Protecting Informational Privacy in Cyberspace: Exploring Complementary Routes

• Autore: Jeanne Pia Mifsud-Bonnici
• Carica: Associate Professor and Rosalind Franklin Fellow, University of Groningen, The Netherlands.
• Pagine: 105-122

Protecting Informational Privacy in Cyberspace:

Exploring Complementary Routes

JEANNE PIA MIFSUD BONNICI*

CONTENTS:Introduction – 2. Informational Privacy – 3. Data Protection Law – 4.

Scenario 1: Negligent Loss or Theft of Personal Information – 4.1.Responsibility of Non-

state Actors for Human Rights Violations – 4.2. State Responsibility in Case of Non-

state Actor Violation of Human Rights – 5. Scenario 2: Mergers and Acquisitions – 5.1.

Personal Information as a Commercial Asset – 5.2. Competition Law – 6. Conclusion

1. INTRODUCTION

Protecting informational privacy in cyberspace is difficult. The technical

infrastructure makes it remarkably easy to collect and use personal infor-

mation1, while there are few incentives in favour of the respect of privacy

over use of personal infor mation for commercial purposes. The Internet

and other technologies have created new opportunities for providers of

service to collect personal information easily, amass large databases of per-

sonal information and capitalize on the personal information for commer-

cial purposes. Our very presence on the Internet leaves valuable traces that

internet service providers, search engines, providers of social network sites,

credit card companies, web shops etc. can exploit at times with our consent

or our connivance or at times surreptitiously without caring to consider our

possible opposition. These providers (and users/merchants) of personal

information have become a primary threat for users’ privacy, at the same

time that the services they offer are simultaneously growingly indispensable

for many users. More than 90% of Internet users in Europe have registered

anxiety over abuse of personal infor mation online2. Governments too, may

be a threat to user privacy in the delivery of e-g overnment services and the

centralisation of personal information.

* The Author is Associate Professor and Rosalind Franklin Fellow, University of

Groningen, The Netherlands.

1P. SAMUELSON,Pri vacy as intellectual property? in “Stanford Law Review”, Vol.52, 2000, p. 1125.

2Eurobarometer Report, Confidence in the Information Society, May 2009, available at

http://ec.europa.eu/public_opinion/flash/fl_250_en.pdf.

To date, states have sought to protect (the fundamental right3of) pri-

vacy by specific personal data protection legislation and by encouraging

businesses to adopt privacy policies and practices to protect con-

sumer/user privacy. These approaches have limited effects, leaving con-

sumers often without any protection or remedies against abusive use of

their personal information. While in case of government traditional safe-

guards provided from fundamental human rights enforcement mecha-

nisms are also available – there is still an option to sue governments for

breaches of fundamental rights as judgements of the European Court of

Human Rights show – the responsibility of private companies for

breaches of informational privacy is still being worked out.

This paper reflects on the role that data protection legislation (name-

ly as implemented in European Member States following Directive

95/46/EC and other later directives) has in the protection of informa-

tional privacy online. It looks at two specific scenarios: possible remedies

where personal information has been negligently lost or stolen; and pos-

sible safeguards or remedies available when two or more private infor-

mation-rich businesses merge or are taken-over online. In each scenario,

it explores possible approaches that can be used to complement the cur-

rent systems of protection of personal information. The paper explores

two potentially complementary approaches:

The first approach is embedded in current theories of public interna-

tional law arguing for private sector fundamental rights responsibility. In

this part of the paper the author explores the usefulness of using devel-

opments in public international law on private sector responsibility for

breaches of fundamental rights – e.g. in the case of breach of property

rights or environmental rights – and the shifting of liability of private

sector liability to states in cases of breaches of fundamental rights – e.g.

where the state takes responsibility for breaches (of e.g. environmental

protection) carried out by private companies established in its territory.

The second approach is a market-based approach using competition

policy mechanisms to protect informational privacy. Traditionally, priva-

cy law and competition law have been considered to be two separate and

106 Diritti di libertà nel mondo virtuale della rete

3Protected by Article 8 of the European Convention of Human Rights.