Privacy as Data Protection: Some Critical Legal Problems

  • Alfonso Ortega Giménez Universidad Miguel Hernández

Abstract

This paper is presented as a collective contribution of members of the multidisciplinary project Digital Age: New Problems for the Law, funded by the Generalitat Valenciana, which aims at analysing and discussing some crucial impacts that communication and information technologies are having on our legal systems. Our present proposal revolves around the content and reach of a conception of privacy interpreted in an informational sense. The controversial separation of the public and private spheres is particularly troubling nowadays given the current capacity of governments and enterprises to collect and use personal information. Starting with a conceptual approach to the meaning and value of privacy where the cluster of moral pretensions and reasons implied can be a guide to legislative and judicial decisions, the paper goes on to deal with three problems that have been considered worthy of particular attention. First, the recording of communications of customers that financial institutions will accomplish in accordance with the European regulation on market abuse raises particular concern about their impact on privacy. Secondly, the use of video surveillance evidence has been considered by our constitutional jurisprudence specially protected by informational self-determination. But this interpretation can generate an interesting debate about different standards of evidence in social and criminal jurisdictions. Finally, the intrinsic vocation to internationalisation of information flows requires an international legal perspective from which to consider the new European legal regime as well as to reflect on disputes resolution and applicable law.

References

Strahilevitz, Lior Jacob (2010). “Toward a positive theory of privacy law”, Harvard Law Review, vol. 126, pp. 2010-2042, at 2021.

Toscano, Manuel (2017), “Sobre el concepto de privacidad: la relación entre privacidad e intimidad”, Isegoría. Revista de Filosofía Moral y Política, nº 57, pp. 533-552, at 544.

Garzón Valdés, Ernesto (2003), “Lo íntimo, lo privado y lo público”, Claves de Razón Práctica, nº 137, pp. 14-24

Castilla del Pino, Carlos (1989), “Público, privado, íntimo”, en Castilla del Pino (ed.), De la intimidad. Barcelona: Crítica, pp. 25-31.

Béjar, Helena (1988), El ámbito íntimo. Privacidad, individualismo y modernidad. Madrid: Alianza.

Garzón Valdés, E., “Lo íntimo, lo privado y lo público”, cit., p. 16.

Nagel, Thomas (1998), “Concealment and Exposure”, Philosophy & Public Affairs", vol. 27 nº 1, pp 3-30, at 4-5.

Magi, Trina J. (2011). “Fourteen Reasons Privacy Matters: A Multidisciplinary Review of Scholarly Literature”, The Library Quarterly, vol. 81, nº 2, pp. 187-209, at 195.

Nagel, T., “Concealment and Exposure”, cit., p. 20; Reiman, Jeffrey (1995), “Driving to the Panopticon: A Philosophical Exploration of the Risks to Privacy Posed by the Highway Technology of the Future”, Santa Clara Computer & High Technology Law Journal, vol. 11, pp. 27-44, at 41.

Nagel, T., “Concealment and Exposure”, cit., p. 20.

Pérez Luño, Antonio (2012), Los derechos humanos en la sociedad tecnológica, Madrid: Editorial Universitas, p. 92.

Rachels, James (1975). “Why Privacy is Important?”, Philosophy & Public Affairs, vol. 4, nº 4, pp. 323-333, at 328.

Reiman, Jeffrey (1976), “Privacy, Intimacy, and Personhood”, Philosophy & Public Affairs, vol. 6, nº 1, pp. 26-44, at 33-34

Innes, Julie (1992), Privacy, Intimacy and Isolation. New York: Oxford University Press.

Nissenbaum, Helen (2004). “Privacy as Contextual Integrity”, Washington Law Review, 79 (1), pp. 101-139

Hoven, Jeroen van den (2004). “Privacy and the Varieties of Informational Wrongdoing”, en Richard A. Spinello & Herman T. Tavani (eds.), Readings in Cyber Ethics, Jones & Bartlett Publishers, 2ª edn., pp. 489-500, at 491 ff.

Mayer-Schönberger, Viktor and Cukier, Kenneth (2013), Big Data. A Revolution that Will Transform How we Live, Work, and Think. New York: Houghton Mifflin Harcourt, p. 153.

Solove, Daniel (2004). The Digital Person: Technology and Privacy in the Information Age, New York: New York University Press.

Reiman, J., “Driving to the Panopticon”, cit., p. 29.

Garriga, Ana (2018), “La elaboración de perfiles y su impacto en los derechos fundamentales. Una primera aproximación a su regulación en el Reglamento General de Protección de Datos de la Unión Europea”, Derechos y libertades, nº 38, pp. 107-139, at 138.

Gandy, Oscar (1993). The Panoptic Sort: A Political Economy of Personal Information. Boulder, CO: Westview.

Lyon, David (2007), Surveillance Studies. An Overview, Cambridge: Polity Press, p. 184-185.

Bauman, Zygmunt (2000), Liquid Modernity, Cambridge: Polity Press, p. 86.

Solove, (2013). “Privacy Self-Management and the Consent Dilemma”, Harvard Law Review, 126, pp. 1880-1903.

Regan, Priscilla (2002). “Privacy as a Common Good in the Digital World”, Information, Communication & Society, vol. 5, nº 3, pp.382-405, at 395.

Allen, Anita (2011). Unpopular privacy: What must we hide?. Nueva York: Oxford University Press.

Wacks, Raymond (2010). “Should the Concept of Privacy be Abandoned?”, Law, Morality, and the Private Domain. Hong Kong: Hong Kong University Press, pp. 235-248.

This paper is part of the research project "The Digital Era: New Problems for the Law" (AICO/2107/161) funded by the Generalitat Valenciana's Conselleria d'Educació, Cultura i Esport.

European Securities and Markets Authority, Questions and Answers, On the MiFID II and MiFIR investor protection and intermediaries topics, p. 38. Accessible at https://www.esma.europa.eu/system/files_force/library/esma3543349_mifid_ii_qas_on_investor_protection_topics.pdf June 2018 (8).

MARCHENA GÓMEZ, M., La Reforma de la Ley de Enjuiciamiento Criminal en 2015 (The Reform of the Criminal Procedure Act in 2015), Castillo de Luna Ediciones Jurídicas, Madrid, 2015, p. 288.

European Securities and Markets Authority, Questions and Answers, On the MiFID II and MiFIR investor protection and intermediaries topics, p. 41. Accessible at https://www.esma.europa.eu/system/files_force/library/esma3543349_mifid_ii_qas_on_investor_protection_topics.pdf (8 June 2018).

European Securities and Markets Authority, Questions and Answers, On the MiFID II and MiFIR investor protection and intermediaries topics, p. 39. Accessible at https://www.esma.europa.eu/system/files_force/library/esma3543349_mifid_ii_qas_on_investor_protection_topics.pdf (8 June 2018).

Strahilevitz, Lior Jacob (2010). “Toward a positive theory of privacy law”, Harvard Law Review, vol. 126, pp. 2010-2042, at 2021.

Toscano, Manuel (2017), “Sobre el concepto de privacidad: la relación entre privacidad e intimidad”, Isegoría. Revista de Filosofía Moral y Política, nº 57, pp. 533-552, at 544.

Garzón Valdés, Ernesto (2003), “Lo íntimo, lo privado y lo público”, Claves de Razón Práctica, nº 137, pp. 14-24.

Castilla del Pino, Carlos (1989), “Público, privado, íntimo”, en Castilla del Pino (ed.), De la intimidad. Barcelona: Crítica, pp. 25-31.

Béjar, Helena (1988), El ámbito íntimo. Privacidad, individualismo y modernidad. Madrid: Alianza.

Garzón Valdés, E., “Lo íntimo, lo privado y lo público”, cit., p. 16.

Nagel, Thomas (1998), “Concealment and Exposure”, Philosophy & Public Affairs", vol. 27 nº 1, pp 3-30, at 4-5.

Magi, Trina J. (2011). “Fourteen Reasons Privacy Matters: A Multidisciplinary Review of Scholarly Literature”, The Library Quarterly, vol. 81, nº 2, pp. 187-209, at 195.

Nagel, T., “Concealment and Exposure”, cit., p. 20; Reiman, Jeffrey (1995), “Driving to the Panopticon: A Philosophical Exploration of the Risks to Privacy Posed by the Highway Technology of the Future”, Santa Clara Computer & High Technology Law Journal, vol. 11, pp. 27-44, at 41.

Nagel, T., “Concealment and Exposure”, cit., p. 20.

Pérez Luño, Antonio (2012), Los derechos humanos en la sociedad tecnológica, Madrid: Editorial Universitas, p. 92.

Rachels, James (1975). “Why Privacy is Important?”, Philosophy & Public Affairs, vol. 4, nº 4, pp. 323-333, at 328.

Reiman, Jeffrey (1976), “Privacy, Intimacy, and Personhood”, Philosophy & Public Affairs, vol. 6, nº 1, pp. 26-44, at 33-34

Innes, Julie (1992), Privacy, Intimacy and Isolation. New York: Oxford University Press.

Nissenbaum, Helen (2004). “Privacy as Contextual Integrity”, Washington Law Review, 79 (1), pp. 101-139

Hoven, Jeroen van den (2004). “Privacy and the Varieties of Informational Wrongdoing”, en Richard A. Spinello & Herman T. Tavani (eds.), Readings in Cyber Ethics, Jones & Bartlett Publishers, 2ª edn., pp. 489-500, at 491 ff.

Mayer-Schönberger, Viktor and Cukier, Kenneth (2013), Big Data. A Revolution that Will Transform How we Live, Work, and Think. New York: Houghton Mifflin Harcourt, p. 153.

Solove, Daniel (2004). The Digital Person: Technology and Privacy in the Information Age, New York: New York University Press.

Reiman, J., “Driving to the Panopticon”, cit., p. 29.

Garriga, Ana (2018), “La elaboración de perfiles y su impacto en los derechos fundamentales. Una primera aproximación a su regulación en el Reglamento General de Protección de Datos de la Unión Europea”, Derechos y libertades, nº 38, pp. 107-139, at 138.

Gandy, Oscar (1993). The Panoptic Sort: A Political Economy of Personal Information. Boulder, CO: Westview.

Lyon, David (2007), Surveillance Studies. An Overview, Cambridge: Polity Press, p. 184-185.

Bauman, Zygmunt (2000), Liquid Modernity, Cambridge: Polity Press, p. 86.

Solove, (2013). “Privacy Self-Management and the Consent Dilemma”, Harvard Law Review, 126, pp. 1880-1903.

Regan, Priscilla (2002). “Privacy as a Common Good in the Digital World”, Information, Communication & Society, vol. 5, nº 3, pp.382-405, at 395.

Allen, Anita (2011). Unpopular privacy: What must we hide?. Nueva York: Oxford University Press.

Wacks, Raymond (2010). “Should the Concept of Privacy be Abandoned?”, Law, Morality, and the Private Domain. Hong Kong: Hong Kong University Press, pp. 235-248.

This paper is part of the research project "The Digital Era: New Problems for the Law" (AICO/2107/161) funded by the Generalitat Valenciana's Conselleria d'Educació, Cultura i Esport.

European Securities and Markets Authority, Questions and Answers, On the MiFID II and MiFIR investor protection and intermediaries topics, p. 38. Accessible at https://www.esma.europa.eu/system/files_force/library/esma3543349_mifid_ii_qas_on_investor_protection_topics.pdf June 2018 (8).

MARCHENA GÓMEZ, M., La Reforma de la Ley de Enjuiciamiento Criminal en 2015 (The Reform of the Criminal Procedure Act in 2015), Castillo de Luna Ediciones Jurídicas, Madrid, 2015, p. 288.

European Securities and Markets Authority, Questions and Answers, On the MiFID II and MiFIR investor protection and intermediaries topics, p. 41. Accessible at https://www.esma.europa.eu/system/files_force/library/esma3543349_mifid_ii_qas_on_investor_protection_topics.pdf (8 June 2018).

European Securities and Markets Authority, Questions and Answers, On the MiFID II and MiFIR investor protection and intermediaries topics, p. 39. Accessible at https://www.esma.europa.eu/system/files_force/library/esma3543349_mifid_ii_qas_on_investor_protection_topics.pdf (8 June 2018).

This paper is part of the research project "The Digital Era: New Problems for the Law" (AICO/2107/161) funded by the Generalitat Valenciana's Conselleria d'Educació, Cultura i Esport.

SSC 239/2014, of 1 April uses terminology imported from that used by the European Court of Human Rights (ECHR) to pronounce on the difference between recording in open spaces, such as those where cash registers are found, and recording in an office, based on the "reasonable expectation of privacy" stating that: "the recording cameras were installed in at least two different places. In one area was the cash register, where the money was taken. The substance of the judgement is that all workers or, at least, most of them, had access to this location (…). It cannot be claimed that there is a reasonable expectation of privacy in a place of common access for the performance of the functions that each worker is assigned by the company within the employment relationship. In that case, the company's power to manage and its related powers, does not impinge on the right to privacy of the workers when placing recording cameras in public areas with widespread access in which the general working activity of the company is performed. This is not the case with the cameras that were installed in the office of the defendant. (…) In principle, a single office is a room allocated to a particular person, and consent is required before facilitating the visual or personal access of third parties to the same. Therefore, in general terms, it can be said that the holder of the same has a reasonable expectation of privacy within his or her office, which may be violated if recording cameras are installed without their knowledge."

STS (Sentence of the Supreme Court) 620/1997, of 5 May.

See STC of 3 March 2016, as well as the more restrictive interpretation, on the need to inform the worker, which is contained in the individual opinions. With regard to developments in doctrine and jurisprudence that have led to the view of recordings as attacking the right to the protection of personal data and not, strictly speaking, against the right to privacy; as well as on employment and administrative demands to ensure that the recording of the work activity for the purpose of monitoring by the employer is not considered an attack on the fundamental rights of the worker, see ARRABAL PLATERO, P., "La videovigilancia laboral como prueba en el proceso" (Labour Video Surveillance as Evidence in the Judicial Process) Revista General de Derecho Procesal, Iustel, September-October 2015, www.iustel.com.

Regarding the suspicion of the employer in regard to the unlawful activity of the worker, two interesting rulings of the ECHR should be noted: the case of Köpke against Germany (ruling of inadmissibility) of 5 October 2010 and the judgement in López Ribalda and others v. Spain, from 9 January 2018. While in the ruling of inadmissibility in the Köpke case, suspicions were focused on only two workers and the recording lasted two weeks, in the conviction against Spain in the case of López Ribalda, suspicions were directed against all the staff and the recordings were kept for months.

The ECHR has ruled on the extensive and exact information that must be provided to workers in the judgement Barbulescu v. Romania (Great Hall), of 5 September 2017 and, especially, against Spain in the Lopez Ribalda and others judgement, of 9 January 2018. In this judgement Spain was found guilty of the infringement of art. 8 of the ECHR after having accepted the dismissal of 5 supermarket workers for a number of thefts recorded by a video surveillance system, with some visible cameras and some hidden, but in relation to which they had only been informed of the visible cameras.

In this sense, see FABREGAT MONFORT, G., "El control empresarial de los trabajadores a través de las nuevas tecnologías: algunas ideas clave" (Corporate Monitoring of Workers Using New Technologies: Some Key Ideas", Trabajo y Derecho, No. 5, May 2015. For the author "not having a clear idea of the aforementioned leads to confusion, because only from that perspective, from the purpose of the means used to monitor and the reason for its existence, and the differentiation between the measures taken as ordinary or extraordinary (i.e., to monitor someone), it is understood that neither the evidence obtained in the case prosecuted under the aforementioned STC 29/2013, of 11 February (LAW 11227/2013), of the University of Seville, nor that of the case which is the subject of the also mentioned STS of 13 May 2014, Rec. 1685/2013 (LAW 76886/2014) complies with the law, since in both cases the video camera, in theory, had been placed without the previous existence of indications or suspicions of a prior non-compliance". Op cit., p. 7.

I had the opportunity to examine the different treatment that certain technological evidence is receiving in criminal and social cases in "The Probative Value of Emails", in Justicia penal y nuevas formas de delincuencia (Criminal Justice and New Forms of Crime) (ASENCIO MELLADO and FERNÁNDEZ LÓPEZ, Coords.), Tirant lo Blanch, Valencia, 2017, pp. 199-200.

Rec. 1685/2013.

This reasoning for the exclusionary rule has been expressly and constantly defended by the US Supreme Court since 1976 (Case Stone v. Powell).

See STC 114/1984, of 29 November; 56/2003, of 29 March; or ATC (Decision of the TC) 115/2008, of 28 April. Also, along the same lines, VELASCO NUNEZ goes deeper when he claims that "We disagree with the Barcelona SAP (Court of Appeals) 20 October 2012 that decreed that the evidence was inadmissible when the complainant provided DVDs with pictures of non-consensual sexual abuse of her sister-in-law, since they had been stolen from the car of the alleged perpetrator where they had been concealed, alleging that this violated his right to privacy, "contaminating" the derived evidence. What is essential between individuals is the good or bad faith of whoever provides the evidence since, rather than considering an illegal and prohibited object – such as an illegal film – as property, and since in cases such as this the motives of profit and rem sibi habendi are excluded, it should be considered that its contribution to a criminal proceedings – through the police or directly to the Judge – is more constitutive of an act of a citizen who is collaborating and reporting, especially if the offence is serious, than an arbitrary act at the hands of the justice system, because in the end the purpose of the photos is that they serve as evidence." VELASCO NÚÑEZ, E., "Derecho a la imagen: tratamiento procesal penal" (Rights to the Image: Criminal Procedural Treatment), Diario La Ley, Nº 8595, 1 September de 2015, Ref. D-311.

In this respect, the individual opinions issued by the Judge Antonio del Moral García in response to STS 569/2013, of 26 June and 239/2014, of 1 April are particularly eloquent.

the judgement is that all workers or, at least, most of them, had access to this location (…). It cannot be claimed that there is a reasonable expectation of privacy in a place of common access for the performance of the functions that each worker is assigned by the company within the employment relationship. In that case, the company's power to manage and its related powers, does not impinge on the right to privacy of the workers when placing recording cameras in public areas with widespread access in which the general working activity of the company is performed. This is not the case with the cameras that were installed in the office of the defendant. (…) In principle, a single office is a room allocated to a particular person, and consent is required before facilitating the visual or personal access of third parties to the same. Therefore, in general terms, it can be said that the holder of the same has a reasonable expectation of privacy within his or her office, which may be violated if recording cameras are installed without their knowledge."

STS (Sentence of the Supreme Court) 620/1997, of 5 May.

See STC of 3 March 2016, as well as the more restrictive interpretation, on the need to inform the worker, which is contained in the individual opinions. With regard to developments in doctrine and jurisprudence that have led to the view of recordings as attacking the right to the protection of personal data and not, strictly speaking, against the right to privacy; as well as on employment and administrative demands to ensure that the recording of the work activity for the purpose of monitoring by the employer is not considered an attack on the fundamental rights of the worker, see ARRABAL PLATERO, P., "La videovigilancia laboral como prueba en el proceso" (Labour Video Surveillance as Evidence in the Judicial Process) Revista General de Derecho Procesal, Iustel, September-October 2015, www.iustel.com.

Regarding the suspicion of the employer in regard to the unlawful activity of the worker, two interesting rulings of the ECHR should be noted: the case of Köpke against Germany (ruling of inadmissibility) of 5 October 2010 and the judgement in López Ribalda and others v. Spain, from 9 January 2018. While in the ruling of inadmissibility in the Köpke case, suspicions were focused on only two workers and the recording lasted two weeks, in the conviction against Spain in the case of López Ribalda, suspicions were directed against all the staff and the recordings were kept for months.

The ECHR has ruled on the extensive and exact information that must be provided to workers in the judgement Barbulescu v. Romania (Great Hall), of 5 September 2017 and, especially, against Spain in the Lopez Ribalda and others judgement, of 9 January 2018. In this judgement Spain was found guilty of the infringement of art. 8 of the ECHR after having accepted the dismissal of 5 supermarket workers for a number of thefts recorded by a video surveillance system, with some visible cameras and some hidden, but in relation to which they had only been informed of the visible cameras.

In this sense, see FABREGAT MONFORT, G., "El control empresarial de los trabajadores a través de las nuevas tecnologías: algunas ideas clave" (Corporate Monitoring of Workers Using New Technologies: Some Key Ideas", Trabajo y Derecho, No. 5, May 2015. For the author "not having a clear

Trabajo y Derecho, No. 5, May 2015. For the author "not having a clear idea of the aforementioned leads to confusion, because only from that perspective, from the purpose of the means used to monitor and the reason for its existence, and the differentiation between the measures taken as ordinary or extraordinary (i.e., to monitor someone), it is understood that neither the evidence obtained in the case prosecuted under the aforementioned STC 29/2013, of 11 February (LAW 11227/2013), of the University of Seville, nor that of the case which is the subject of the also mentioned STS of 13 May 2014, Rec. 1685/2013 (LAW 76886/2014) complies with the law, since in both cases the video camera, in theory, had been placed without the previous existence of indications or suspicions of a prior non-compliance". Op cit., p. 7.

I had the opportunity to examine the different treatment that certain technological evidence is receiving in criminal and social cases in "The Probative Value of Emails", in Justicia penal y nuevas formas de delincuencia (Criminal Justice and New Forms of Crime) (ASENCIO MELLADO and FERNÁNDEZ LÓPEZ, Coords.), Tirant lo Blanch, Valencia, 2017, pp. 199-200.

Rec. 1685/2013

This reasoning for the exclusionary rule has been expressly and constantly defended by the US Supreme Court since 1976 (Case Stone v. Powell).

See STC 114/1984, of 29 November; 56/2003, of 29 March; or ATC (Decision of the TC) 115/2008, of 28 April. Also, along the same lines, VELASCO NUNEZ goes deeper when he claims that "We disagree with the Barcelona SAP (Court of Appeals) 20 October 2012 that decreed that the evidence was inadmissible when the complainant provided DVDs with pictures of non-consensual sexual abuse of her sister-in-law, since they had been stolen from the car of the alleged perpetrator where they had been concealed, alleging that this violated his right to privacy, "contaminating" the derived evidence. What is essential between individuals is the good or bad faith of whoever provides the evidence since, rather than considering an illegal and prohibited object – such as an illegal film – as property, and since in cases such as this the motives of profit and rem sibi habendi are excluded, it should be considered that its contribution to a criminal proceedings – through the police or directly to the Judge – is more constitutive of an act of a citizen who is collaborating and reporting, especially if the offence is serious, than an arbitrary act at the hands of the justice system, because in the end the purpose of the photos is that they serve as evidence." VELASCO NÚÑEZ, E., "Derecho a la imagen: tratamiento procesal penal" (Rights to the Image: Criminal Procedural Treatment), Diario La Ley, Nº 8595, 1 September de 2015, Ref. D-311.

This reasoning for the exclusionary rule has been expressly and constantly defended by the US Supreme Court since 1976 (Case Stone v. Powell).

See STC 114/1984, of 29 November; 56/2003, of 29 March; or ATC (Decision of the TC) 115/2008, of 28 April. Also, along the same lines, VELASCO NUNEZ goes deeper when he claims that "We disagree with the Barcelona SAP (Court of Appeals) 20 October 2012 that decreed that the evidence was inadmissible when the complainant provided DVDs with pictures of non-consensual sexual abuse of her sister-in-law, since they had been stolen from the car of the alleged perpetrator where they had been concealed, alleging that this violated his right to privacy, "contaminating" the derived evidence. What is essential between individuals is the good or bad faith of whoever provides the evidence since, rather than considering an illegal and prohibited object – such as an illegal film – as property, and since in cases such as this the motives of profit and rem sibi habendi are excluded, it should be considered that its contribution to a criminal proceedings – through the police or directly to the Judge – is more constitutive of an act of a citizen who is collaborating and reporting, especially if the offence is serious, than an arbitrary act at the hands of the justice system, because in the end the purpose of the photos is that they serve as evidence." VELASCO NÚÑEZ, E., "Derecho a la imagen: tratamiento procesal penal" (Rights to the Image: Criminal Procedural Treatment), Diario La Ley, Nº 8595, 1 September de 2015, Ref. D-311.

Published
2018-11-09
Section
Research Articles