Skip to main content
SpringerLink
Log in
Book cover

Data Protection in the Internet pp 1–44Cite as

Data Protection in the Internet: General Report

  • Chapter
  • First Online:

Part of the book series: Ius Comparatum - Global Studies in Comparative Law ((GSCL,volume 38))

Abstract

This general report seeks to identify and explain the basic approaches to the regulation of data protection in the Internet that are currently adopted at the national, supranational and international levels.

As will be shown, although the Internet is by nature a global computer network and personal data processing conducted through it is largely also a trans-border phenomenon that tends to ignore national frontiers, the regulation of that phenomenon is still—with the notable exception of the European Union which has, to a certain extent, succeeded in harmonizing its law in this respect over the past 20 years—essentially the result of national, or even private, initiatives.

The approaches to that regulation differ widely, particularly between the two major Western trading blocks, in what concerns its sources, contents, remedies and scope of application.

The diversity of such approaches does not appear to constitute the mere result of different legislative techniques or historical traditions; it is rather the fruit of deeply rooted different perceptions of the respective roles of private ordering, the protection of individuals’ fundamental rights and the preservation of national security in a market economy.

As such, the prospects for a comprehensive international unification or harmonization of the law on data protection in the Internet are, for the time being, limited.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    See Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, OJ L 119, 4.5.2016, pp. 1 ff.

  2. 2.

    See Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, pp. 31 ff.

  3. 3.

    See the judgment of the CJEU of 6 October 2015, C-362/14, Schrems v. Data Protection Commissioner, ECLI:EU:C:2015:650.

  4. 4.

    The abovementioned reports will be cited hereafter in an abbreviated manner, according to their denominations in the appended list.

  5. 5.

    See the seminal article by Warren and Brandeis (1890). For an overview of the law of privacy in Western legal systems, see Strömholm (1967).

  6. 6.

    See, for example, article 80 of the Portuguese Civil Code. On the genealogy of this provision, see Mota Pinto (2018), pp. 475 ff.; and Menezes Cordeiro (2011), pp 259 ff.

  7. 7.

    See, e.g., article 12 of the Universal Declaration of Human Rights.

  8. 8.

    See, for recent overviews of this matter, de Miguel Asensio (2015), pp 291 ff.; Hoeren (2018), pp 445 ff.

  9. 9.

    See, as examples thereof, the statutes cited in the German National Report, Sect. 1.1; the French National Report, Sect. 1; the Greek National Report, Sect. 1.1; the Italian National Report, Sect. 1; the Portuguese National Report, Sect. 1; the Romanian National Report, Sect. 2.1; and the Spanish National Report, Sect. 1.1.

  10. 10.

    As was the case, e.g., of Cape Verde: see Cape Verdean National Report, Sects. 2 and 5.2.

  11. 11.

    See, for a comprehensive description of this Regulation, the European Union Special Report.

  12. 12.

    See ibidem, Sect. 1.1.

  13. 13.

    See the Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), COM (2017) 10 final.

  14. 14.

    See the German National Report, Sect. 1.1.

  15. 15.

    See the Italian National Report, Sect. 2.1.

  16. 16.

    See the Portuguese National Report, Sect. 1.

  17. 17.

    See the Greek National Report, Sect. 1.1.

  18. 18.

    See Larenz and Wolf (2004), p. 137: “Die informationelle Selbstbestimmung umfasst das Recht der Person, selbst über das Ob, die Zeit, den Inhalt sowie die Art und Weise der Verwendung und Preisgabe ihrer persönlichen Daten zu entscheiden”. For a more recent analysis of this theme, see Sousa Pinheiro (2015) and van der Sloot (2017).

  19. 19.

    See, for a detailed description of those sources, the United States of America’s National Report, Sect. 1.

  20. 20.

    Although the exact extent to which it is so is far from settled in case-law and legal literature: see, on this, Prosser (1960); Fried (1968); Rubenfeld (1989); and Post (2001).

  21. 21.

    See, however, arguing for the constitutional recognition of a right to information self-determination, as part of the substantive due process liberty elaborated on by the U.S. Supreme Court, Eberle (2001).

  22. 22.

    See the Singaporean National Report, Sect. 1.

  23. 23.

    See the South African National Report, Sect. 2.

  24. 24.

    See the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, adopted in Strasbourg, on 28 January 1981.

  25. 25.

    See Guidelines for the Regulation of Computerized Personal Data Files, adopted by the Resolution of the General Assembly 45/95 of 14 December 1990; and the Policy on the Protection of Personal Data of Persons of Concern to UNHCR, of 27 November 2015.

  26. 26.

    See OECD Privacy Guidelines (revised in 2013).

  27. 27.

    See the International Trade Law Special Report.

  28. 28.

    See the United Nations Special Report, Sect. 1.1.

  29. 29.

    See judgment of 19 October 2016, case C-581/14, Patrick Breyer v Bundesrepublik Deutschland, ECLI:EU:C:2016:779.

  30. 30.

    See, for instance, the Cape-Verdean National Report, Sect. 2.1; Swiss National Report, Sect. 1.1.

  31. 31.

    See, on this European Union Special Report, Sect. 1.2.

  32. 32.

    See the South African National Report, Sect. 2.2.

  33. 33.

    See the United States of America’s National Report, Sects. 1.1 and 1.2.

  34. 34.

    See, for instance, the Cape-Verdean National Report, Sect. 2.2.5, and the Swiss National Report, Sect. 1.1.

  35. 35.

    See, on this, the European Union Special Report, Sect. 1.3.

  36. 36.

    See the United States of America’s National Report, Sect. 8.

  37. 37.

    See, on this, the European Union Special Report, Sect. 1.4.

  38. 38.

    See the Singaporean National Report, Sect. 2.3.

  39. 39.

    See the South African National Report, Sect. 3.

  40. 40.

    See the United States of America’s National Report, Sect. 1.4.

  41. 41.

    See the Brazilian National Report, Sect. 2.5.

  42. 42.

    See section 19d), of the Guidelines as amended in 2013.

  43. 43.

    Available at https://www.networkadvertising.org/sites/default/files/NAI_Code15encr.pdf.

  44. 44.

    Available at http://digitaladvertisingalliance.org/principles.

  45. 45.

    See the United States of America’s National Report, Sect. 1.5.

  46. 46.

    See the European Union Special Report, Sect. 2.6.

  47. 47.

    See, for instance the French National Report, Sect. 5.

  48. 48.

    See the Singaporean National Report, Sect. 2.4.

  49. 49.

    See the South African National Report, Sect. 3.3.

  50. 50.

    See the Brazilian National Report, Sects. 1–5.

  51. 51.

    See the Cape-Verdean National Report, Sect. 2.4.

  52. 52.

    Security obligations, for example, cover concepts such as “privacy by design”, which represents a deepening and an extension of those obligations. On privacy by design, see Orrù (2017).

  53. 53.

    See, for instance, the United States of America’s Health Insurance Portability and Accountability Act of 1996.

  54. 54.

    See article 20 of the GDPR.

  55. 55.

    See the International Trade Law Special Report, Sect. 4.

  56. 56.

    See the Swiss National Report, Sect. 2.8.

  57. 57.

    See article 22 of the GDPR.

  58. 58.

    See the French National Report, Sect. 2.

  59. 59.

    See Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (“Directive on electronic commerce”), OJ L 178, 17.07.2000, pp. 1 ff.

  60. 60.

    See Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (“Directive on privacy and electronic communications”), OJ L 201, 31.7.2002, pp. 37 ff.

  61. 61.

    See article 13 of the GDPR.

  62. 62.

    See, for example, Spanish National Report, Sects. 2.1.1 and 2.1.2.

  63. 63.

    The Directive on privacy and electronic communications also covers obligations to protect personal data conveyed and stored through electronic means, as well as obligations to inform third parties about data breaches. Nevertheless, and contrarily to the previous provisions, these obligations are set out only for providers of publicly available electronic communications services and or for providers of public communications networks and, consequently, should be addressed in the following topic, regarding data protection in the electronic communications sector.

  64. 64.

    See, for instance, the opt-in system referred to in the German National Report, Sect. 2.1.4, the Portuguese National Report, Sect. 2, the Greek National Report, Sect. 2.1.1, the French National Report, Sect. 2, and the Spanish National Report, Sects. 2.1.1 and 2.1.2. The national provisions on the storing of information, and access to information already stored, in the terminal equipment, are also included, for example, in the Czech Republic National Report, Sect. 2.1, the Portuguese National Report, Sect. 2, the Greek National Report, Sect. 2.1.1, the French National Report, Sect. 2, and the Spanish National Report, Sect. 2.1.2.

  65. 65.

    See the Czech National Report, Sect. 2.1.

  66. 66.

    Controlling the Assault of Non-Solicited Pornography and Marketing of 2003 (CAN-SPAM Act).

  67. 67.

    See the United States of America’s National Report, Sect. 2.2.

  68. 68.

    See the South African National Report, Sect. 4.1.2, the Swiss National Report, Sect. 9, the Japanese National Report, Sect. 3.1.1, the Canadian National Report, Sect. 2.3 and the Singaporean Report, Sect. 3.7.1. Other non-European countries don’t have any relevant provisions on this subject (see the Cape Verdean National Report, Sect. 3.1, according to which Cape Verde’ provisions on this topic concern exclusively the electronic communications sector, and the Brazilian National Report, Sect. 3.1).

  69. 69.

    See the Swiss National Report, Sect. 3.

  70. 70.

    See the Japanese National Report, Sect. 3.1.1.

  71. 71.

    See the South African National Report, Sect. 4.1.2.

  72. 72.

    See the United States of America’s National Report, Sect. 2.1.

  73. 73.

    See the Data Protection in International Trade Law Special Report, Sect. 8.1.

  74. 74.

    See the Data Protection in International Trade Law Special Report, Sects. 8.1 and 9.

  75. 75.

    See supra, Sect. 2.1, and the instruments mentioned therein.

  76. 76.

    See article 4(4) of the GDPR.

  77. 77.

    See the European Union Special Report, Sect. 2.

  78. 78.

    See the European Union Special Report, Sect. 2.2. Some European Union Member States have already set their age limit under this GDPR provision. By way of example, after the full implementation of the GDPR, on the 25th of May 2018, France has set that age limit at 15 years through its Law of 20 June 2018.

  79. 79.

    See the United States of America’s National Report, Sect. 2.3.

  80. 80.

    Important case law on this subject has been further developing processes for determining damages. See the United States of America’s National Report, Sect. 2.3, referring to the case law United States v. Boston Scientific Corp., 253 F. Supp. 2d 85, 98 (D. Mass. 2003).

  81. 81.

    See, for example, the Canadian National Report, Sect. 2.1.

  82. 82.

    See, for instance, the Singaporean National Report, Sect. 3.3. Advisory guidelines from the Singaporean administrative body also comprise guidelines on the treatment of minors, including how consent to obtaining and using their data should be obtained. The South African National Report, Sect. 4.1.3, refers to specific provisions for the protection of minors, included in a data protection law. These provisions determine the conditions under which minors personal data may be processed. Albeit relevant, these are general provisions, applicable to all types of personal data processing related to minors, regardless of the means used. Therefore, these provisions aren’t specific for the processing of personal data by electronic means.

  83. 83.

    See the French National Report, Sect. 2.

  84. 84.

    See the judgment of the CJEU of 13 May 2014, rendered in case C-131/12, Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, ECLI:EU:C:2014:317. In this case, the CJEU held that an electronic search engine operator is the controller of the processing of personal data available on the websites, run by third parties, which appear on its search results lists. Consequently, the respective data subject may approach that operator directly in order to obtain the removal of a hyperlink to a certain website from the search results list, as long as this website contains his or her personal data and even if this data is accurate and doesn’t have to be removed from the website where it is made available. On this case, see de Vasconcelos Casimiro (2014).

  85. 85.

    See the European Union Special Report, Sect. 2.3.

  86. 86.

    Following the CJEU decision in the Google Spain case, there are some relevant case law and administrative decisions relating to this topic. The Portuguese data protection authority, for example, issued a decision (section 536/2016, not publicly available) imposing on a search engine operator the removal of search results relating to a public figure that was under the suspicion of having committed a crime 8 years earlier. See the Portuguese National Report, Sect. 2.

  87. 87.

    See the GDPR, recital 66.

  88. 88.

    See, for example, the Canadian National Report, Sect. 2.2.

  89. 89.

    See the South African National Report, Sect. 4.1.4.

  90. 90.

    See the Brazilian National Report, Sect. 3.3.

  91. 91.

    The Law section 13.709, of 13 August 2018, on the protection of personal data introduce this right. See the Brazilian National Report, Sect. 3.3.

  92. 92.

    See the Japanese National Report, Sect. 3.1.3.

  93. 93.

    See the United States of America’s National Report, Sect. 2.5.

  94. 94.

    See the United States of America’s National Report, Sect. 2.5.

  95. 95.

    See the United States of America’s National Report, Sect. 2.5.1.

  96. 96.

    It is noteworthy that, since 2012, 25 states have enacted legislation preventing employers from forcing their employees to disclose the respective passwords. See the United States of America’s National Report, Sect. 2.5.3.

  97. 97.

    See the United States of America’s National Report, Sect. 2.5.

  98. 98.

    See van der Sype et al. (2017).

  99. 99.

    See the European Union Special Report, Sect. 2.4.

  100. 100.

    See, for instance, article 5 of the GDPR, which sets out the main principles applicable to the processing of personal data, such as lawfulness, fairness and transparency, purpose limitation, minimization, accuracy, storage limitation, integrity, confidentiality and accountability.

  101. 101.

    See article 88(1) of the GDPR.

  102. 102.

    See recital 155 of the GDPR.

  103. 103.

    See the Spanish National Report, Sect. 2.1.6.

  104. 104.

    See the Portuguese National Report, Sect. 2.

  105. 105.

    See the German National Report, Sects. 2.1.5–2.1.7.

  106. 106.

    See the Italian National Report, Sect. 2.3.

  107. 107.

    See the Czech National Report, Sect. 2.2.

  108. 108.

    See the Romanian National Report, Sect. 3.2.

  109. 109.

    See the French National Report, Sect. 2.

  110. 110.

    See the Greek National Report, Sect. 2.1.4.

  111. 111.

    Some non-European countries, such as Singapore, also cover the protection of personal data of employees, although there are no specific statutory provisions for these data subjects. See the Singaporean Report, Sect. 3.5.

  112. 112.

    See article 16 of the Code.

  113. 113.

    See the Portuguese National Report, Sect. 2.

  114. 114.

    See, for example, the French National Report, Sect. 2.

  115. 115.

    See the European Union Special Report, Sect. 2.5.

  116. 116.

    See the European Union Special Report, Sect. 2.5.

  117. 117.

    See the United States of America’s National Report, Sect. 2.7.

  118. 118.

    Except for the My Number Act, which set forth the obligation to report data breaches, for certain relevant institutions. See the Japanese National Report, Sect. 3.1.5.

  119. 119.

    See the Japanese National Report, Sect. 3.1.5.

  120. 120.

    See the Canadian National Report, Sect. 2.5.

  121. 121.

    See the Singaporean National Report, Sect. 3.6.

  122. 122.

    The ITU, originally the International Telegraph Union, was created in 1865 and is, since 1947, a United Nations specialized agency. ITU is an international body that promotes the development of telecommunication networks and access to telecommunication services by fostering cooperation among governments and standardizing technologies and protocols, among many other undertakings. See http://www.itu.int.

  123. 123.

    See, for example, the United States of America’s National Report, Sect. 3, the European Union Special Report, Sect. 3, the Cape Verdean National Report, Sect. 3.2, and the Japanese National Report, Sect. 3.2.

  124. 124.

    See, for example, the Portuguese National Report, Sect. 3, the Cape Verdean National Report, Sect. 3.2, and the Spanish National Report, Sect. 2.2.

  125. 125.

    See the United States of America’s National Report, Sect. 4, the European Union Special Report, Sect. 3.4, the Cape Verdean National Report, Sects. 20–21, and the Singaporean National Report, Sect. 3.8.

  126. 126.

    See the United States of America’s National Report, Sect. 4.

  127. 127.

    See the United States of America’s National Report, Sect. 4.1.

  128. 128.

    See the European Union Special Report, Sect. 3.4.

  129. 129.

    See Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016, p. 89.

  130. 130.

    Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, 2006 OJ L 105, 13.04.2006, p. 54.

  131. 131.

    See the judgment of the CJEU of 8 April 2014, joined cases C-293/12 and C-594/12, Digital Rights Ireland v Seitlinger, ECLI:EU:C:2014:238. In a similar vein, although relating to national legislation which had transposed the data Retention Directive, see the judgment of the CJEU of 21 December 2016, joined cases C-203/15 and C-698/15, Tele2 Sverige AB v Secretary of State for the Home Department, ECLI:EU:C:2016:970.

  132. 132.

    See the Singaporean National Report, Sect. 3.2.

  133. 133.

    See the Singaporean National Report, Sect. 3.2.

  134. 134.

    See article 15(5) of the Portuguese Cybercrime Law (Law section 109/2009, of 15 September 2009).

  135. 135.

    See the European Union Special Report, Sect. 3.4.

  136. 136.

    See the Czech Republic National Report, Sect. 5.

  137. 137.

    See the Portuguese National Report, Sect. 3.

  138. 138.

    See the South African National Report, Sect. 4.4.

  139. 139.

    See the French National Report, Sect. 5.

  140. 140.

    See the United States of America’s National Report, Sect. 5. The federal legislation on intelligence gathering for security and defense purposes has been highly criticized, both at a national level and at an international level. In the recent history of the United States of America, there have been several cases in which the means and methods used by the Government in this context were questioned. The Echelon case, involving authorities of several other countries as data controllers, is one such case, which determined a strong reaction from the European Parliament—see the Report on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001/2098(INI)). More recently, the Prism case has reignited the debate on the topic. It has also resulted in a strong reaction from the European Parliament—see the Report on the US NSA surveillance program, the surveillance bodies of various EU Member States and their impact on EU citizens’ fundamental rights and on transatlantic cooperation in the areas of Justice and Home Affairs (2013/2188(INI)). The Article 29 Data Protection Working Party has also issued an opinion on this topic—see the Opinion 04/2014 on the surveillance of electronic communications for intelligence and national security purposes, adopted on 10 April 2014. On this, see Edgar (2017).

  141. 141.

    See the United States of America’s National Report, Sects. 5.1 and 5.2.

  142. 142.

    See the European Union Special Report, Sect. 4.1.

  143. 143.

    See the United States of America’s National Report, Sect. 6.

  144. 144.

    See the Singaporean Report, Sect. 3.10.

  145. 145.

    See, supra, para 7.3.

  146. 146.

    See CJEU of 13 May 2014, rendered in case C-131/12, Google Spain SL and Google Inc., ECLI:EU:C:2014:317, para. 56.

  147. 147.

    See ibidem, para. 57.

  148. 148.

    See the judgment rendered on 1 October 2015 in case C-230/14, Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság Hatóság, ECLI:EU:C:2015:639.

  149. 149.

    See the Cape-Verdean National Report, Sect. 4.1.

  150. 150.

    See the South-African National Report, Sect. 5.1.

  151. 151.

    Namely in article 11 thereof, according to which Brazilian law on rights to privacy shall apply to any process of collection, storage, custody or treatment of personal data that occurs in national territory: see the Brazilian National Report, Sect. 4.1.

  152. 152.

    See the Swiss National Report, Sect. 2.1.

  153. 153.

    See, on this, recital 23 of the Regulation.

  154. 154.

    See, on this, recital 24 of the Regulation.

  155. 155.

    On which see Carrascosa González (2015), pp. 448 ff.

  156. 156.

    See, in this sense, the German National Report, Sect. 2.7.1.

  157. 157.

    See the Japanese National Report, Sect. 4.2.

  158. 158.

    See the Singaporean National Report, Sect. 4.1.

  159. 159.

    Case C-507/17, Google, OJ C 347, 16.10.2017, p. 22. An opinion was rendered by Advocate General Maciej Szpunar on 10 January 2019 in respect of the issues raised in this request for a preliminary ruling, according to which “the search engine operator is not required, when acceding to a request for de-referencing, to carry out that de-referencing on all the domain names of its search engine in such a way that the links in question no longer appear, irrespective of the location from which the search on the basis of the requesting party’s name is performed”. Nevertheless, according to the Advocate General “once a right to de-referencing within the EU has been established, the search engine operator must take every measure available to it to ensure full and effective de-referencing within the EU, including by use of the ‘geo-blocking’ technique, in respect of an IP address deemed to be located in one of the Member States, irrespective of the domain name used by the internet user who performs the search”. See, on this, de Miguel Asensio (2019).

  160. 160.

    Judgment of the Court (Grand Chamber) of 24 September 2019, ECLI:EU:C:2019:772.

  161. 161.

    On which see CJEU of 6 October 2015, C-362/14, Schrems v. Data Protection Commissioner, ECLI:EU:C:2015:650.

  162. 162.

    See ibidem, para. 73.

  163. 163.

    See, on this, the communication from the Commission to the European Parliament and the Council “Exchanging and Protecting Personal Data in a Globalized World”, COM (2017) 7 final, published on 10 January 2017.

  164. 164.

    Available at https://www.privacyshield.gov.

  165. 165.

    However, on 3 October 2017 the High Court of Ireland has ruled, in The Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (available at https://www.dataprotection.ie/docimages/documents/Judgement3Oct17.pdf), to make a reference for a preliminary ruling to the CJEU in order to determine, inter alia, whether certain features of the Privacy Shield constitute an adequate remedy for the protection of the rights to privacy and personal data enshrined in the EU Charter of Fundamental Rights.

  166. 166.

    See the Cape-Verdean National Report, Sect. 4.3.

  167. 167.

    See the Japanese National Report, Sect. 4.3.

  168. 168.

    See the Singaporean National Report, Sect. 4.2.

  169. 169.

    See the South-African National Report, Sect. 5.2.

  170. 170.

    See the European Union Special Report, Sect. 4.4.

  171. 171.

    Published in the OJEU, C 261, of 10 September 2013, pp. 17 ff.

  172. 172.

    See, for a comparative analysis, Kuipers (2017), pp. 1350 ff.

  173. 173.

    Such is the case, e.g., of Greek, Portuguese, and Spanish Private International Law: see, respectively, articles 26, 45(1) and 10(9) of the Civil Codes of those countries.

  174. 174.

    See article 45(2) of the 1966 Civil Code and, on the applicability of this provision to the situations referred to in the text, Moura Vicente (2005), pp. 307 ff.; Dias Oliveira (2011), pp. 395 ff.; and de Lima Pinheiro (2015), pp. 502 ff.

  175. 175.

    A similar rule can be found in article 133(2) of the Swiss Private International Law Act 1987, which states: “If the injury occurs in another State than the State, in which the act that caused injury arose, the law of that State shall be applicable if the tortfeasor should have foreseen that the injury would occur there”. The same happens with article 17 of the Japanese General Law on the Application of a Law, pursuant to which: “The formation and effect of a claim arising from a tort shall be governed by the law of the place where the result of the wrongful act occurred; provided, however, that if the occurrence of the result at said place was ordinarily unforeseeable, the law of the place where the wrongful act was committed shall govern”. See the Japanese National report, Sect. 4.4.

  176. 176.

    See article 99, § 2, according to which: “Obligations resulting from a tort are nevertheless governed: 1° in the event of defamation or violation of privacy or personality rights, at the choice of the plaintiff, by the law of the State on the territory of which the act leading to the damage or the damage occurred or is likely to occur, unless the person liable proves that he could not have foreseen the damage to occur in that State […]”.

  177. 177.

    See article 40(1) of the Introductory Act to the German Civil Code, according to which: “Tort claims are governed by the law of the country in which the liable party has acted. The injured party can demand that instead of this law, the law of the country in which the injury occurred is to be applied. The option can be used only in the first instance court until the conclusion of the pre-trial hearing or until the end of the written preliminary procedure”.

  178. 178.

    See article 62(1) of Law of 31 May 1995, section 218, on the Reform of the Italian System of Private International Law, according to which: “The law of the State where the event occurred governs tort liability there for. However, at the request of the injured party, the law of the State where the fact which caused the damage occurred shall apply”.

  179. 179.

    Accordingly the § 146 of the American Restatement 2nd on the Conflict of Laws states that: “In an action for a personal injury, the local law of the state where the injury occurred determines the rights and liabilities of the parties, unless, with respect to the particular issue, some other state has a more significant relationship under the principles stated in § 6 to the occurrence and the parties, in which event the local law of the other state will be applied”. Section 11 of the English Private International Law (Miscellaneous Provisions) Act 1995 provides, in turn, that: “(1)The general rule is that the applicable law is the law of the country in which the events constituting the tort or delict in question occur. (2) Where elements of those events occur in different countries, the applicable law under the general rule is to be taken as being (a) for a cause of action in respect of personal injury caused to an individual or death resulting from personal injury, the law of the country where the individual was when he sustained the injury […]”.

  180. 180.

    See Fentiman (2017), pp. 797 ff.

  181. 181.

    See, for a comparative overview of this matter, see Esplugues et al. (2011).

  182. 182.

    This was recognized by the Irish High Court in its judgment of 3 October 2017 on The Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (see note 158) where it stated: “A central purpose of the European Union is the promotion of the peace and prosperity of citizens of the European Union through economic and trading activity within the single market and globally. The free transfer of data around the world is now central to economic and social life in the union and elsewhere. The recent history of our continent has shown how crucially important each of these objectives is to the wellbeing of the people of Europe. Damage to the global economy has resulted in very real detriment and hardship to millions of Europeans. International terrorist atrocities have been and continue to be perpetrated in many Member States of the European Union. There are many who experienced the corrosive effects of widespread state surveillance upon their private lives and society in general who regard preservation of the right to privacy, includ[ing] data protection, as fundamental to a democratic society. In a democratic society, a balance must be struck between these competing concerns, interests and values. Not every State will strike the same balance” (see paras. 45–47 of the decision).

  183. 183.

    See, on this, Whitman (2004).

  184. 184.

    See the Ordonnance de référé rendered by the Tribunal de Grande Instance de Paris on 22 May 2000, available at http://juriscom.net/2000/05/tgi-paris-refere-22-mai-2000-uejf-et-licra-c-yahoo-inc-et-yahoo-france/.

References

  • Carrascosa González J (2015) The Internet – privacy and rights relating to personality. Recueil des Cours de l’Académie de La Haye de Droit International 378:267 ff.

    Google Scholar 

  • de Lima Pinheiro L (2015) Direito Internacional Privado, vol II, 4th edn. Almedina Coimbra

    Google Scholar 

  • de Miguel Asensio P (2015) Derecho Privado de Internet, 5th edn. Madrid

    Google Scholar 

  • de Miguel Asensio P (2019) Ámbito espacial del derecho al olvido: las conclusiones en el asunto C-507/17, Google. La Ley Unión Europea 67:1

    Google Scholar 

  • de Vasconcelos Casimiro S (2014) O direito a ser esquecido pelos motores de busca: o Acórdão Costeja. Revista de Direito Intelectual 2:307

    Google Scholar 

  • Dias Oliveira E (2011) Da responsabilidade civil extracontratual por violação de direitos de personalidade em Direito Internacional Privado. Coimbra

    Google Scholar 

  • Eberle EJ (2001) The right to information self-determination. Utah Law Rev 965

    Google Scholar 

  • Edgar TH (2017) Beyond Snowden: privacy, mass surveillance and the struggle to reform the NSA. Washington

    Google Scholar 

  • Esplugues C, Iglesias JL, Palao G (2011) Application of foreign law. Munich, Sellier

    Google Scholar 

  • Fentiman R (2017) Forum non conveniens. In: Encyclopedia of private international law, vol 1. Edward Elgar, Cheltenham

    Chapter  Google Scholar 

  • Fried C (1968) Privacy. Yale Law J 77:475

    Article  Google Scholar 

  • Hoeren T (2018) Internetrecht. De Gruyter, Berlin

    Google Scholar 

  • Kuipers JJ (2017) Personality rights. In: Encyclopedia of private international law, vol 2. Edward Elgar, Cheltenham

    Chapter  Google Scholar 

  • Larenz K, Wolf M (2004) Allgemeiner Teil des Bürgerlichen Rechts, 9th edn. C.H. Beck, Munich

    Google Scholar 

  • Menezes Cordeiro A (2011) Tratado de Direito Civil, vol IV, Pessoas, 3rd edn

    Google Scholar 

  • Mota Pinto P (2018) O direito à reserva sobre a intimidade da vida privada. In: eiusdem, Direitos de Personalidade e Direitos Fundamentais. Estudos, Coimbra

    Google Scholar 

  • Moura Vicente D (2005) Problemática Internacional da Sociedade da Informação. Coimbra

    Google Scholar 

  • Orrù E (2017) Minimum harm by design: reworking privacy by design to mitigate the risks of surveillance. In: Data protection and privacy: (in) visibilities and infrastructures, Law governance and technology series, vol 36, p 107

    Google Scholar 

  • Post RC (2001) Three concepts of privacy. Georgetown Law J 89:2087

    Google Scholar 

  • Prosser WL (1960) Privacy. Calif Law Rev 48:383

    Article  Google Scholar 

  • Rubenfeld J (1989) Right to privacy. Harv Law Rev 102:737

    Google Scholar 

  • Sousa Pinheiro A (2015) Privacy e proteção de dados: a construção dogmática do direito à identidade informacional. Lisbon

    Google Scholar 

  • Strömholm S (1967) Right of privacy and rights of the personality: a comparative survey. Stockholm

    Google Scholar 

  • van der Sloot B (2017) Legal fundamentalist: is data protection really a fundamental right? In: Data protection and privacy: (in) visibilities and infrastructures, vol 36, Law governance and technology series, p 3

    Google Scholar 

  • van der Sype YS, Guislan J, Seigneur JM, Titi X (2017) On the road to privacy – and data protection – friendly security technologies in the workplace – a case-study of the MUSES risk and trust analysis engine. In: Data protection and privacy: (in) visibilities and infrastructures, Law governance and technology series, vol 36, p 241

    Google Scholar 

  • Warren S, Brandeis L (1890) The right to privacy. Harv Law Rev 4:193

    Article  Google Scholar 

  • Whitman JQ (2004) The two western cultures of privacy: dignity versus liberty. Yale Law J 113:1151

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Lisbon, Lisboa, Portugal

    Dário Moura Vicente & Sofia de Vasconcelos Casimiro

  2. Portuguese Military Academy, Lisboa, Portugal

    Sofia de Vasconcelos Casimiro

Authors
  1. Dário Moura Vicente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sofia de Vasconcelos Casimiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Dário Moura Vicente or Sofia de Vasconcelos Casimiro .

Editor information

Editors and Affiliations

  1. Law School, University of Lisbon, Lisbon, Portugal

    Dário Moura Vicente  & Sofia de Vasconcelos Casimiro  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Moura Vicente, D., de Vasconcelos Casimiro, S. (2020). Data Protection in the Internet: General Report. In: Moura Vicente, D., de Vasconcelos Casimiro, S. (eds) Data Protection in the Internet. Ius Comparatum - Global Studies in Comparative Law, vol 38. Springer, Cham. https://doi.org/10.1007/978-3-030-28049-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-28049-9_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-28048-2

  • Online ISBN: 978-3-030-28049-9

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation