Database Reference
In-Depth Information
The solution to this issue as set forth by the Article 29 Working Party seems to be
to err on the side of caution, and consider any form of profiling the processing of
personal data. The difficulty with this is that once a dataset or a profile is considered
personal data, all the rules of the Data protection directive apply. In practice, this
leads to a substantial administrative burden for data controllers (see paragraph 7.2).
Moreover, it dilutes the effectiveness of enforcement (see paragraph 7.3).
7.5.2 The Procedural Nature of Data Protection Law
The second drawback, which ties in with the binary nature of the current data pro-
tection law, is the procedural nature of the law. Data protection legislation in its
current form is primarily aimed at the
ex-ante
protection of privacy and personal
data. This means that data controllers need to ensure that their processing of data
is compliant with all the demands set forth by the Data protection directive.
Though this should ensure the privacy of the data subject, in practice the effect of
this ex-ante approach is often limited. In practice, privacy protection is for data
controllers mainly an issue of compliance and following the procedural rules of
the Directive (e.g. registering the processing in a public register, informing the
data subject), rather than a discussion on what is considered a sustainable, ethical
and responsible (business) process.
For the data subject there are also possible drawbacks. A significant drawback
is that the data subject has limited options for redress in case there is a misuse or
an abuse of personal data.
13
The reason is that the Data protection authorities are in
charge of the enforcement of the law, leaving less room for individual redress.
7.5.3 Inflation of the Personal Sphere
Another issue with the application of the Data protection directive in the context
of profiling is that it further expands the scope of the Data protection directive.
The risk this brings with it is that as more and more activities fall under the header
of personal data protection, the protection the law can provide actually decreases.
Zwenne (2010, p. 335) for instance argues that a law that applies to essentially
everything applies to effectively nothing. Blok (2002) also warns for this problem,
calling the expansion of the concept of personal data 'an inflation of the personal
sphere'. The main problem that might arise as a result of this inflation is that key
privacy interests get heaped up with less important infringements of privacy, lead-
ing to an overstretched enforcement apparatus, confusion on how the law should
apply, and possibly a degradation of the importance of privacy as a human right
and the underlying values which it aims to protect.
A further problem with the inflation of the personal sphere is that the data pro-
tection authority becomes the
de facto
judge of what is considered the ethical use
13
Whether there are options for individual redress is dependent on the actual implementa-
tion of the Data protection directive and associated privacy laws in national law. For the
most part though we can say that the Data protection authority is in the lead when it
comes to the enforcement of privacy rules, rather than the data subject.
Search WWH ::
Custom Search