Brussel The Right to Protection of Personal Data . Incapable of Autonomous Standing in the Basic EU Constituting Documents ?

Over the past few years an overhaul of the European data protection edifice has been under way. Practically all basic data protection regulating documents in effect until today have either already been replaced or are in the process of being thoroughly amended. This is probably a development that was long overdue, given that all of them have an age of several decades while none of them has been released taking the internet into account. The OECD is the first international organisation that issued any data protection regulations at all: it did so in 1980, and its Guidelines remained unchanged until 2013, when their amendment process was completed. The Council of Europe released its own data protection regulations, formulated in Convention 108, only a few weeks after the OECD; they too remained in effect unchanged over the decades that passed, admittedly complemented by rich secondary legislation, and are now in the process of being amended. However, most of the data protection work undoubtedly takes place within the EU which chose to dominate the international field since it became involved in it, through the EU Data Protection Directive in 1994. The Directive set the EU and international, through its “adequacy” criterion, data protection standard. However, it remained hopelessly outdated, because it was released before the advent of the Internet (although the Court of Justice through its recent Google Spain case showed that there is still some life left in it). The European Commission seized the opportunity presented by the Treaty of Lisbon, and its Article 16 TFEU, and took upon itself the herculean task of reconstructing the whole EU data protection edifice, both from an architectural and from a substantive law point of view

Over the past few years an overhaul of the European data protection edifice has been under way.Practically all basic data protection regulating documents in effect until today have either already been replaced or are in the process of being thoroughly amended.This is probably a development that was long overdue, given that all of them have an age of several decades while none of them has been released taking the internet into account.The OECD is the first international organisation that issued any data protection regulations at all: it did so in 1980,1 and its Guidelines remained unchanged until 2013, when their amendment process was completed. 2The Council of Europe released its own data protection regulations, formulated in Convention 108, 3 only a few weeks after the OECD; they too remained in effect unchanged over the decades that passed, admittedly complemented by rich secondary legislation, and are now in the process of being amended. 4owever, most of the data protection work undoubtedly takes place within the EU which chose to dominate the international field since it became involved in it, through the EU Data Protection Directive in 1994. 5The Directive set the EU and international, through its "adequacy" criterion, data protection standard.However, it remained hopelessly outdated, because it was released before the advent of the Internet (although the Court of Justice through its recent Google Spain case 6 showed that there is still some life left in it).The European Commission seized the opportunity presented by the Treaty of Lisbon, and its Article 16 TFEU, and took upon itself the herculean task of reconstructing the whole EU data protection edifice, both from an architectural and from a substantive law point of view.
While the outcome of the intensive law-making effort witnessed since 2012 is yet to be seen, a couple of observations are already possible.After all, one must not lose perspective and bury his or her head in trivial or less trivial details of the legislative arrangements that are currently being negotiated, but instead should pay attention to the greater picture.That picture unavoidably includes Article 16 TFEU and the draft EU General Data Protection Regulation 7 that constituted the main legislative response to it.We recall the text of Article 16 TFEU: 1. Everyone has the right to the protection of personal data concerning them.2. The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data.Compliance with these rules shall be subject to the control of independent authorities.The rules adopted on the basis of this Article shall be without prejudice to the specific rules laid down in Article 39 of the Treaty on European Union.
Entire books still need to be written about Article 16 TFEU, what it does for data protection and what it does not for other fundamental rights recognized in the EU Charter of Fundamental Rights.It is a difficult provision, not only because of its unique standing in EU primary law, its rather vague wordings and its limitations in other provisions and declarations. 8It seemingly suggests more freedom for the Union to pursue a full or more full fundamental rights policy beyond the traditional limits of Union law and this for all data processing in public and private matters, including the area of security and law enforcement.
Article 16 TFEU also signalled the emancipation of the right to data protection from the right to privacy, a development in itself that was probably also long overdue, and included it independently in the fundamental EU human rights list.However, this is not the end of a process that began in some European countries some fifty years ago.Far from it; the individual right to data protection is not among these human rights that contend themselves into a declaration in a human rights document.Instead, it is to be complemented by auxiliary legislation.This legislation will most likely be the EU General Data Protection Regulation -and also the Police and Criminal Justice Data Protection Directive 9 for its own subject matter.Given the current wording of both these instruments, it is to be expected that this auxiliary legislation will be of a detailed, technical and thorough type.The choice of instruments, a Regulation replacing a Directive and a Directive replacing a Framework Decision, ought also not be overlooked.These new legal instruments will replace their counterparts but they will also take advantage of some twenty years of very rich secondary legislation law-making, in practically all fields of human activity. 10All this accumulated know-how will most likely be codified under the new legal environment.What we are likely to end up with is a data protection code with detailed provisions; EU data protection is in effect becoming a locus of regulation of very concrete things rather than a principle-driven human rights system.
Is the right to data protection to be perceived as a "technical" right, in need of "technical" executing provisions?Incapable of standing by itself, as a simple and straightforward declaration in the basic EU constituting documents?Perhaps this is unavoidable, given the "long arm" of data protection: after all, some type of personal data processing takes place in all human activities.This leads to sector-specific regulations that complement general legislation that implements Article 16 TFEU.However, if this is the case, is that a success or a failure from a human rights point of view?
The articles that follow highlight the multitude of sectors in need of, or in trouble with, data protection regulation -the effect of this comprehensive and detailed legal intervention upon the individual level of data protection remains to be assessed.Of course, one journal issue cannot cover all possible or pending data protection issues, 11 but looking at what has been included issues such as the perceived tensions between the EU and U.S. privacy law systems, government surveillance and big data are perfectly addressed.
The latter promises important societal benefits, but trigger concerns about data protection, privacy and discriminatory impacts.Rhoen in his contribution ('Big Data and consumer contracts: Deciding who decides on privacy') sees no real solutions in existing and upcoming data protection law.Too much is given away by consumers with or without their consent.The way forward, Rhoen suggest, is to enhance consumer participation and lower obstacles to access to justice.More collective approaches to protect individual rights also stand central in Van der Sloot's contribution ('Privacy as Personality Right: Why the ECtHR's Focus on Ulterior Interests Might Prove Indispensable in the Age of "Big Data"').This author's reading of the privacy case law produced by the European Court on Human Rights contains daring new interpretations and understandings of that case law.A challenge to all those that are studying Strasbourg.

8
See on article 16 TFEU Franziska Boehm, Information Sharing and Data Protection in the Area ofFreedom, Security and Justice,  Heidelberg Dordrecht London New York, Springer, 2012, 116-122; H. Hijmans & A. Scirocco, 'Shortcomings in EU data protection in the third and the second pillars.Can the Lisbon Treaty be expected to help?', Common Market Law Review, 2009, 1485-1525.   Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data, 25.01.2012,COM(2012) 10 final. 10See the work of the Article 29 Working Party in its respective webpage. 11Compare Dennis Hirsch, 'Leading European privacy law conference points to key themes, suggests strategic directions', via 12 February 2015, http://www.technologylawsource.com/2015/02/articles/information-technology/leading-privacy-law-conferencein-europe-identifies-main-themes-suggests-strategic-directions/?utm_source=Technology+Law+Source&utm_campaign= 5ccec666b9-RSS_EMAIL_CAMPAIGN&utm_medium=email&utm_term=0_d12092c228-5ccec666b9-119365433.