Digital multi-media and the limits of privacy law.

AuthorLipton, Jacqueline D.
PositionSomebody's Watching Me: Surveillance and Privacy in an Age of National Insecurity

While digital video and multi-media technologies are becoming increasingly prevalent, existing privacy laws tend to focus on text-based personal records. Individuals have little recourse when concerned about infringements of their privacy interests in audio, video, and multi-media files. Often people are simply unaware that video or audio records have been made. Even if they are aware of the existence of the records, they may be unaware of potential legal remedies or unable to afford legal recourse. This paper concentrates on the ability of individuals to obtain legal redress for unauthorized use of audio, video, and multi-media content that infringes their privacy. It focuses on an analysis of the European Union Data Protection Directive. The Directive is one of the most comprehensive digital age legal reforms to address information privacy. Yet even the Directive suffers from shortcomings when applied to audio, video, and multi-media records. The author argues that global law reform is needed to bring privacy law into the age of digital video and multi-media.

  1. INTRODUCTION II. FRAMEWORK OF THE DATA PROTECTION DIRECTIVE A. Personal Data B. Information Processing C. Exceptions to the Operation of the Directive 1. Copyright and freedom of expression 2. Personal or household use 3. National security III. CONCLUSIONS: LESSONS LEARNED FROM THE DIRECTIVE I. INTRODUCTION

    This paper focuses on difficulties of applying existing privacy laws to digital multi-media files. There are a number of digital file formats, including still images, audio recordings, video recordings, and combinations of these formats in the form of digital multi-media files. Some of the controversial issues surrounding digital multi-media files include the unauthorized gathering of data, as well as the unauthorized use of data, say, in the context of dissemination, analysis, or profiling activities. Historically, laws in many jurisdictions have treated unauthorized gathering and usage differently. Laws have tended to focus either on information gathering or on information dissemination or use. (1) Many legislatures have historically been concerned with intrusive information gathering practices rather than with subsequent uses of the information gathered. (2) Nevertheless, recent laws in some jurisdictions have treated the two kinds of conduct as occurring on a continuum. (3) Conceiving of these activities on a continuum makes sense given that much new digital technology enables gathering and dissemination to occur almost simultaneously at the push of a button.

    The ability of new digital devices such as cell phone cameras to transmit information wirelessly and globally raises important new challenges for privacy laws. Even laws such as the European Union Data Protection Directive (Directive), drafted in the mid-1990s, now seem dated. When the Directive was drafted, policy makers were predominantly concerned with regulating text-based information rather than other formats of information, although they did contemplate the likely future rise in uses of "sound and image" data. (4) In the 1990s, the Internet and associated technology were in their relative infancy. System constraints--such as limited bandwidth--effectively restricted the amount and type of information that could be easily gathered, stored, and disseminated. As the technology developed, and bandwidth increased, so did the possibility of much more sophisticated transactions and transmissions of digital information in a variety of formats. This variety of formats raises new challenges for laws such as the Directive, and even for the privacy protections in the European Convention on Human Rights (ECHR). (5)

    This paper takes as a case study the limitations of the Directive in protecting privacy interests in audio, video, and multi-media content. Part II examines the key provisions of the Directive that define and describe prohibited activities with respect to personal information. These provisions include the Directive's definitions of personal data and data processing, as well as the available defenses under the Directive. Part III identifies lessons that may be drawn from the European Union's experience with the Directive for future global developments in privacy law. The rationale for taking the Directive as a case study is twofold. First, the Directive was aimed specifically at new developments in digital technology in the 1990s that affected personal data and data processing capabilities with respect to that data. Secondly, the Directive is one of the more comprehensive examples of data protection legislation in the modern world. Thus, any perceived shortcomings in the Directive will be instructive for future developments in privacy law in other countries.

  2. FRAMEWORK OF THE DATA PROTECTION DIRECTIVE

    1. Personal Data

      The Directive was implemented in 1995 to address perceived threats to individual privacy and autonomy as a result of disharmonized laws protecting individual privacy throughout the European Union. Member States' laws in the 1990s varied on the amount of protection provided to individuals, particularly as digital technologies became increasingly widespread. (6) The Directive aimed to ensure fair information gathering practices pertaining to individuals. (7) It also sought to ensure that individuals were able to access data gathered about them. (8) Some protected classes of information--such as information relating to race, health, sex life, and political opinions--were given greater protections than others. (9) In other words, a more stringent set of standards relating to the access and use of protected classes of information was put in place under the Directive. (10)

      Article 1(1) of the Directive sets out its key objective: "Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data." (11) The Directive is addressed to Member States, rather than citizens, because European Union directives operate as mandates to Member States to ensure that domestic laws comply with the requirements of the directive. The key terms in Article 1(1) for the purposes of this discussion are processing and personal data. If information is not personal data or is not being processed as contemplated by the Directive, the Directive will not apply. The question for the age of digital multi-media files is whether the concept of personal data processing contemplates now-common activities involving the gathering and dissemination of audio, image, video, and multi-media content in readily accessible and transmittable digital file formats.

      While personal data is defined broadly in the Directive as "any information relating to an identified or identifiable natural person," (12) the extent to which this definition extends beyond text-based records is open to question. (13) The recitals to the Directive illustrate that the question of the Directive's application to sound and image files, for example, was contemplated by the drafters, but that they were not necessarily sure how practices would develop with respect to these kinds of files. Recital 14 states that: "[G]iven the importance of the developments under way, in the framework of the information society, of the techniques used to capture, transmit, manipulate, record, store or communicate sound and image data relating to natural persons, this Directive should be applicable to processing involving such data." (14) The recital suggests that at least audio files and still images were intended to be subject to the provisions of the Directive. However, the recital does not specifically contemplate multi-media files or video files in the sense of moving images--although the reference to image data may be intended to encapsulate both still and moving images. Likewise, the phrase sound and image data may have been intended to encapsulate multi-media file formats--that is, formats where sound and image data are combined.

      Recital 14 should be read in conjunction with Recital 17. The latter recital contemplates some limitations on the Directive's application to sound and image files in certain contexts. It states that:

      [A]s far as the processing of sound and image data carried out for purposes of journalism or the purposes of literary or artistic expression is concerned, in particular in the audiovisual field, the principles of the Directive are to apply in a restricted manner according to the provisions laid down in Article 9. (15) Article 9 deals with freedom of expression. It states that:

      Member States shall provide for exemptions or derogations from the provisions of [the Directive] for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression only if they are necessary to reconcile the right to privacy with the rules governing freedom of expression. (16) While Article 9 relates to personal data generally in the contexts of journalism and intellectual property, it is interesting that Recital 17 contemplates that audiovisual data should be given particular deference in this context. This makes sense given the need for print and broadcast media to rely on audio recordings and visual images in collecting information and for disseminating news stories in the digital age. There is also a reference to artistic and literary expression--clearly contemplating that audio and visual works are often the most important subjects of intellectual property protection, notably under copyright law. Nevertheless, it is interesting that the drafters of the Directive perceived a higher likelihood of a future clash between privacy and free speech in the audiovisual context than in the context of text records. It suggests an implicit focus of the Directive on commercial and governmental aggregations of text records which are less likely to be the direct subject of news reporting or...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT