Most people in Europe agree that the protection of personal data is an important issue. And for once the European Union agrees with its people and makes data protection an affair of state – of the member states, to be precise. Neither the government nor private companies are allowed to deal irresponsibly with our data and are to be supervised by independent authorities, so it has been proclaimed in directive 95/46/EC as early as 1995. But can data protection really be properly enforced by the state? I beg to differ and this time I’m backed up by the people at the very top: the European Court of Justice!
In May of this year, the Grand Chamber of the ECJ dismissed the German system of data protection and supervisory authorities as violating the requirements of the directive (Case C-518/07). The Germans of all people, the European stereotype of tidiness and adhering to rules! The court decided that their supervision of private companies’ data protection failed to be completely independent because it is subject to state scrutiny, even though article 28(1) of the directive states otherwise.
Let’s not even try to cut yet another Gordian knot the Commission has tied for the member states. On the one hand the government is responsible for setting up data protection mechanisms, but on the other hand it is not allowed to influence them? Who, in the opinion of EU institutions, should set up and fund those institutions? It is an inconvenient truth that funding and control are often interrelated.
There is, however, a possible explanation for the paradoxes of the Commission in this matter: calling for the government to ensure data protection for private companies such as Google, Facebook and Twitter is the simple solution to a complicated problem. I have heard people going to great depths about obscure foolproof data protection mechanisms the law should provide. To me they sound a bit like children who are not yet ready to assume responsibility for their own actions. Because in the end there is only one foolproof plan: don’t give away your data!
If you want to be safe from the evil corporate world of web 2.0 you have to commit web suicide and rediscover the joys of the real world (yes, I am aware of the fact that I am writing for an online magazine, thank you). Don’t get me wrong. There certainly are data protection mechanisms the government can put into effect. But they can never be as effective as we can be ourselves. To put this lesson in general terms: if you want your government to assume responsibility, you have to do the same – don’t look for magical authorities!