marc Rotenberg (Cambridge, London: MIT Press, 1998), 219–241., and Jóri András, Adatvédelmi kézikönyv (Budapest: Osiris, 2005), 22–23.

  4. 4.

    See e.g. Omer Tene, “Privacy: The new generations,” International Data Privacy Law 1 (2011): 25–27, accessed September 12, 2013, doi: 10.1093/idpl/ipq003. and Yves Poullet, “About the E-Privacy Directive: Towards a Third Generation of Data Protection Legislation?” in Data Protection in a Profiled World ed. Serge Gutwirth, Yves Poullet and Paul De Hert (Springer, 2010), 3–30. A quite different approach is shown by Burkert, see Herbert Burkert, “Towards a New Generation of Data Protection Legislation,” in Reinventing Data Protection?, ed. Serge Gutwirth et al. (Springer, 2010), 335–342.

  5. 5.

    European Commission, “Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data,” COM(2012) 11 final, hereinafter “Commission’s Proposal”.

  6. 6.

    European Parliament, “European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” (COM(2012)0011–C7-0025/2012–2012/0011(COD)), accessed June 30, 2014, http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0212 hereinafter “Proposal”, or “Parliament’s Proposal”. The European Parliament adopted the text as it was proposed by the Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee, Rapporteur: Jan Philipp Albrecht).

  7. 7.

    Although some features of the Proposal for a Regulation will be highlighted in order to support our thesis, the scope of this paper does not cover a complete and detailed analysis of the Proposal.

  8. 8.

    Spiros Simitis, The Hessian Data Protection Act (Wiesbaden: The Hessian Data Protection Commissioner, 1987), 5.

  9. 9.

    Herbert Burkert, “Privacy – Data Protection. A German/European Perspective,” in Governance of Global Networks in the Light of Differing Local Values, ed. Christoph Engel and Kenneth H. Keller (Baden-Baden: Nomos, 2000), 48–50. accessed October 10, 2013, http://www.coll.mpg.de/sites/www.coll.mpg.de/files/text/burkert.pdf.

  10. 10.

    Jóri András, Adatvédelmi kézikönyv, 24–25.

  11. 11.

    Robert Hassan, The Information Society (Cambridge: Polity Press, 2008), 3.

  12. 12.

    Joseph Turow and Nora Draper, “Advertising’s new surveillance ecosystem,” in Routledge Handbook of Surveillance Studies, ed. Kirstie Ball, Kevin D. Haggerty and David Lyon (London: Routledge), 134–135.

  13. 13.

    For a summary on Information Society issues in the EU please consult: “Information society,” accessed October 10, 2013, http://europa.eu/legislation_summaries/information_society/index_en.htm.

  14. 14.

    Some international incidents concerning international data transfers in Europe also clearly showed the necessity for international/European regulation. See Burkert, “Privacy – Data Protection” 51. 53.

  15. 15.

    See in detail Burkert, “Privacy – Data Protection,” 51–53.

  16. 16.

    Antoinette Rouvroy and Yves Poullet, “The Right to Informational Self-Determination and the Value of Self-Deployment: Reassessing the Importance of Privacy for Democracy,” in Reinventing Data Protection?, ed. Serge Gutwirth et al. (Springer, 2010), 45.

  17. 17.

    Burkert, “Privacy – Data Protection” 54.

  18. 18.

    Burkert, “Privacy – Data Protection” 53–56.

  19. 19.

    And it has had a significant effect on the Hungarian development of data protection law. Jóri András, Adatvédelmi kézikönyv, 27.

  20. 20.

    Article 29 Data Protection Working Party, “Opinion 15/2011 on the definition of consent,” 8. accessed September 22, 2013, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf.

  21. 21.

    Article 29 Data Protection Working Party “Opinion 15/2011 on the definition of consent,” 5–6.

  22. 22.

    Tene, “Privacy: The new generations,” 15, 21.

  23. 23.

    Although it is not true that youth does not care about privacy. Empirical research shows the contrary. See Tene, “Privacy: The new generations,” 23.

  24. 24.

    Brendan Van Alsenoy, Joris Ballet, Aleksandra Kuczerawy and Jos Dumortier, “Social networks and web 2.0: are users also bound by data protection regulations?” Identity in the Information Society 1 (2009): 70, accessed October 4, 2013, doi: 10.1007/s12394-009-0017-3.

  25. 25.

    Neil Robinson, Hans Graux, Maarten Botterman and Lorenzo Valeri, Review of the European Data Protection Directive, (RAND Europe), 16–17. accessed February 12, 2014, http://www.rand.org/content/dam/rand/pubs/technical_reports/2009/RAND_TR710.pdf.

  26. 26.

    Tene, “Privacy: The new generations,” 16–20.

  27. 27.

    About the variety of applications of profiling see Mireille Hildebrandt and Serge Gutwirth, ed., Profiling the European Citizen. Cross Disciplinary Perspectives, (Springer, 2010).

  28. 28.

    Among many others, see: Robinson, Graux, Botterman and Valeri, Review of the European Data Protection Directive, 38–39., Tene, “Privacy: The new generations,” 25–27., Reding, “The upcoming data protection reform for the European Union,”.

  29. 29.

    Noellie Brockdorff and Sandra Appleby-Arnold, “What Consumers think” (paper presented at Online Privacy: Consenting to your Future International Conference, Malta, March 20–21, 2013): 9–10, accessed January 28, 2014, http://consent.law.muni.cz/storage/1365167549_sb_consentonlineprivacyconferencemarch2013-consentprojectresultswhatconsumersthink.pdf. See further results of the CONSENT project at http://consent.law.muni.cz.

  30. 30.

    Miriam J. Metzger, “Effects of Site, Vendor, and Consumer Characteristics on Web Site Trust and Disclosure,” Communication Research 33 (2006): 168, accessed February 12, 2014, http://netko.informatika.uni-mb.si/mcnet/upload/attachments/marko_ivan/E-business.pdf.

  31. 31.

    Brockdorff and Appleby-Arnold, “What Consumers think”, 12.

  32. 32.

    Bart Custers, et al., “Informed Consent in Social Media Use – The Gap between User Expectations and EU Personal Data Protection Law” SCRIPTed 10 (2013): 442, accessed February 12, 2014, http://script-ed.org/wp-content/uploads/2013/12/custers_et_al.pdf and Kristina Irion and Giacomo Luchetta, “Online personal data processing and EU data protection reform” (Brussels: Centre for European Policy Studies, 2013), 39, accessed October 16, 2013, http://www.ceps.eu/book/online-personal-data-processing-and-eu-data-protection-reform.

  33. 33.

    Brockdorff and Appleby-Arnold, “What Consumers think”, 17–18.

  34. 34.

    “Special Eurobarometer 359. Attitudes on Data Protection and Electronic Identity in the European Union,” 2011, 112, accessed 17 October, 2013. http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf.

  35. 35.

    “Special Eurobarometer 359”, 115.

  36. 36.

    The Boston Consulting Group, The Value of Our Digital Identity (Liberty Global Policy Series, 2012), 13, accessed February 12, 2014, http://www.libertyglobal.com/PDF/public-policy/The-Value-of-Our-Digital-Identity.pdf.

  37. 37.

    The Boston Consulting Group, The Value of Our Digital Identity, 15.

  38. 38.

    Brockdorff and Appleby-Arnold, “What Consumers think”, 28–29.

  39. 39.

    Judith Rauhofer, “One Step Forward, Two Steps Back? Critical observations on the proposed reform of the EU data protection framework,” Journal of Law and Economic Regulation, 1 (2013): 62.

  40. 40.

    This does not mean, in our view, that the rights of the data subjects and/or the regulation of consent should be weakened, indeed, they should be kept, and detailed provisions concerning the realization of current rights would be useful, although it is unlikely that strengthening these rights would significantly increase the actual level of privacy protection.

  41. 41.

    A similar approach is followed in many other sectors, e.g. food or any other product safety regimes.

  42. 42.

    About the possible comparison parallel between future data protection rules and consumer protection rules, see also Rauhofer, “One Step Forward, Two Steps Back?” 84.

  43. 43.

    Article 29 Data Protection Working Party, “Opinion 3/2010 on the principle of accountability,” accessed February 22, 2014, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp173_en.pdf.

  44. 44.

    Article 29 Data Protection Working Party, “Opinion 3/2010 on the principle of accountability,” 10.

  45. 45.

    European Commission, “Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions. A comprehensive approach on personal data protection in the European Union,” COM (2010) 609 final, point 2.2.4.

  46. 46.

    Article 29 Data Protection Working Party, “Opinion 3/2010 on the principle of accountability,” 11–12., European Commission, “Communication on a comprehensive approach on personal data protection in the European Union,” point 2.2.4.

  47. 47.

    For further analysis regarding the obligations imposed on data controllers see also: Szőke Gergely László, “Self regulation, audit and certification schemes in the field of data protection,” in Privacy in the Workplace. Data Protection Law and Self-Regulation in Germany and Hungary, ed. Szőke Gergely László (Budapest: HVG-ORAC, 2012). 289–292.

  48. 48.

    Proposal for a Data Protection Regulation, Article 22, 1-1a.

  49. 49.

    Proposal for a Data Protection Regulation, Article 22, 3.

  50. 50.

    Proposal for a Data Protection Regulation, Article 28, 1–2.

  51. 51.

    Committee on Civil Liberties, Justice and Home Affairs (Rapporteur: Jan Philipp Albrech), Draft Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (COM(2012)0011–C7-0025/2012–2012/0011(COD)), accessed October 2, 2013 http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf, p. 86.

  52. 52.

    Proposal for a Data Protection Regulation, Article 13a.

  53. 53.

    Proposal for a Data Protection Regulation, Article 30.

  54. 54.

    Proposal for a Data Protection Regulation, Article 32a.

  55. 55.

    Proposal for a Data Protection Regulation, Article 32a, 3. (c), Article 33a.

  56. 56.

    “Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”. Commission’s Proposal for a Data Protection Regulation, Article 4, 9.

  57. 57.

    Domokos Márton, “Az EU új adatvédelmi szabályozásának várható következményei a gyakorlatban,” Infokommunikáció és jog, 2 (2013): 58.

  58. 58.

    Article 29 Data Protection Working Party, “Opinion 3/2010 on the principle of accountability,” 13.

  59. 59.

    Proposal for a Data Protection Regulation, Article 32a, 2.

  60. 60.

    Proposal for a Data Protection Regulation, Article 32a, 3. (b), (c).

  61. 61.

    Ira S. Rubinstein, “Regulating Privacy by Design.” Berkeley Technology Law Journal 26 (2012):1411.

  62. 62.

    Irion and Luchetta, “Online personal data processing and EU data protection reform”, 39.

  63. 63.

    Rubinstein, “Regulating Privacy by Design.”, 1411.

  64. 64.

    Simon Davies, “Why Privacy by Design is the next crucial step for privacy protection,” 2010, 1, accessed October 16, 2013, http://www.i-comp.org/blog/wp-content/uploads/2010/12/privacy-by-design.pdf.

  65. 65.

    Rubinstein, “Regulating Privacy by Design.”,1412.

  66. 66.

    Ann Cavoukian, “Privacy by Design, The 7 Foundational Principles,” 2011 accessed October 16, 2013, http://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf.

  67. 67.

    Martin Rost and Kirsten Bock, “Privacy by Design and the New Protection Goals,” 2011, 1, accessed October 16, 2013, https://www.european-privacy-seal.eu/results/articles/BockRost-PbD-DPG-en.pdf.

  68. 68.

    Davies, “Why Privacy by Design is the next crucial step for privacy protection”.

  69. 69.

    Christopher T. Marsden, “Beyond Europe: The Internet, Regulation, and Multistakeholder Governance – Representing the Consumer Interest?” Journal of Consumer Policy, 31, (2008): 124.

  70. 70.

    Dag Slettemeås, “RFID – the “Next Step” in Consumer – Product Relations or Orwellian Nightmare? Challenges for Research and Policy,” Journal of Consumer Policy, 32, (2009): 238.

  71. 71.

    Act on the Protection of Personal Data Used in Teleservices (Gesetz über den Datenschutz bei Telediensten), Federal Law Gazette (Bundesgesetzblatt) 1997 I 1871. 3§ (4).

  72. 72.

    Jan Paul Kolter, User-Centric Privacy. A Usable and Provider-Independent Privacy Infrastructure (Lohmar-Köln: JOSEF EUL VERLAG, 2010), 2.

  73. 73.

    Irion and Luchetta, “Online personal data processing and EU data protection reform”, 63.

  74. 74.

    Hielke Hijmans, “Recent developments in data protection at European Union level,” 2010, 222, accessed October 16, 2013, http://link.springer.com/content/pdf/10.1007%2Fs12027-010-0166-8.pdf.

  75. 75.

    Rubinstein, “Regulating Privacy by Design.”,1410–1412.

  76. 76.

    Proposal for a Data Protection Regulation, Article 30, 3.

  77. 77.

    European Union Agency for Fundamental Rights, Data Protection in the European Union: the role of National Data Protection Authorities. Strengthening the fundamental rights architecture in the EU II (Luxembourg: Publications Office of the European Union, 2010), 34.

  78. 78.

    “Data protection enforcement in UK, France and Germany explained” accessed 17 October, 2013. http://www.out-law.com/en/articles/2013/july/data-protection-enforcement-in-uk-france-and-germany-explained/.

  79. 79.

    Neil Robinson et al. Review of the European Data Protection Directive, 2009, 36, accessed 17 October, 2013. http://www.ico.org.uk/upload/documents/library/data_protection/detailed_specialist_guides/review_of_eu_dp_directive.pdf.

  80. 80.

    KANTOR Management Consultants S.A. et al., Evaluation of the Means used by National Data Protection Supervisory Authorities in the promotion of personal Data Protection. Final Report, 2007, 16, accessed October 17, 2013, http://ec.europa.eu/justice/policies/privacy/docs/studies/final_report_kantor_management_consultants.pdf.

  81. 81.

    “Special Eurobarometer 359”, 174.

  82. 82.

    “Special Eurobarometer 359”, 184.

  83. 83.

    The Economist Intelligence Unit, “Privacy Uncovered. Can private life exist in the digital age?,” 2013, 23, accessed October 17, 2013. http://www.managementthinking.eiu.com/sites/default/files/downloads/Privacy%20uncovered_0.pdf.

  84. 84.

    Neil Robinson et al. Review of the European Data Protection Directive, 2009, 35, accessed 17 October, 2013. http://www.ico.org.uk/upload/documents/library/data_protection/detailed_specialist_guides/review_of_eu_dp_directive.pdf.

  85. 85.

    Thomas M. Lenard and Paul H. Rubin, “In defense of data: Information and the costs of privacy”, 2009, 6, accessed January 28, 2014, http://www.techpolicyinstitute.org/files/in%20defense%20of%20data.pdf.

  86. 86.

    Proposal for a Data Protection Regulation, Article 55–58.

  87. 87.

    Proposal for a Data Protection Regulation, Article 52, 2–4.

  88. 88.

    Proposal for a Data Protection Regulation, Article 38, 1–3.

  89. 89.

    Proposal for a Data Protection Regulation, Article 39, 1a–1g.

  90. 90.

    The European Commission’s Proposal for a Data Protection Regulation, Article 39, 1.

Bibliography

Download references

Author information

Authors and Affiliations

  1. University of Pécs, Pécs, Hungary

    Attila Kiss & Gergely László Szőke

Authors
  1. Attila Kiss
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gergely László Szőke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Attila Kiss or Gergely László Szőke .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Serge Gutwirth

  2. Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  3. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Paul de Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Kiss, A., Szőke, G.L. (2015). Evolution or Revolution? Steps Forward to a New Generation of Data Protection Regulation. In: Gutwirth, S., Leenes, R., de Hert, P. (eds) Reforming European Data Protection Law. Law, Governance and Technology Series(), vol 20. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-9385-8_13

Download citation

Publish with us

Policies and ethics

Search

Navigation