How does the GDPR protect Human Dignity through Data Privacy?

Introduction

How the GDPR Protects Human Dignity

In today’s day and age one can seldom skim through news headlines without encountering some story concerned with human rights and human dignity. This means, one could argue, that modern society has made it existentially-central to its mode de vivre…but was it always so?

The ancient Greek philosophers touched upon the subject more than once, but simultaneously, owning slaves was an integral part of their culture and economy. Thus, they surely had not reached a level of implementation, or even of thought, that we do today about human rights and dignity. It would take centuries before we would recognise that every human being should have equal fundamental rights. In fact, we can trace this back to the end of the Georgian Era, just some 200 years ago, when the majority of British, Portuguese, and Americans decided (not before deadly debacles and an all-out civil war), that human dignity was more important than monetary value, and ‘set the example’ for the rest of the world. Not to mention the rest of world history in between, which was dominated by the serfdom economy; peasants slaving for their Lords’ and sovereign’s own benefits.

Moreover, slavery is all but one form of human indignation, there are many others; and if we are to look back through time, one could argue that the human race has never been so concerned about human rights and human dignity. To many analysts, it comes as no surprise, since throughout the previous century there were decisive movers and shakers that changed the socio-political landscape, such as the National American Woman Suffrage Association (NAWSA), Simone de Beauvoir and existentialism, Rosa Parks & Martin Luther King and the Civil Rights Movement, Ruth Bader Ginsburg and her lasting influence on the law, the whole LGBT movement, and Michel Foucault who intensively dissected gender and family economics.

These are just a very few in a long line of 20th century thinkers who pushed for social change, together with the governments and institutions who followed these concepts and changed the laws into what we know today. At this point in time, however, with so much human rights abuses going on around the world, human dignity is still a very relevant topic to discuss in earnest.

Furthermore, with the advent of the Information Age and the creeping Augmented age just on the horizon, we have even more issues to worry about; such as our personal data and how much of it is stored, used, and abused - this is where the GDPR comes in.

Definitions and Legislation

How the GDPR Protects Human Dignity

‘Dignity’ is a commonly used term, however when it comes to law and legal matters, ‘dignity’ entails many implications. Originally, it was used to show respect due to status and nowadays we still use the word ‘dignitary’ to signify someone worthy of superior esteem. In any case, Article 1 of the Universal Declaration of Human Rights states that: “All human beings are born free and equal in dignity and rights”. This implies that dignity is far from a reverence that people earn because of their class, race, gender, or social status.

Through Article 6(2) and (3), the Consolidated Treaty of the European Union acquiesces to the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and makes these rights part of its law - that is binding on all Member States. Additionally, ECHR Article 8 states that ‘Everyone has the right to respect for his private and family life, his home and his correspondence’.

In its interpretation of this article through case law, the ECHR states ‘In sum, there is a general acknowledgment in the Court’s case-law under Article 8 of the importance of privacy and the values to which it relates [...] These values include, among others, well-being and dignity [...], personality development [...], or the right to self-determination [...], physical and psychological integrity [...], relations with other human beings [...] and the right to respect for the decisions both to have and not to have a child [...]; aspects of social identity [...] including the emotional bonds created and developed between an adult and a child in situations other than the classic situations of kinship [...], the protection of personal data [...] and a person’s image [...] It also covers personal information which individuals can legitimately expect should not be published without their consent [...] and may extend to certain situations after death’. The EU regulation that incorporates these principles is the General Data Protection Regulation (GDPR).

Data Protection and Security

How the GDPR Protects Human Dignity

This regulation replaced the EU’s Data Protection Directive, promulgated in 2016, and it provides the necessary framework as to how data is to be protected. Although it does not make direct reference to it, Chapter III lays out the rules to ensure Data Privacy. At this juncture it’s important to differentiate between data protection and data privacy, since, albeit interlinked, these terms are often wrongly used interchangeably:

• Data security or protection regards matters of individual or business data. It focuses on keeping data assets safe from unauthorised malicious use. Data protection includes the technical methods and measures that ensure the integrity and confidentiality of data.
• Data privacy covers the access, use and management of confidential and personal data. Such data may encompass anything about an individual, including their financial details, health information, education and career, and legal history among others. In data privacy, information cannot be accessed without the necessary privileges. Otherwise, it is considered a breach.

Analysing definitions, the following conclusions can be extracted with particular reference to data privacy:

1. Data protection is an umbrella concept and concerned with protecting an organisation’s data and thus data privacy is a subset.
2. Data protection without privacy does not ensure adequate safeguarding of human dignity since it is possible to have data protected from external access, but, at the same time, individual data can be accessed by unauthorised persons with malintent within an organisation itself.
3. Data privacy also requires adequate data protection in place but not vice-versa.
4. Data privacy focuses on ensuring appropriate handling, processing, storage, and use of personal information and defines who has authorised access.
5. It is about the rights of individuals with respect to their personal information.
6. Data privacy is more about securing the personal information of an individual.
7. The control of data privacy is in the hands of individuals who can decide on how their data can be used or shared.
8. Data privacy aims to secure the data from being shared or sold without the individual’s consent.

From a legal perspective, this distinction is very important since a breach in data privacy is more likely to result in a breach of Article 8 of the ECHR, and thus liable to higher sanctions; whereas a breach in data protection is not necessarily a breach in data privacy.

One also notices an analogy with Kelsen’s Grundnorm Theory with the UN Charter occupying ‘the highest pinnacle of the hierarchy as no other norm can exist beyond this point and is generally accepted by the great majority’. Next in the hierarchy is the ECHR, subsequently the Treaties on the EU and functioning of the EU that make reference to the convention, the Charter of Fundamental Rights of the European Union and then GDPR that makes references to adherence to these Treaties. By virtue of the European Union Act (Chapter 460 of the Laws of Malta), EU Law is binding since it is part of Maltese Law and prevails in case of any conflict.

The GDPR mentions human dignity once in Article 88 in relation to employment, and does not specifically mention privacy except in a footnote in page L119/31 of Regulation (EU) 2016/679. Furthermore, instances of the relationship within the regulation itself between human dignity and privacy are evident at the outset within the enabling clause ‘on the protection of natural persons with regard to the processing of personal data’.

Recital 1 of Regulation (EU) 2016/679 states that ‘The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her’, and Recital 2 that states ‘The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data’.

Rights of Others

How the GDPR Protects Human Dignity

The GDPR also recognises the duty to protect the rights and dignity of others, and hence the natural person, which is then referred to as the data subject. One cannot expect that data privacy is readily assured. In fact, Recital 4 states that:

‘The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data…’.

We Can Help!

Why Choose MK Malta Advocates

MK Malta Advocates has garnered a wealth of knowledge and extensive experience in the GDPR Regulation. If you feel that your privacy rights have been breached, feel free to contact us, in full confidentiality on infomalta@kyprianou.com

The content of this article is valid as at the date of its first publication. It is intended to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on your specific matter before acting on any information provided. For further information or advice, please contact infomalta@kyprianou.com or telephone +356 2016 1010.