There relating to individuals, including the obtaining, holding,


There are different uses of the word privacy,
however the legal meaning varies slightly to the everyday meaning. Within international
documents and laws there has been many definitions proposed however there is no
universal definition of privacy. Ameneh
Malmir and Mohammad Malmir gave a range of definitions
within their journal ‘Government’s civil liability
towards individuals’ privacy in cyberspace’1.


“Privacy is marking
the boundary line which allows the society to enter the private affairs of a
person. Privacy is the realm of private life which a typical person does not
allow himself to violate in any condition by understanding society needs.
Individuals’ tendency to their own dignity is the most important objective of
privacy…Collecting sensitive information without the permission or knowledge of
the person can be considered as a potential weapon in the hands of those in
power…Therefore, this value is not less than other fundamental values, as in
the era of information culture, some privacy is required for security and
prosperity of human beings.”

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

Currently, every member state of
the EU follows the current 1995 Data Protection Directive which regulated the
processing of personal data within the European Union. However, every state has
their own laws, we operate under the Data Protection Act2. In the
preamble, it was said to be “An Act to make new provision for the regulation of the processing of
information relating to individuals, including the obtaining, holding, use or
disclosure of such information.”


The GDPR (General Data Protection Regulation) will
come into force on 25th May 2018 and will supersede the Data
Protection Directive. This will change the way that customers information can
be handled, this will replace the Data Protection Directive which as above
stated our current legislation operates under. 
The EU’s GDPR website3 states;


“The EU General Data
Protection Regulation…replaces the Data Protection Directive 95/46/EC and was
designed to harmonize data privacy laws across Europe, to protect and empower
all EU citizens data privacy”


The underpinning regulation and
directive have been published in the EU official Journal4 which
states when it will come into force with a two-year preparation period for
anyone covered by the regulation. The new UK data protection legislation5 was
published on 14th September 2017, which revealed that it implemented
most of the GDPR, and some exemptions6,
including added protection for journalists, scientific and historical
researcher and anti-doping agencies. Because we are implementing our own laws
Brexit isn’t an issue here because the Data Protection Bill largely includes
the provisions of the GDPR. Therefore, there will only be minor changes to our
laws and we are not relying on the EU for our privacy laws.


However, there have been a few
cases where the UK has allowed data protection laws to be breached and when
they have reached the EU courts they have been stopped and the UK has been told
to change this. In the EU, there are two legal systems, the European Court of
Human Rights (ECHR) and the Charter of Fundamental Rights of the European Union
(CFREU), when we leave the EU we will only be leaving the latter.


The European Court of Human Rights
is the first legal system within the EU, this is an international court which
deals with cases of states alleged violations of our rights which are defined
in the European Convention on Human Rights.


The ECHR dealt with the appeals of
Mr S and Mr Marper7
who had both been accused of committing crimes which subsequently they were
prosecuted for however, their finger print and DNA samples were kept on record.
They appealed multiple times within the UK and were rejected so they eventually
appealed to the ECHR on the basis that under Articles 8 and 14 the authorities
had continued to keep their data on record unnecessarily. The court found that
there had been a breach of Article 88 – the
right to respect for privacy and family life, this wouldn’t have been established
without the ECHR.


The Charter of Fundamental Rights
is a text on basic but necessary human rights of every citizen in the EU. The
charter is in place to clarify rights into a single document which can change
and adapt as society does.


Court of Justice in the European
Union dealt with two cases at the same time being, the cases of Tele29 and
Watson10. Both
cases concerned the ability of member states to make electronic communications
service providers to retain traffic and location data, this was in issue in
relation to the CFREU. This happened under the ePrivacy Directive exemption11 which
allows member states to restrict rights on the confidentiality of


In the judgment, the Court of
Justice in the European Union (CJEU) said which parts of national legislation would
be deemed as unlawful under EU law of the Charter of Fundamental Rights. The
main issues were in regard to, the use of traffic and location data, the
purpose of retaining data, how the data can be accessed, data subjects being
informed quickly, and containing the data within the EU.


Clearly in both these cases member
states have violated EU laws and when we leave the EU we won’t be protected by
EU courts in cases like these. As we are only leaving the CFREU this would be
the only one effected but this is clearly a big issue which may lead to the
publics privacy being invaded.


In addition to the new GDPR, there
are new ePrivacy rules coming into force because without these the GDPR would
be incomplete. Because of the changing society it is necessary to have
protection of the right to private life as promised in Article 712 of the
Charter of Fundamental Rights and this relies on having online protection as
well. Currently, our protection comes from the ePrivacy Directive 200213 which
was revised in 200914, this
was referred to by many as the cookie law, because this is where the pop up
consent cookies came from.


Increasing government surveillance
would be good in the sense that it would allow us to have a fuller picture of
what is happening within the country and anything which may affect us. For
example, in the case of R (Catt) v ACPO & Metropolitan Police15, Mr
Catt appealed after a judgment that his records could be kept under ‘review’ by
the police even though he has no criminal convictions and has never been
violent personally at anti-arms trade rallies. It is argued that deleting this
evidence would leave the police with a lack of awareness, Lady Hale16
commented that;


“It is well known that, for a
variety of reasons, complaints of domestic violence are often not followed
through to prosecution and conviction. But it is vital for the police, when
responding to any new complaint, to know whether there have been similar
complaints in the past.”


As this appeal was subsequently
rejected this leaves the government in a good position because it supports the
idea of increased surveillance, however as new laws are being developed for the
UKs exit of the EU it is likely that this would still be deemed unlawful and
this would have to be established through case law.


A newspaper article in the
explained the case of 2016 European court of justice (ECJ) ruling in
a case brought by Labour’s deputy leader, Tom Watson, initially with David Davis, now the
Brexit secretary. In the article18,
it quotes Watson’s argument that; “The current legislation fails to
protect people’s fundamental rights or respect the rule of law”. This is again
a clear breach of Article 819
as treating every member of the public like a suspect and gathering information
on them is not a respect for privacy and family life. However, not having this
information creates a lack of awareness for both our government and the police
which could in term lead to crime which could have been prevented if we’d have
had the knowledge. Therefore, this creates the difficult line between keeping
people safe by having information on people and infringing on people’s basic
rights to privacy.


From this information, it is clear that we heavily rely on the EU for all
of our privacy laws however, it is too early to say that we are too dependent
on the EU because it may be the case that we continue to have legal protection
but this will depend on the outcome of negotiations.

1 Ameneh Malmir and Mohammad Malmir, ‘Government’s
civil liability towards individuals’ privacy in cyberspace’, (2015)
International Journal of Law & Management Accessed 19th December 2017


2 Data
Protection Act 1998 c. 29

Portal: Site Overview’, (
Accessed 20th December 2017

4 Regulation (EU) 2016/679 of the European Parliament and of the Council of
27 April (2016)
Accessed 21st December 2017


Data Protection Bill (HL Bill 66)

Data Protection Bill (HL Bill 66) Part 1, Chapter 14


8 Convention
for the Protection of Human Rights and Fundamental Freedoms (European
Convention on Human Rights, as amended) (ECHR) Art 8



11 Privacy and
Electronics Communications Data 2002 OJ 2 201/37, Art 10

The Charter of Fundamental Rights 2000/C 364/01 Art 7

13 Directive on Privacy and
Electronic Communications 2002/58/EC

14 Directive on Privacy and
Electronic Communications 2009/136

2015 UKSC 9

2015 UKSC 9, Para 54


17 Alan
Travis, ‘UK police to lose phone and web data search authorisation powers’ The Guardian (30th November


19 Convention
for the Protection of Human Rights and Fundamental Freedoms (European
Convention on Human Rights, as amended) (ECHR) Art 8