The Right to Privacy and the Obligation to Transfer and Authenticate Personal Data through the Internet: Conflicting Issues
Abstrakt
Contemporary legal and commercial solutions practised by various types of businesses are associated with a definition of precisely specified obligations imposed on the actors of the indicated activities (natural persons, legal persons and other legal entities). This also includes an obligation to perform specific actions only (or in parallel) electronically, including the implementation and application of top-down (authoritative) authentication processes, defined by legislation and by commercial entities. In practice, there is a lot of controversy concerning both the necessity of such solutions and the definition of the nature and scope of protection of the rights of individuals who are obliged to transfer certain information in this way. This is not only about minimizing the possible liability of the specific actor who obtains this type of data (the administrative body, institution or entity, e.g. an entrepreneur) for its loss and/or improper use, but in general about justifying the necessity of this type of obligation. Analysis of these issues will be presented as part of a substantive study considered in the light of limits for protecting the right to privacy.Bibliografia
Avgerou, C., & Madon, S. (2005). Information society and the digital divide problem in developing countries. In J. Berleur & C. Avgerou (Eds.), Perspectives and policies on ICT in society (pp. 205–218). Springer. http://eprints.lse.ac.uk/2576/1/Information_society_and_the_digital_divide_problem_in_developing_countries_(LSERO).pdf
de Andrade, N. N. G. (2011). Data protection, privacy and identity: Distinguishing concepts and articulating rights. In S. Fischer-Hübner, P. Duquenoy, M. Hansen, R. Leenes, & G. Zhang (Eds.), Privacy and identity management for life (pp. 90–107). Springer. https://doi.org/10.1007/978–3-642–20769-3_8
de Gregorio, G. (2022). Digital constitutionalism in Europe: Reframing rights and powers in the algorithmic society. Cambridge University Press.
Dunaj, K. (2023). Unijne standardy ochrony prawa do prywatności w obszarze cyberbezpieczeństwa, Kwartalnik Prawa Międzynarodowego, 3, pp. 17–19.
Eskens, S. (2020). The personal information sphere: An integral approach to privacy and related information and communication rights. Journal of the Association for Information Science and Technology, 71(9), 1116. https://doi.org/10.1002/asi.24354
ETSI. (2023). Group report. Securing artificial intelligence (SAI): Automated manipulation of multimedia identity representations (ETSI GR SAI 011 V1.1.1 (2023–06)). ETSI. https://www.etsi.org/deliver/etsi_gr/SAI/001_099/011/01.01.01_60/gr_SAI011v010101p.pdf
European Commission. (2021, 21 April). Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021)206 final. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0206
European Data Protection Supervisor. (2024, 24 January). Opinion 8/2024 on the proposal for a regulation amending Regulation (EU) 2021/1232 on a temporary derogation from certain eprivacy provisions for combating CSAM. https://www.edps.europa.eu/system/files/2024–01/2023–1261_d0219_opinion_en.pdf
European Parliament and European Council. (2016, 27 April). Regulation (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data and Repealing Directive 95/46/EC (O. J. L 119, 2016).
European Parliament and European Council. (2016, 6 July). Directive EU 2016/1148 on Measures for a High Common Level of Security of Networks and Information Systems within the Union (O. J. L. 194, 2016).
European Parliament and European Council. (2016, 26 October). Directive (EU) 2016/2102 on the Accessibility of Websites and Mobile Applications of Public Sector Bodies (O. J. L 327, 2016).
European Parliament and European Council. (2022, 14 December). Directive (EU) 2022/2555 on Measures to Promote a High Common Level of Cyber-Security within the Union, Amending Regulation (EU) no. 910/2014 and Directive (EU) 2018/1972 and Repealing Directive (EU) 2016/1148 (NIS Directive 2) (O. J. L. 333, 2022).
European Parliament and European Council. (2022, 14 December). Regulation (EU) 2022/2554 on Operational Digital Resilience of the Financial Sector and Amending Regulations (EC) no. 1060/2009, (EU) no. 648/2012, (EU) no. 600/2014, (EU) no. 909/2014 and (EU) 2016/1011.
European Parliament and European Council. (2023, 31 May). Regulation (EU) 2023/1114 on Cryptocurrency Markets and Amending Regulations (EU) no. 1093/2010 and (EU) no. 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937.
European Parliament. (2021, April 22). Shaping the digital transformation: EU strategy explained. https://www.europarl.europa.eu/topics/en/article/20210414STO02010/shaping-the-digital-transformation-eu-strategy-explained
European Union Agency for Fundamental Rights. (2015). Surveillance by intelligence services: Fundamental rights safeguards and remedies in the European Union. https://fra.europa.eu/sites/default/files/fra_uploads/fra-2015-surveillance-intelligence-services-summary_en.pdf
Grzelak, A., & Zielińska, K. S. (2021). Między prawem do prywatności i ochrony danych osobowych a zapewnieniem bezpieczeństwa publicznego i walką z przestępczością. Problemu retencji danych ciąg dalszy – glosa do wyroków Trybunału Sprawiedliwości z 06.10.2020 r.: C 623/17, Privacy International, oraz w sprawach połączonych C-511/18, C-512/18, C-520/18, La Quadrature du Net i in. Europejski Przegląd Sadowy, 7, 26–36.
Hill, K. (2023). Your face belongs to us: The secretive startup dismantling your privacy. Simon & Schuster.
Jabłonowska, A., & Tagiuri, G. (2023). Rescuing transparency in the digital economy: In search of a common notion in EU consumer and data protection law. Yearbook of European Law, 42, 347–387.
Jabłoński, M., & Węgrzyn, J. (2023). Consumer protection in the EU law and the constitution of the Republic of Poland: General comments. In J. Cremades & C. Hermida (Eds.), Encyclopedia of contemporary constitutionalism (pp 2–14). Springer.
Judgment of the CJEU of 9 November 2010 on the case of Volker und Markus Schecke, C 92/09.
Judgment of the CJEU of 4 April 2014 on the joined cases of Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources, Minister for Justice, Equality and Law Reform, Commissioner of the Garda Síochána, Ireland, the Attorney General, C 293/12, and Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and Others, C 594/12.
Judgment of the CJEU of 21 December 2016 on the joined cases of Tele2 Sverige AB v. Post – och telestyrelsen and Secretary of State for the Home Department v. Tom Watson, Peter Brice, Geoffrey Lewis, C 203/15 and C 698/15.
Judgment of the CJEU of 6 October 2020 on the joined cases of La Quadrature du Net, French Data Network, Fédération des fournisseurs d’accès à internet associatifs, Igwan.net v. Premier ministre, Garde des Sceaux, Ministre de la Justice, Ministre de l’Intérieur, Ministre des Armées oraz Ordre des barreaux francophones et germanophone, Académie Fiscale ASBL, UA, Liga voor Mensenrechten ASBL, Ligue des Droits de l’Homme ASBL, VZ, WY, XX v. Conseil des ministers, C 511/18, C 512/18 and C 520/18.
Judgment of the Polish Constitutional Tribunal of 9 July 2009, no. SK 48/05.
Judgment of the Polish Constitutional Tribunal of 26 February 2014, no. K 22/10.
Judgment of the European Court of Human Rights of 2 August 1984 on the case of Malone v. UK, application no. 8691/79.
Judgment of the European Court of Human Rights of 16 December 1992 on the case of Niemietz v. Germany, application no. 13710/88.
Judgment of the European Court of Human Rights of 16 February 2000 on the case of Amann v. Switzerland, application no. 27798/95.
Judgment of the European Court of Human Rights of 4 May 2000 on the case of Rotaru v. Romania, application no. 28341/95.
Judgment of the European Court of Human Rights of 16 April 2002 on the case of Société Colas Est et al. v. France, application no. 37971/97.
Judgment of the European Court of Human Rights of 28 January 2003 on the case of Peck v. United Kingdom, application no. 44647/98.
Judgment of the European Court of Human Rights of 20 March 2007 on the case of Tysiąc v. Poland, application no. 5410/03.
Judgment of the European Court of Human Rights of 4 December 2015 on the case of Zakharov v. Russia, application no. 47413/06.
Judgment of the Polish Constitutional Tribunal of 19 February 2002, no. U 3/01.
Judgment of the Polish Constitutional Tribunal of 23 june 2009, no. K 54/07.
Judgment of the Polish Constitutional Tribunal of 22 july 2014 r., no. K 25/13.
Kuźnicka, D. (2017). Dyskryminacja w zakresie dostępu do informacji publicznej a widzialność stron internetowych administracji. Przegląd Prawa Konstytucyjnego, 38(4), 175–194. https://doi.org/10.15804/ppk.2017.04.09
Milczarek, E. (2020). Prywatność wirtualna. Unijne standardy ochrony prawa do prywatności w internecine. Beck.
Rise, M. (2018, May). Human rights and artificial intelligence: An urgently needed agenda [HKS faculty research working paper series RWP18–015], https://www.google.com/url?sa=t&
source=web&rct=j&opi=89978449&url=https://appext.hks.harvard.edu/publications/getFile.aspx%3FId%3D1664&ved=2ahUKEwiPteSAj7CQAxXyc_EDHSVmE8kQFnoECBYQAQ&usg=AOvVaw2Xau_yNlWokYm7Pjk7WqLq
Roagna, I. (2012). Protecting the right to respect for private and family life under the European Convention on Human Rights. Council of Europe, Strasbourg.
Safjan, M. (2014). O różnych metodach oddziaływania horyzontalnego praw podstawowych na prawo prywatne. Pańtwo i Prawo, 2, 3–33.
Supreme Court of the United States. (2018). Brief of Privacy International, human and digital rights organizations and international legal scholars as amici curie in support of respondent – United States v. Microsoft
Corp., 584 US, no. 17–12. https://www.supremecourt.gov/Docket-PDF/17/17–2/28354/20180118170547648_17
2%20USA%20v%20Microsoft%20Brief%20of%20Privacy%20International%20Human%20and%20Digital%20Rights%20Organizations%20and%20International%20Legal%20Scholars%20as%20Amici%20Curiae%20in%20Support%20of%20Respondent.pdf
Szurdi, J. (2020). Measuring and analysing typosquatting toward fighting abusive domain registrations [Doctoral dissertation, Carnegie Mellon University]. https://janos.szurdi.com/content/thesis/jszurdi-phd-thesis.pdf
van Dijk, J. (2005). The deepening divide: Inequality in the information society. Sage.
Webster, F. (2014). Theories of the information society (4th ed.). Routledge.
Yang, L., Li, J., Pricket, T., & Chao, F. (2019). Towards big data governance in cybersecurity. Data-Enabled Discovery and Applications, 3, 10. https://www.researchgate.net/publication/337692258_Towards_Big_data_Governance_in_Cybersecurity
