Privacy and data protection

The right to privacy is a fundamental human right enshrined in various international, European and national regulations. In an era where digital technologies are deeply integrated into everyday life, the protection of these rights is more important than ever. Privacy is closely linked to data protection, as digital technologies and online services constantly collect and process large amounts of personal data.

Below we discuss key regulations in the area of privacy and data protection.

1. The right to privacy and the right to data protection.

Although privacy and data protection often mentioned in the same breath, they are separate rights with unique characteristics and applications:

Privacy refers to the protection of personal privacy. It includes such things as personal relationships, home environment, habits and thoughts. Privacy protection also extends to the confidentiality of communications, for example, e-mails and telephone conversations. The concept of "private life" is formulated broadly in case law and can include aspects of public or professional life.
Data Protection relates to the legal rules governing the (automated) processing of personal data. It includes the rights of individuals to exercise control over how their personal data is collected, used, stored and shared. Data protection includes a system of control mechanisms to provide protection for individuals whose personal data are processed.

2. Legal framework

2.1 United Nations

The right to privacy is a recognized human right in several international treaties and declarations, including:

Universal Declaration of Human Rights (UDHR).: Article 12 states that no one shall be subjected to arbitrary interference with his or her privacy, family, home or correspondence, nor to attacks on his or her honor and reputation. This 1948 declaration serves as a non-binding guideline for states worldwide, but lays the foundation for subsequent binding treaties.
International Covenant on Civil and Political Rights (ICCPR or BUPO).: Article 17 of the BUPO Convention, adopted in 1966, establishes similar provisions to the UDHR but is binding on the states that have ratified it. The article prohibits both arbitrary and unlawful interference with the privacy of individuals.
Convention on the Rights of the Child (CRC).: Article 16 protects children's right to privacy and emphasizes that they deserve the same protection from arbitrary interference in their private lives as adults.

In these treaties, the right to data protection not mentioned.

The UN has also adopted policy documents on the impact of modern technologies on the privacy in the digital age, such as artificial intelligence and mass surveillance, on the right to privacy. In a resolution of October 7, 2021 alerted the UN Human Rights Council to the privacy dangers of advanced technologies and called for adequate legal protections.

2.2 Council of Europe

The Council of Europe, founded in 1949, is made up of 46 states (including EU member states) and has adopted a number of important texts guaranteeing the right to privacy.

2.2.1 European Convention on Human Rights (ECHR)

Article 8 of the European Convention on Human Rights (ECHR)., adopted in 1950, states that everyone has the right to respect for his private and family life, his home and his correspondence. However, this right is not absolute; government interference is possible if necessary in a democratic society, such as for national security or health protection. The European Court of Human Rights (ECHR). based in Strasbourg, plays an important role in interpreting Article 8 and has established that "private life" encompasses a wide range of issues, such as identity, personal development and even aspects of one's working life.

2.2.2 Convention 108+

The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), originally adopted in 1981, was the first binding international treaty specifically aimed at protecting personal data. The modernized version, Convention 108+, provides an up-to-date legal framework that takes into account the challenges of the digital age. It states that personal data should be processed only when done fairly and lawfully, for specific and legitimate purposes, and that data should be kept only as long as necessary for those purposes. In addition, it sets stricter requirements for processing sensitive data, such as information about race, health and political beliefs. All members of the Council of Europe (and thus all EU member states) have ratified and are bound by this convention.

2.3 European Union

The European Union has enshrined privacy and data protection in its primary and secondary legislation.

2.3.1 Primary regulations

In the Treaty on the Functioning of the European Union (TFEU)., Article 16.1 states that everyone has the right to protection of their personal data. Article 6.3 of the Treaty on European Union (TEU) provides that fundamental rights, as guaranteed by the ECHR, are part of EU law as general principles.

The Charter of Fundamental Rights of the European Union (HGEU)., which has been in effect since 2009, contains specific provisions on privacy and data protection:

Article 7 guarantees the right to respect for private and family life, home and communication.
Article 8 explicitly recognizes the right to protection of personal data and establishes that such data must be processed fairly, for specific purposes and on the basis of consent or other legitimate basis.

Both these rights are not absolute, however, and can therefore be restricted in certain circumstances, for example to balance them with freedom of expression and information. However, according to Article 52.1 HGEU, these restrictions must be legal, necessary in a democratic society, have a legitimate aim and respect the essential content of these rights. Thus, in the Digital Rights Ireland case from 2014 that the (former) Data Retention Directive violated Articles 7 and 8 HGEU.

2.3.2 Secondary regulations

EU secondary legislation is of great importance to the protection of personal data. The main tools are:

General Data Protection Regulation (GDPR): The AVG harmonizes data protection rules across the EU and sets out the rules under which personal data can be processed as well as the rights of data subjects, such as the right to access, rectify and delete their personal data. The AVG also introduces the principle of data protection by design and default, requires in certain cases organizations to appoint a data protection officer and imposes accountability. The AVG came into force in all EU member states on May 25, 2018.
ePrivacy Directive: This directive aims to ensure the privacy and confidentiality of communications and establishes rules for the processing of personal data in the electronic communications sector (such as traffic and location data). In particular, Article 5.1 contains the principle that communications should be confidential.
Work is currently underway to replace the ePrivacy Directive with a Privacy Regulation, which is more responsive to current technological developments such as VoIP, online behavioral tracking, messaging services, etc. This regulation is intended to complement the AVG in a number of ways. Currently, no consensus has been reached on a final text.

2.4 Belgium

In Belgium, the right to privacy is included in Article 22 of the Constitution, which states that everyone has the right to respect for their private life, except in cases where the law provides otherwise.

In recent years, the right to privacy in Belgium has often clashed with the application of digital technologies, as in the case of mandatory fingerprinting on identity cards (of minors), data retention, facial recognition technology by police, surveillance cameras in public areas. The Covid19 pandemic also brought controversy on contact tracking, temperature controls at airports and the employee surveillance.

The right to data protection was first regulated by the law of December 8, 1992, on the protection of privacy in relation to the processing of personal data. This law was replaced by the personal data processing act of 30 July 2018, which contains a number of provisions that elaborate on the AVG and, for example, provides additional safeguards for the processing of sensitive data, such as biometric and health data. This law sets at 13 the age at which minors can lawfully consent to the processing of their personal data in relation to information society services.

The Data Protection Authority (DPA) (the successor to the Privacy Commission) is the regulator responsible for enforcing the AVG in Belgium. The GBA handles complaints, conducts investigations and can impose sanctions when the law is broken. In addition, the GBA issues guidelines and advice to promote compliance with the AVG and.

3. How can our law firm help you

Digital technologies are inseparable from the way individuals live and work today. Devices such as smartphones, tablets, smart speakers and fitness trackers are widespread in households, and the application of digital technologies extends to health care, public administration, education and even public safety. During the Covid-19 pandemic, the importance of digital technologies for accessing services, such as online education and teleconsultations in health care, increased dramatically.

However, with these technological advances also come risks. The ability of technology to collect and store vast amounts of personal data puts pressure on individuals' privacy. The collection of sensitive information, such as location data, biometric data (e.g., facial recognition and fingerprints), and online behavioral profiles, can lead to significant invasions of personal privacy. Moreover, social media and smart devices make it possible to track individuals' behavior in detail, which can result in unwanted profiling or discrimination.

The right to privacy and data protection is essential in the digital age. Despite extensive legislation, protecting these rights remains a challenge due to ongoing technological advances. Our law firm offers comprehensive support and legal expertise in privacy and data protection. We help with:

Compliance and audits: Assessment of compliance with the AVG and national regulations.
Policy Advice: Drafting privacy policies and guidelines.
Dispute Resolution: Representation in legal proceedings and conflicts with the GBA.

Questions about privacy or data protection rights? Our law firm is ready to guide and assist you with all privacy and data protection legal issues. Please feel free to contact us.

Contact

Recent posts

High-risk AI under the EU AI Act: is there an escape route through Article 6(3)?

Copyright protection of furniture design: recent case law on ‘banal’ forms and originality

May a former employee take source code to a competitor? Software and trade secrets

Misleading advertising in the telecom industry: may a provider promise ‘Fiber’ over a coaxial cable?

Is Apple liable for illegal loot boxes in apps?

Design modified or sold separately: am I entitled to additional royalties?

Descriptive trade name and likelihood of confusion: how to protect your business name in the face of competition?

Topics

Topics

ICT Legal Guide

Contact details

Where to find us

Disclaimers