 |
|
|
Data protection law - An Introduction
Handbook Resources About the author
|
3. The development of data protection law and the outline of its history 1. The period before the appearance of data protection was the one not yet characterized by the massive application of devices for storing and processing data. There was a very small likelihood that somebody would make links between personal data, process these data and create a personality profile that would expose an individual, because such activities required large investments. Still, the fear of the complete disappearance of privacy was there, and it is illustrated by a 1935 poem of Attila József: “They can tap all my telephone calls
(when, why, to whom.)
They have a file on my dreams and plans
and on those who read them.
And who knows when they’ll find
sufficient reasons to dig up the files
that violate my rights.”45
A similar fear is reflected by George Orwell’s novel entitled 1984. According to Chief Justice Louis Brandeis, "Subtler and more far reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet."46 More than 30 years before 1928, when this opinion was formulated, in the article written together with Warren already quoted above, Brandeis had expressed his opinion about the dangers inherent in the new technologies. But “[u]p until the 1960's, most surveillance was low-tech and expensive since it involved following suspects around from place to place and could use up to 6 people in teams of two working 3 eight hour shifts. All of the material and contacts gleaned had to be typed up and filed away with little prospect of rapidly cross checking. Even electronic surveillance was highly labor intensive. The East German police for example employed 500,000 secret informers, 10,000 of which were needed just to listen and transcribe citizen's phone calls.”47 Data processing was not automatic, and the large-scale, uncontrolled surveillance was too costly, and all this provided a natural barrier for protecting privacy. These natural barriers disappeared gradually at the middle of the1960s, by the spreading of computerized data procession. 2. When discussing the history of European data protection regulations, literature makes a distinction between generations of norms based on specific points of view. Some distinguish among three generations of data protection norms, while some describe four such generations. First generation norms, which appeared at the beginning of the 1970s, are characterized by a certain technological attitude in Mayer-Schönberger’s view; the regulations of the second generation norms depend less on technology, and in this generation (in the second half of the 1970s) regulations put a greater emphasis to the rights of the individual. In this classification the third generation data protection norms are considered to be the ones born after the decision of the German constitutional court concerning the 1983 census, and in which regulation reflects the concept of informational self-determination. The fourth generation norms – which are described by the author with key terms such as “holistic” and “sectorial” – amend the imperfections of the third generation norms; a new development of this period is that omnibus data protection acts are supplemented with sector-specific regulations.48 Bäumler – who builds his categories upon the development of German data protection law – does not distinguish between acts belonging to the first and the second generation in Mayer-Schönberger’s system, but characterizes these acts by grouping them together saying that they contain general clauses and conceptual formulas. In Bäumler’s classification the results of legislation following the 1983 census belong to the second generation (including several sectorial data protection norms), while he considers third generation those provisions of law which, on the one hand, need to adopt the EU directive into national legislation, while on the other hand they need to transform data protection law, they need to react on the alterations of data procession technology.49 Bizer’s outline of the development of generations is similar. In his view the newest challenge the legislator has to face is to extend the traditional data protection right and create “the right that is forming technology” (Recht der Technikgestaltung).50 The fact that the first generation norms were directed towards (at least partly) computerized record-keeping is considered by Majtényi as their central characteristic. In this classification the second generation norms govern all record keeping (including paper-based records as well). In Majtényi’s view the characteristic feature of the third generation norms is that European integration (the adoption of the EU directive) and sectorial challenges are taken into consideration in their framing process.51 The description of the history of regulations with successive generations seems to be well applicable to the history of European data protection. Three phases may be distinguished in its history: a) the first one starts with the appearance of the first data protection regulations and lasts until the decision of the German Constitutional Court of 1983, stating the case of the freedom of informational self-determination, b) the second starts with the formulation of the doctrine of informational self-determination until the beginning of the third phase, c) the beginning of the third phase is marked by the appearance of “new data protection”, an answer to the crisis of data protection regulations (the landmark event being the passing of the German Teledienstedatenschutzgesetz in 1997). |