Where is the Harm in a Privacy Violation? Calculating the Damages Afforded in Privacy Cases by the European Court of Human Rights

• Author: Bart van der Sloot
• Pages: 322-351

2017

Bart van der Sloot

322

4

Where is the Harm in a Privacy Violation?

Calculating the Damages Afforded in Privacy Cases by the

European Court of Human Rights

by Bart van der Sloot*

© 2017 Bart van der Sloot

Everybody may disseminate this ar ticle by electronic m eans and make it available for downloa d under the terms and

conditions of the Digital P eer Publishing Licence (DPPL). A copy of the license text may be obtain ed at http://nbn-resolving.

de/urn:nbn:de:0009-dppl-v3-en8.

Recommended citation: Ba rt van der Sloot, Where is the Harm in a Privacy V iolation? Calculating the Damages Afforded in

Privacy Cases b y the European Court of Human Rights, 8 (2017) JIPITEC 322 par a 1.

Keywords: Privacy; harm; damage; financial compensation; statistical analysis

the daily life of citizens on the corner of almost every

street? There has been a longstanding debate within

the literature regarding whether ‘dignitary’ or ‘imma-

terial’ harm should be protected under the right to

privacy. Or should only harm that can be measured

and quantified in monetary terms (economic harm)

be taken into account? This article takes a descriptive

and statistical approach to provide an insight into

what types of damages are awarded, how they are

calculated, and how the damages relate to the type

of harm that is inflicted. It does so by analysing the

damages awarded by the European Court of Human

Rights with respect to privacy violations.

Abstract: It has always been difficult to pin-

point what harm follows a privacy violation. What

harm is done by someone entering your home with-

out permission, or by the state eavesdropping on a

telephone conversation when no property is stolen

or information disclosed to third parties? The ques-

tion is becoming ever more difficult to answer now

that data gathering and processing initiatives have

grown and are no longer focused on specific indi-

viduals, but on large groups or society as a whole.

What specific harm is done by the NSA and other in-

telligence services gathering data on almost every-

one or by the thousands of CCTV cameras registering

A. Introduction

1

In the eld of privacy, the notion of harm has

always been problematic as it is often difcult to

substantiate the harm a particular violation has

caused, e.g. what harm follows from entering a home

or eavesdropping on a telephone conversation as

such when neither objects are stolen nor private

information disclosed to third parties? Even so,

the traditional privacy violations (house searches,

telephone taps, etc.) were often clearly demarcated

in time, place, and person, and the effects are

therefore relatively easy to dene. In the current

technological environment with developments such

as Big Data, however, the notion of harm is becoming

increasingly problematic.1 Often, an individual is

* Senior Researcher at the Tilburg Institute for Law,

Technology, and Society (TILT), Tilburg University,

Netherlands.

simply unaware that his personal data are gathered

by either his fellow citizens (e.g. through the use

of smartphones), by companies (e.g. by tracking

cookies), or by governments (e.g. through covert

surveillance). And if an individual does go to court to

defend his rights, he has to demonstrate a personal

interest, i.e. personal harm, which is a particularly

problematic notion in Big Data processes, e.g. what

concrete harm has the data gathering by the National

Security Agency (NSA) done to an ordinary American

or European citizen?2

1 The standard work on harm: J. Feinberg, ‘Harm to Others’,

Oxford University Press, Oxford, 1984. J. Feinberg, ‘Offense

to Others’, Oxford University Press, Oxford, 1985. J.

Feinberg, ‘Harm to self’, Oxford University Press, Oxford,

1986. J. Feinberg, ‘Harmless Wrongdoing’, Oxford University

Press, Oxford, 1988.

2 B. van der Sloot, ‘Privacy as virtue’, Intersentia, Alphen aan

de Rijn, 2017.

Where is the Harm in a Privacy Violation?

2017

323

4

2

This example shows the fundamental tension

between the traditional legal and philosophical

discourse and the new technological reality – while

the traditional discourse is focused on individual

rights and individual interests, data processing often

affects a structural and societal interest and in many

ways transcends the individual. This article will

analyse how the European Court of Human Rights

(ECtHR) determines harm and compensation for

harm with respect to infringements on the right to

privacy as entailed in the European Convention on

Human Rights (ECHR), Article 8: ‘1. Everyone has the

right to respect for his private and family life, his

home and his correspondence. 2. There shall be no

interference by a public authority with the exercise

of this right except such as is in accordance with

the law and is necessary in a democratic society

in the interests of national security, public safety

or the economic well-being of the country, for the

prevention of disorder or crime, for the protection of

health or morals, or for the protection of the rights

and freedoms of others.’3

3 In order to gain such insights, a number of factors

have been distinguished.4 First, it is important that

under the ECHR, the European Court of Human

Rights (ECtHR) may grant three types of damages.

First, compensation may be granted for the costs

of the legal procedure itself – lawyers, travel costs,

gathering documents, etc. Second, the Court may

award damages for direct, material harm. For

example, due to a privacy violation, a person has

lost his job; or, when the police raids the home of a

person without a warrant, they destroy a number of

items in that home or damage the property. In such

cases, nancial compensation may be awarded to

the victim in the form of pecuniary damages. Third,

the ECtHR may award non-pecuniary damages, for

what could be qualied as dignitary harm. Examples

may be the very fact that the state or governmental

ofcial obtained certain personal information,

even though that information has not been used or

abused; or, the bodily or psychological integrity of

a person is violated.

4

This article shows four things in particular. First,

that the privacy approach under the European

Convention on Human Rights stands in contrast with

other jurisdictions, such as the American example,

where privacy is mainly protected through tort

law and applied primarily in horizontal relations.

5

3 echr.coe.int/Documents/Convention_ENG.

pdf>.

4 This article is the rst output which will result in a book;

the explicit goal is to gather comments and suggestions on

the approach, methodology and results that are produced.

The database is still preliminary and may contain marginal

errors, which will nevertheless unlikely have a substantial

impact on the gures featured.

5 J. Q. Whitman, ‘The Two Western Cultures of Privacy:

Although tort law can in principle be used to award

damages for dignitary harm, mostly, there has been

a tendency in the United States to focus on material

damages.6 Under the European Convention on Human

Rights, privacy is not approached as a concept that

plays a role in horizontal relationships (for example

between a consumer and a company), but in vertical

relationships (between a citizen and a state). Privacy

is approached as a human right, which the Court

stresses is a concept that protects the autonomy,

dignity, and personality of citizens.7 Consequently,

an analysis of the case law of the European Court

of Human Rights shows how immaterial damages

are calculated and in which types of cases they are

granted.

5

Second, under Article 8 ECHR, different types of

privacy are provided protection. The provision

contains four concepts, namely private life, family

life, home, and correspondence. Correspondence

relates, for example, to the secrecy of letters and

the freedom from eavesdropping on telephone

conversations.

8

The protection of the home, protects

citizens from states and governmental ofcials

entering their home without a warrant.9 Family life

refers to the sanctity of the relationship between

children and parents in particular, but may have a

larger scope depending on the context. This concept

protects, inter alia, against children being placed out

of home, when that is not absolutely necessary. It

also entails that parents should always be allowed

to see their children, even, for example, when they

are in prison.10 The notion of private life is the

broadest of all – which will be explained in more

detail below – and refers to concepts such as bodily

integrity, the protection of one’s personality and

one’s reputation.11 Finally, a new type of privacy has

been developed by the ECtHR, which is economical

privacy. This concept plays a role when material

harm is inicted, such as when the home is destroyed

by an army, when property is conscated, or when

someone is red from work.

Dignity Versus Liberty’ (2004) 113 The Yale Law Journal.

6 P. M. Schwartz & D. Solove, ‘Reconciling Personal

Information in the United States and European Union’,

California Law Review, 102, 2013.

7 B. van der Sloot, ‘Privacy as human ourishing: could a shift

towards virtue ethics strengthen privacy protection in the

age of Big Data?’, JIPITEC, 2014-3, p. 230-244.

8 .

9 echr.coe.int/Documents/Admissibility_

guide_ENG.pdf>.

10 echr.coe.int/Documents/Admissibility_

guide_ENG.pdf>.

11 B. van der Sloot, ‘Privacy as personality right: why

the ECtHR’s focus on ulterior interests might prove

indispensable in the age of Big Data’, Utrecht Journal of

International and European Law, 2015-80, p. 25-50.