Outline by Patrick Dean, April 2005
Ch.8 Generational Development of Data Protection in Europe
Data-protection: The right to control one’s own data.
Data-protection became apart of European nations’s framework since 1970s, but iti is the individual who needs protection.
Signal for the problem of informational privacy was the EU legislation passed in 1995 directing its member states to enact specific data-protection norms. In the past, data-protection issues were mostly national, but recently it is becoming increasingly international with the demand for cross-border flows of information and a single European data-protection regime. Analyzing the norms across European nations can provide similarities in the systems.
First Generation: Data-protection norms
The first data-protection laws were enacted in response to the emergence of electronic data processing within government and large corporations. Attempts to counter dim visions of an unavoidably approaching Brave New World. Plans to centralize all personal data files in gigantic national data banks.
Directions toward centralized data banks:
Data-protection Law of the German State of Hesse (1970)
Swedish Data Act (1973)
Data-protection Statute of the German State of Rheinland-Pfalz (1974)
German and Austrian proposals for Data-protection Act (1974)
Data-protection focuses on the function of data processing in society and not the protection of individual privacy. An attempt to tame technology.
Second Generation: Warding off more and different offenders
Data-protection focuses on the individual rights (right to be let alone, right to protect personal intimate space). Technical jargon was removed and norms were less linked to stages of technology. Decision power was given to the individual to choose what data would be used for what purposes. International data exchange was first handled, though based on "rules of reciprocity." Data-protection institutions not only investigated data-protection offenses, but help citizens enforce their rights. Citizens were forced to choose between societal exclusion or open data exchange.
Directions toward individual rights:
French Data-protection Statute
Austrian Data-protection Statute
Danish Data-protection Statute
Norwegian Data-protection Statute
Third Generation: The Right to Information Self-Determination
"The basic right of the individual to determine the release and use of his own personal data." (pg. 229)
Government must explain why the requested data is needed and "what… consequences…denial of consent to processing might entail." (pg.230)
The problem to be addressed is: Efficiency increase and mobility of data security measures. Norms are that of the individual right to self-determination and the belief that citizens would exercise this right. Data-protection remained a minority privilege that were both economically and socially.
Directions toward Individual Self-determination:
German States’ Data-protection Statutes
Amendment to the Austrian Data-protection Law
Norwegian Data-protection Act
Constitutional provision in the Netherlands
Finnish Persons Register Act of 1987
Fourth Generation: Holistic and Sectoral Perspectives
Norms: 1)equalize bargaining positions and 2)legislators subject some freedoms to mandatory legal protection. Advocacy and adjudication became separate. Individual participation.
1995 European Union Directive calls for codes of conduct for data-protection.