Even with the advent of Web 2.0, data protection law is still often seen as technical and only narrowly applicable. Technical abstruseness aside (and data protection’s reputation here is certainly deserved), this understanding could not be more wrong. The existing European data protection framework really is breathtaking in scope. It applies to anything done electronically with any information about an identified or identifiable person – possibly including the dead. According to the European Union, even innocuous details in the public domain are protected (perhaps even the title of an author’s book). Moreover, if the information reveals the particulars of, for example, a person’s ethnic origin, political opinions, religious belief, trade union membership, health or criminality, then it is classed as “sensitive” and subject to even tighter controls. The European data protection framework is not only broad but often onerous. Barring specific exceptions (including a liberal one that can be invoked for journalism, literature and the arts), there is a presumption that individuals will be informed about the processing of data about them and given a right to object, that the processing of “sensitive” personal information will be banned and that no personal information will be transferred outside the European Economic Area without “adequate protection”.
So the popular perception of data protection is woefully inaccurate – which leads to a radical underestimation of the threat these regulations pose to the enjoyment of other fundamental rights and the pursuit of legitimate activities. Nowhere is this more the case than in social science and humanities research. Since the advent of the EU’s framework in the 1990s, researchers have witnessed dramatic restrictions on their freedom to use “sensitive” data and to deploy covert methods. Coupled with the growth of sometimes intrusive “ethical review” policies, the barriers and burdens placed in the way of even ordinary, innocuous, yet socially beneficial research and on researchers have become considerable.
It might have been hoped that the proposed EU Data Protection Regulation would provide an opportunity to reverse this. But if the European Parliament’s recently published draft amendments are anything to go by, the converse is true.
This article was originally published in the 14-20 February 2013 edition of Times Higher Education and is published with the author’s permission. You can also read it on the Constitutional Law website.
The draft EU DP Regulation will be examined in our forthcoming 1 hour Data Protection Update Webinar : http://www.actnow.org.uk/courses/930