The European UnionData Protection Directive of 1995 has always had lofty, and in many ways implausible, ambitions. As regards the private sector, it seeks to outlaw the input, storage or other processing on computer of any information relating to a living individual “data subject” (irrespective of whether the information is innocuous and/or widely available in the public domain) unless in each and every case that processing complies with a set of provisions put in place to ensure the protection of “the fundamental rights and freedoms of natural persons, and in particular their right to privacy” (Art. 1 (1)).
Subject to certain qualified and limited exemptions, that code requires that all data “controllers” – that is anyone who either “alone or jointly” determines the “purposes and means” of processing (Art. 2 (d)) – comply with a set of detailed rules designed inter alia to ensure fairness and transparency for the data subject and, in most circumstances, to completely outlaw processing of whole categories of “sensitive” information (for example regarding political opinion, religious belief and criminality) absent the subject’s explicit consent or unless this information is currently being manifestly made public by her (which may be taken as an albeit very tenuous kind of implicit consent) (Arts. 8, 10, 11 and 12).
In terms of legal principle, this code should have deeply structured the entire architecture of publication and dissemination of information on the World Wide Web. And yet, long before even the advent of Web 2.0, it was clear that the Web was largely operating according to an almost diametrically opposed understanding, namely, that information – in particular, publicly-available information – should, except in extraordinary circumstances, be “free” ...Zum vollständigen Artikel