Do criminals have a right to privacy

EU: data protection regulation strengthens privacy

(Brussels, June 6, 2018) - The European Union's new General Data Protection Regulation (GDPR) strengthens privacy and is intended to encourage other countries to better protect personal data, Human Rights Watch said in a “Questions and Answers” ​​document. It summarizes the most important topics of the EU regulation and discusses the next steps.

"In the digital age, almost everything we do creates data that reveals intimate details about our lives, thoughts, and beliefs," said Cynthia Wong, Internet expert at Human Rights Watch. "The GDPR is far from perfect, but it strengthens privacy in the EU and shows that strong data protection measures can be put in place and are good for human rights."

The new rules have been in effect in the 28 EU member states since May 25, 2018. Passed in 2016, the regulation is one of the world's strongest and most comprehensive attempts to regulate the collection and use of personal data by governments and the private sector. If properly implemented and enforced, it can strengthen the right to privacy in the EU and serve as a model for other countries, such as the US, where personal data protection is comparatively weak.

The regulation obliges government agencies and companies such as Facebook and Google to obtain the express and informed consent of the data subject and to explain how they use, share and store the data before collecting data. Internet users have the right to ask companies and other organizations what personal data they have, to have this corrected and to prohibit further use of the data. In addition, complaints about misuse of data can be submitted to the national data protection officers, who investigate them and impose fines in the event of violations.

Government and private institutions must immediately report data protection violations and incorporate privacy measures into their systems, known as "built-in data protection" or "privacy by design". They also have to enable users to download their data so that they can easily switch between different providers. In addition, the regulation provides for the right to object to decisions and profiles created based on algorithms or automated processes - those affected can demand that a person review the process in question. Such a check can protect against discrimination, for example, when algorithms are used to determine whether a person is entitled to social benefits, can take out insurance, is creditworthy or is eligible for a job.

The new EU rules have some weaknesses and limitations. Many regulations contain vague or undefined terms or phrases that potentially make it possible to restrict privacy. For example, governments and companies can collect and process data without consent if their “legitimate interests” outweigh the rights and freedoms of the data subject. What “legitimate interests” are is not well defined or very broad in the regulation. This can create significant loopholes.

Data protection officers and courts will have to work very carefully to ensure that governments and companies do not exploit ambiguous language and violate rights in the process. In addition, the regulation will not encompass broad, state surveillance measures as it allows governments to process data without consent if this is justified with the undefined protection of "national" or "public security".

Data protection laws are central to human rights in the digital age. Many countries around the world have little or no protection of personal data. With the recent scandals surrounding Facebook and Cambridge Analytica and the public debate over data breaches, targeted advertising and opaque profiling by the private sector, calls have grown louder for better control over how personal data is collected and used.

"Governments and companies are collecting massive amounts of data about our private lives and using them to make important decisions that affect us," said Wong. "States must regulate how this information is handled so that it can no longer be misused so easily by governments, companies and criminals."