You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.2: Study on Privacy in Business Processes by Identity Management > 
Privacy and Data Protection in Business Processes  Title:
 Personalised Profiles and the Need for ‘Ambient Law’


Privacy Aspects

Privacy applies to various aspects of an individual. The Privacy and Human Rights 2005 report of the Electronic Privacy Information Center and of Privacy International (EPIC, 2006) divides the term of privacy into the following four areas:

  1. Location-related privacy: This aspect concerns intrusions into the individual’s privacy within specific environments, e.g. his own living area, place of work and publicity and sets limits to their intrusion. Examples of such intrusions are video surveillance and identity establishment by means of personal identity cards.

  2. Body privacy: The aspect of body privacy concerns the protection of the physical person against undesirable intervention, e.g. gene analysis, medication tests and the taking of blood samples.

  3. Private communication relationships: This aspect concerns a secure and private communication of any kind, whether it is by letter post, telephone or email.

  4. Private data: This aspect concerns the development and enforcement of rules for the collection and processing of personal data. These rules are summarised under data protection.

The following work focuses on private data. 

The term privacy has a varying significance depending on the view of the individual and activities with data about him (Solove, 2006a) and in various environments in which the individual moves. In addition, it has changed during the course of time due to grand circumstances (cf. the introduction of a legal force for the avengement of violation towards the individual through the Justice of the Peace Act 1361 (Moir, 1969) and the speech of the English parliamentarian and later Prime Minister William Pitt in 1765 about the privacy of the individual in his house or dwelling place  (Pitt, 1765)), in 1948 the admittance of the protection of privacy into the human rights through the United Nations (United Nations, 1948) and above all since 1890 through the technical development (cf. the undesirable acceptance of photos of persons and their unconsented publication (Waren and Brandeis, 1890)). Particularly the technical development through to electronic data processing, starting from a central processing in computer centres through to a decentral processing in client-server architectures and their networking via the Internet up to ubiquitous computing has changed the term of privacy by way of informational self-determination (Westin, 1967; German Federal Constitution Court, 1983) through to present-day data protection laws and directives (European Commission, 1995; German Federal Government, 2001; European Commission, 2002), which ultimately provide protection principles for the processing of personal data (Roßnagel, 2005).

William Pitt regarded an individual’s affairs in his own home as privacy affairs which had to be protected from the king, i.e. the force of the state and to which he should have no access: “The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail; its roof may shake; the wind may blow through it; storm may enter; the rain may enter — but ” (Pitt, 1765).

Samuel D. Warren and Louis D. Brandeis, a later federal judge of the United States of America saw a privacy intrusion due to the technical developments, such as, amongst others, instant photos and their commercial use in daily newspapers which happens without the consent of the person photographed however and therefore with possible accompanying impairment of their reputation. For the term of privacy, they take up the expression of “right to be let alone” and with it specifies the protection against an undesirable intrusion into the privacy of the individual (Warren and Brandeis, 1890).

The General Assembly of the United Nations sees a human right in the protection of privacy and lays this out in its declaration (United Nations, 1948) as an ideal of the member states to be striven for and guaranteed. In addition to the private dwelling, privacy also applies to the communication of the individual, to his honour and his reputation. The spread of privacy is therefore extended to the relationships of the individual with other persons and to his appearance. 

Privacy as Informational Self-determination

With the start of electronic data processing for societal purposes, e.g. for a census, and economic purposes, e.g. end customer governing of a business venture, a more simple combination of data, i.e. a profile generation of the individual and a more rapid analysis of the profiles generated compared to a manual one through the computing power available becomes possible. Accompanying this is the low control of the individual over the collection, processing, storage and transmission of the data collected (Henderson, 1999). There is now the danger of the inappropriate collection of personal data, its abuse, e.g. for advertising purposes and for identity theft. With an identity theft, another person acts with the identity of another person but without the consent of the person concerned. Furthermore, there is the danger that decisions such as on creditworthiness and entry into a state are met exclusively on the basis of the collected data. 

In view of the spread of electronic data processing, the information flow of personal data was included in the term of privacy by Alan Westin: “Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (Westin, 1967). The protection of personal data for its collection and use was specified in 1983 under the concept of informational self-determination for the first time by the German Federal Constitutional Court in the so-called “census judgment“ and established as a basic right: “Under the terms of modern data processing, the protection of the individual against unlimited collection, storage, use and transmission of his personal data is covered by the general personal rights of Art.2 paragraph. 1 Basic Constitutional Law in connection with Art.1 paragraph. 1 Basic Constitutional Law. The basic right insofar guarantees the power of the individual to basically determine for himself about the disclosure and usage of his personal data” (German Federal Constitution Court, 1983). This judgment however limits the right to informational self-determination, if there is a vast general interest for the limitation.

Privacy by Data Protection

The named technical development threats through to electronic data processing with regard to informational self-determination led to the German and European Data Privacy Laws (cf. (Roßnagel, 2005)). The general basic principles of the Data Privacy Law that are transcribed in the European Data Privacy Directive 95/46/EC (European Commission, 1995) which was extended for a general electronic communication through the European Data Privacy Directive 2002/58/EC (European Commission, 2002), and in the German Federal Data Protection Act (German Federal Government, 2001), are: 

  1. Transparency of data processing through briefing and notification of the person concerned, 

  2. Necessity of the data collected for a certain purpose, 

  3. Restriction of data processing to a certain purpose, 

  4. Correction rights of the person concerned on the required data and the processing phases, 

  5. Data avoidance and economy, 

  6. Data protection through technology, and 

  7. Implementation control through a data protection representative. 

The minimal principles for privacy protection found in the named Data Privacy Directive of the European Union originate from the Fair Information Practices. These principles were first published in the United States Departments for Health Education and Welfare (HEW) report and were incorporated in the US Privacy Act of 1974 (cf. (Smith, 1993)). The five principles of Fair Information Practices are:

  1. Collection limitation: No secret system for collecting personal data may exist.

  2. Disclosure: A person must have the possibility to look at the profile generated on him and its use.

  3. Secondary Usage: It must be possible for a person to prevent the use of his profile for other purposes if he does not agree with the intended use.

  4. Record correction: It must be possible for a person to correct or add to a profile with personal data generated about him.

  5. Security: An organisation that generates, maintains, uses or spreads personal data must, on the one hand, ensure that this data is used for the intended purpose and, on the other hand, take precautionary measures to avoid an abuse of the data.

These five principles were accepted by the Organisation for Economic Cooperation and Development (OECD) and standardised in the form of eight principles for the protection of privacy in cross-frontier data exchange through the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 1980). This involves the following principles:

  1. Collection Limitation Principle: The range of the profile generated should suit its purpose of use. Data collection should take place with legal means and with the knowledge or consent of the person involved.

  2. Data Quality Principle: The data collected should be related to the purpose and be necessary. Furthermore, it should be correct, complete and up-to-date.

  3. Purpose Specification Principle: The purpose of the collection of personal data should be specified at the point in time of collection at the latest. If the purpose of use changes, this change should also be specified. In addition, further use of the data collected for fulfilling this purpose or equivalent purposes should be restricted.

  4. Use Limitation Principle: Personal data may not be published, made available or in any way used for purposes other than those specified. An exception to this is if the owner of this data has agreed to it or in the case of a judicial authority.

  5. Security Safeguards Principle: Personal data should be protected by suitable security measures from unintentional loss and unauthorised access, obliteration, use, modification and publication.

  6. Openness Principle: There should be a general policy of openness that gives information about the developments, practices and guidelines of the organisation with relation to the personal data collected by it. Means should be available to the individual with which he can determine the existence and motive for the data collection, the main purposes of use of the collected data and the data protection representation of this organisation.

  7. Individual Participation Principle: An individual should have the right

    1. to learn from a data protection representative of an organisation whether and, as the case may be, which personal data has been collected about him by the organisation,

    2. to be informed about the data collected within a suitable time, possibly for a not too exorbitant fee, in a suitable way and in a form comprehensible to him, 

    3. to receive a reason if one of the above two requests have been rejected and be able to contest such a rejection, and 

    4. to challenge a collection of data and, if the challenge has been successful, arrange the erasure, correction, completion or modification of the profile. 

  8. Accountability Principle: A data protection representative should guarantee the observance of the means with which these principles are executed.


Privacy and Data Protection in Business Processes  fidis_wp14_d14.2-study_on_privacy_in_business_processes_by_identity_management-v09_02.sxw  Personalised Profiles and the Need for ‘Ambient Law’
13 / 38