How private is personal data?

dreamstimemaximum_5772962Is no information sacred when we live in a world seemingly dominated by Facebook, WikiLeaks and whistle-blowers? But according to the law, our personal information is supposed to be kept private.

Although much of our personal information (contact details, personal photos etc.) may be made available intentionally (or even worse – unintentionally) online, there is still a basic legal structure in operation which lays down and protects our ultimate right to privacy.

In a new report, the European Audiovisual Observatory, part of the Council of Europe, examines those rights in the current climate of Internet indiscretions.

The lead article of the new report ¨How Private is Personal Data?¨ is authored by Martin Rupp and Peter Matzneller of the Saarbrücken-based EMR (Institute for European Media Law). They examine the “uneasy relationship” between copyright law, including the right of rights holders to identify and pursue those who infringe their copyright, on the one hand, and data protection, the individual’s right to remain private, and thus “hidden” from such pursuit, on the other.

This article examines sources of primary law, both at EU level and also with regards to Council of Europe legal instruments. In terms of secondary law at EU level, it is the Enforcement Directive 2004/48/EC (article 8) which allows a person suing for copyright infringement to request that a Court try to obtain information about the origin and exact distribution channels involved. This information request may even be extended to names and addresses of infringers. As far as Council of Europe legal instruments are concerned, in 2010 the Parliamentary Assembly (PACE) adopted its Recommendation 1906 (2010) dealing specifically with intellectual property rights in a digital society.

Moving on to actual areas of conflict between copyright law and data protection, Rupp and Matzneller point out the obvious discrepancies between the right to request information from the infringer, the right to request information from intermediaries such as an Internet access or service providers and the limits to the right of information as enshrined in the Data Protection Directive. This analysis is backed up by concrete examples of CJEU case law illustrating this conflict.

The authors of the lead article round off their analysis by looking at national approaches to questions such as the proportionality of a right of information (i.e. how heavy should the right to information weigh against data protection concerns), or intermediaries’ obligations to establish systems to filter content (to prevent copyright infringement), or indeed national strategies concerning the blocking of internet access (the variations on the famous “three strike procedure”).

Rupp and Matzneller conclude their lead article by stating that “at this moment in time […] the application of data protection law enjoys precedence over the copyright directives…” As far as a harmonized, pan-European approach is concerned, they state that “The member states are already planning different approaches and it remains to be seen whether one system – and, if so, which – will ultimately be adopted for the assertion of copyrights in the online sector.”

The Related Reporting Section of this new report provides recent national examples of case law where copyright, freedom of expression, privacy and data protection issues have gone head to head in the European courts.

The final Zoom chapter on the US Patriot Act and the Fourth Amendment has been written by Jonathan Perl, Counsel for Regulatory Affairs at Locus Telecommunications, Inc. Perl traces the background to the 2001 Patriot Act which, in the wake of the 9/11 attacks, allowed the US government more far-reaching powers to indiscriminately collect and store the private data of its citizens. This legislation is counteracted by the Fourth Amendment to the United States Constitution which aims at protecting US citizens against “unreasonable searches and seizures”.

This chapter offers a useful explanation of the functioning of the PRISM top secret intelligence programme which was revealed via the British Guardian newspaper by NSA whistle blower Edward Snowden. Perl confirms that US intelligence services dispose of and use multiple technologies which allow them to track, trace and store details of all internet activity (email, video and voice chat, videos, photos, Skype, chats, file transfers and social networking details). The legal justifications of the US government’s secret programmes as well as the subsequent acknowledgements of overreach are then explored. Perl explains that, whilst “four bills have been introduced to fix the problem”, the American people do not seem satisfied to let this matter drop, particularly as it has crossed what Perl calls “the traditional bipartisan lines”. He concludes that “a demand for a special congressional investigatory committee, more transparency and more accountability is slowly growing. The movement is spearheaded by a coalition of over 100 civil liberties groups”.

Copies of this report are available from the European Audiovisual Observatory´s website. Order here.