ebook img

Consent In European Data Protection Law PDF

462 Pages·2013·2.661 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Consent In European Data Protection Law

Consent in European Data Protection Law Nijhoff Studies in EU Law VOLUME 3 Series Editors Prof. Fabian Amtenbrink Erasmus University Rotterdam Prof. Ramses A. Wessel University of Twente Nijhoff Studies in European Union Law is a refereed scholarly monographs series dedicated to the critical analysis of the current state and development of European Union law in a broad sense. Apart from constitutional, institutional and substan- tive issues of EU law, the series also embraces state-of-the-art interdisciplinary, comparative law and EU policies research with a clear link to European integra- tion. Titles in the Nijhoff  Studies in European Union Law series will be of particu- lar interest to academics, policy makers and practitioners dealing with EU law and policies, as well as national and international (non) governmental institutions and bodies. The titles published in this series are listed at brill.com/seul Consent in European Data Protection Law By Eleni Kosta LEIDEN • BOSTON 2013 Library of Congress Cataloging-in-Publication Data Kosta, Eleni. Consent in European data protection law / by Eleni Kosta. pages cm. -- (Nijhoff studies in EU law ; volume 3) Includes bibliographical references and index. ISBN 978-90-04-23235-8 (hardback : alk. paper) -- ISBN 978-90-04-23236-5 (e-book) 1. Data protection--Law and legislation--European Union countries. I. Title. KJE6071.K676 2013 342.2408’58--dc23 2012050533 This publication has been typeset in the multilingual “Brill” typeface. With over 5,100 characters covering Latin, IPA, Greek, and Cyrillic, this typeface is especially suitable for use in the humanities. For more information, please see www.brill.com/brill-typeface.   ISSN 2210-9765 ISBN 978-90-04-23235-8 (hardback) ISBN 978-90-04-23236-5 (e-book) Copyright 2013 by Koninklijke Brill NV, Leiden, The Netherlands. Koninklijke Brill NV incorporates the imprints Brill, Global Oriental, Hotei Publishing, IDC Publishers and Martinus Nijhoff Publishers. All rights reserved. No part of this publication may be reproduced, translated, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission from the publisher. Authorization to photocopy items for internal or personal use is granted by Koninklijke Brill NV provided that the appropriate fees are paid directly to The Copyright Clearance Center, 222 Rosewood Drive, Suite 910, Danvers, MA 01923, USA. Fees are subject to change. This book is printed on acid-free paper. CONTENTS Acknowledgments ...................................................................................................xv List of Abbreviations and Short References ..................................................xvii I     Introduction ..........................................................................................................1   1. Setting ...............................................................................................................1 1.1. The Concept of Consent .....................................................................1 1.2.  The Role of Consent in the Protection of Privacy and Data Protection ...............................................................................................4 1.3. Contribution of the Book ...................................................................7      2. Outline ..............................................................................................................8    3. Method .............................................................................................................9     4. Concluding Remarks .................................................................................11 II   Placing Data Protection in Context: Initiatives, Issues, Policy History .....................................................................................................12   1. Introduction .................................................................................................12   2. The Council of Europe ..............................................................................17 2.1. The European Convention of Human Rights ............................17 2.2. The Way to CoE Convention 108 .................................................19 2.2.1. Early Initiatives of the Council of Europe .....................20 2.2.2. CoE Convention 108 ...........................................................25    3.  The Organisation for Economic Cooperation and Development (OECD) ...............................................................................26 3.1. The OECD ...........................................................................................26 3.2. OECD Priority on Information Technology ...............................27 3.2.1.  OECD 1974 Seminar on Data Protection and Privacy .............................................................................28 3.2.2. Freese Proposal for Privacy Principles ...........................29 3.2.3.  OECD 1977 Symposium on Transborder Data Flows and the Protection of Privacy .....................30 3.3. OECD Guidelines ...............................................................................31 3.4. Interim Remarks ................................................................................33    4. The First Pieces of National Legislations .............................................34  4.1. Sweden .................................................................................................35  4.1.1.  Conditions that Favoured the Adoption of the Data Act ...........................................................................36 vi contents 4.1.2. The Right of Public Access to Official Records ..............37 4.1.3.  The Advent of Data Protection Legislation in Sweden ...........................................................40 4.1.4. The Swedish Data Act ...........................................................41 4.2.  The Federal Republic of Germany and the First State Data Protection Act .................................................................44 4.2.1. The Data Protection Act of the State of Hesse ...............45 4.2.2. The German Federal Data Protection Act .......................48 4.2.3.  The Population Census Case and the Right to Informational Self-Determination ...............................51 4.2.4. Concluding Thoughts ...........................................................54 4.3. The United Kingdom’s Way to Privacy Legislation ....................54 4.3.1.  The Turbulent Path of the UK to Data Protection Legislation ...........................................................54 4.3.2. The 1984 UK Data Protection Act .....................................68 4.3.3. Concluding Remarks .............................................................72 4.4. United States of America ..................................................................73  4.4.1. The Right to Privacy ..............................................................73  4.4.2.  Initiatives for Regulating the Technological Developments .........................................................................76  4.4.3.  Report on Records, Computers, and the Rights of Citizens ...................................................................77  4.4.4. The US Privacy Act of 1974 .................................................80 5. The European Data Protection Directive ..............................................83  5.1. The Way to the Data Protection Directive ...................................83  5.1.1. Developments at European Level ......................................83  5.1.2.  Initiative for the Adoption of Legislation on the Protection of Personal Data .........................................84  5.1.3.  The Legislative Process to the Adoption of the Data Protection Directive ....................................................85 5.2.  Defining Consent in the European Data Protection Directive ................................................................................................88  5.2.1. Commission Proposal ...........................................................88  5.2.2. First Reading of the European Parliament ......................90  5.2.3. Commission Amended Proposal .......................................91  5.2.4. Council Common Position ..................................................93 5.3.  Consent as a Ground for Lawful Processing of Personal Data .......................................................................................94  5.3.1. Commission Proposal ...........................................................94  5.3.2. First Reading of the European Parliament ......................95 contents vii 5.3.3. Commission Amended Proposal ....................................96 5.3.4. Council Common Position ...............................................97 5.4. Consent in the Context of Sensitive Data .................................98 5.4.1. Commission Proposal ........................................................98 5.4.2. First Reading of the European Parliament ..................99 5.4.3. Commission Amended Proposal ....................................99 5.4.4. Council Common Position .............................................100 5.5.  Transfer of Data to Third Countries and the Consent of the Data Subject ........................................................................103 5.5.1. Commission Proposal ......................................................103 5.5.2. First Reading of the European Parliament ................103 5.5.3. Commission Amended Proposal ..................................103 5.5.4. Council Common Position .............................................104 5.6.  Reflections on Consent in the Adoption of the Data Protection Directive ......................................................................104 6. Concluding Thoughts ............................................................................105 III    Elucidation of Consent in the Data Protection Directive ..........................................................................................................109 1. Introduction .............................................................................................109 2. Informed Consent in Bioethics ...........................................................111 2.1. Introduction ....................................................................................111 2.2. The Nuremberg Code ...................................................................113 2.2.1. The Creation of the Nuremberg Code .........................113 2.2.2. Consent in the Nuremberg Code ..................................114 2.2.3. Importance of Voluntary Consent ...............................115 2.3. Declaration of Helsinki ................................................................117 2.3.1.  The Promulgation of the Declaration of Helsinki ................................................................................117 2.3.2. Consent in the Declaration of Helsinki ......................117 2.3.3. Requirements for Valid Informed Consent ................120 2.3.4. Interim Comments ...........................................................123 2.4.  UNESCO Universal Declaration on Bioethics and Human Rights .................................................................................124 2.4.1.  UNESCO Declaration on Bioethics and Human Rights ....................................................................124 2.4.2. Consent in the Declaration ............................................125 2.4.3. Interim Comments ...........................................................126 2.5. Clinical Trials Directive ................................................................127 2.5.1. The Adoption of the Clinical Trials Directive ...........127 viii contents 2.5.2. Consent in the Clinical Trials Directive ......................128 2.5.3. Interim Comments ...........................................................129 2.6. Closing Remarks ............................................................................129 3. The Consent of the Data Subject as an Act of Autonomy ...........130 3.1. Autonomy ........................................................................................130 3.1.1. Relation between Autonomy and Consent ................130 3.1.2. Gradation of Consent ......................................................132 3.2.  Rights-Based Approach for Informed Consent Requirements .................................................................................133 3.2.1. Reliance on Autonomy ....................................................133 3.2.2.  The Right to Informational Self-Determination and Autonomy ...........................................................................134 3.3.  Duty-Based Approach for Informed Consent Requirements .................................................................................136 3.4.  In Support of a Rights-Based Approach for Informed Consent Requirements in Data Protection .........138 3.5. Concluding Remarks ....................................................................140 4. The Consent of the Data Subject in Data Protection ....................140 4.1. Introduction ....................................................................................140 4.1.1.  The Charter of Fundamental Rights of the European Union ................................................................140 4.1.2. Choice of Countries .........................................................142 4.2. Consent in the Data Protection Directive ...............................143 4.2.1.  The Role of Consent in the Data Protection Directive ..............................................................................143 4.2.2.  Lack of Harmonised Interpretation of Consent in the Member States ......................................147 4.3.  The Concept of Consent in Data Protection ........................................................................................148 4.3.1. Outline .................................................................................148 4.3.2. Introduction .......................................................................149 4.3.3. The Concept of Consent in Germany .........................153 4.3.4.  The Concept of Consent in the United Kingdom ..............................................................................156 4.4.  Consent as Indication of the Wishes of the Data Subject ....................................................................................159 4.4.1.  Legal Capacity for the Provision of Consent ...............................................................................160 4.4.2.  Expressing the Indication of the Wishes of the Data Subject .......................................................................165 contents ix 4.5. Freely Given ....................................................................................169 4.5.1. Introduction .......................................................................169 4.5.2.  Involuntary Actions and Voluntary Actions Made under Pressure .......................................171 4.5.3. Electronic Health Records..............................................176 4.5.4. Passenger Name Records ................................................177 4.5.5. Legal and Factual Dependencies ..................................178 4.5.6.  Volker und Markus Schecke GbR/Hartmut Eifert v. Land Hessen .......................................................183 4.5.7.  The Erroneous Debate Around “Opt-In” and “Opt-Out” Consent ...........................................................188 4.5.8. Concluding Remarks .......................................................201 4.6. Informational Requirements for Valid Consent ....................202 4.6.1. Introduction .......................................................................202 4.6.2.  Information to be Provided to the Data Subject .................................................................................204 4.6.3. Provision of Excessive Information .............................210 4.6.4.  When Does the Information Need to be Provided ....................................................................212 4.6.5.  Provision of Information in an Intelligible Form .....................................................................................213 4.6.6. Responsibility of the Data Subject ...............................214 4.6.7. Privacy Policies ..................................................................215 4.6.8. Language and Comprehension of Information........218 4.6.9. Concluding Thoughts ......................................................218 4.7. The Requirement for Specific Consent ....................................219 4.7.1. Introduction .......................................................................219 4.7.2. The Specificity Requirement .........................................220 4.7.3. Article 29 Working Party on Specific Cases ...............221 4.7.4.  Volker und Markus Schecke GbR/Hartmut Eifert v. Land Hessen .......................................................223 4.7.5.  Specificity Requirement and Multiple Processings .........................................................................224 4.8.  Consent Given Unambiguously as a Ground for Data Processing and Transfer of Personal Data to a Country that Does not Ensure an Adequate Level of Protection ........................................................................................226 4.8.1. The Qualification for Unambiguous Consent ...........226 4.8.2. The Lindqvist Case ............................................................227 4.8.3. Priority of Consent ...........................................................231

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.