3.1. First generation data protection norms

1. In the second half of the 1960s, development reached to a point where the threat that Orwell’s utopia might become true seemed real. In order to operate the developing social welfare-state, bureaucracy needed an increasing amount of information, and the new technology for processing this mass of information was available.⁵² Organizations owning large amounts of records (the state and the biggest companies) started to use computers. Since computer capacity counted as a fairly expensive (as well as a limited) resource, an idea was born very soon to store data at a single place for practical reasons, and provide different users with remote access – this way it was much simpler to launch, run and maintain a system.⁵³ The easiest tool for connecting data banks is a general artificial identifier code, and the need for it occurred within administration also at this point. These developments, the appearance of the notion of “integrated data management” led in Germany to the so-called data protection debate (Datenschutzdiskussion),⁵⁴ and later to the data protection act.

2. The first generation acts, thus, were born in a period where computers were used by few, and primarily state-run data controllers. There was a threat that the state, by connecting various registries, would gain an informational superpower over the individual, therefore when formulating the first data protection laws, their authors took into special consideration the challenges of the new technology, to make its application controllable and transparent. The characteristics of the first generation data protection acts are the following:

a) The primary goal of these acts is the transparency of the large – primarily state-owned – databases.

b) These acts do not yet ensure the right of disposal over the data of an individual for reaching this goal, but they ensure some rights (primarily the right of access and rectification) that will later become parts of the right of informational self-determination.

c) Obligations concerning registering the databases containing personal data appear within this generation of data protection norms. Thus, it is important to stress that the obligation concerning registration appeared in a context where there were few large databases.

d) With the first generation data protection norms the legislator wished to control specifically computerized data processing: these regulations were peculiar tools of privacy protection at the initial phase of the information revolution, but according to the above definition they cannot be regarded as data protection acts in the sense that their object was primarily technology in the service of record keeping.

e) It is characteristic that some acts among the first generation norms entitled legislation the right to have access to information available for public administration. This supports the idea that the direct aim of the first generation norms was not data protection as it was previously defined, but rather to create the “informational division of power”, and to suppress the excess of information power of the executive branch of the government within the state and society.

3.2. The census decision and the second generation of data protection norms