The objective of this chapter is to examine the relevance of the European Convention on Human Rights (ECHR) for data protection in private relations, in comparison to the protection under the General Data Protection Regulation (GDPR). This chapter first puts the ECHR and the GDPR in the context of the Europeanisation of data protection law (section 1). It then discusses the underlying concepts of data protection, namely informational self-determination and the protection of private life, and their roots (section 2). Next, it demonstrates the consequences which result from the ECHR approach for the protection of data in private relations (section 3). Finally, it compares the findings to data protection under the GDPR, and draws conclusions concerning the relevance of the ECHR for data protection in private relations (section 4).
1. EUROPEANISATION OF DATA PROTECTION LAW
The codification of data protection law in Europe began in the 1970s, with the adoption of legislation, by some states, to control the processing of personal information by public and private actors. In 1970, the German State of Hesse passed the world’s first data protection law. Later in the 1970s, Sweden, France and Germany enacted the first national data protection laws. But it was not until 1983 that the Bundesverfassungsgericht (Federal Constitutional Court – BVerfG) developed the fundamental right to informational self-determination under the Grundgesetz (Basic Law for the Federal Republic of Germany – GG), and thus subjected all processing of personal data by public actors to a legal reservation.
The starting point of European data protection law was the Council of Europe Convention 108 in 1981, an international agreement on the protection of personal data. Although Convention 108 does not contain any rules on its own enforcement, it must be taken into account when interpreting Art. 8 ECHR. 9 Art. 8(1) ECHR itself does not explicitly guarantee a right to data protection as such, but protects ‘the right to respect for private and family life’. However, in 1987, the European Court of Human Rights (ECtHR) found that the right to data protection was an emanation of the right to respect for private life under Art. 8(1) ECHR, although the term ‘data protection’ was not used in the jurisprudence of the ECtHR.