No right to derogation
4 min to read

No right to derogation

Date
May 22, 2016

There has been a lot of talk about the extended rights of the new General Data Protection Regulation (“GDPR”) for individuals and the possibility to better control personal data. But no right without exceptions and in some cases it is possible to derogate from these rights. This post describes some of the derogations and what they may imply in practice.

The balancing act

Generally speaking, all legislation originates from a balancing act between various considerations. The same applies for legislation on protection of personal data.
As a matter of fact, the legislation on personal data originates from a balancing act between the consideration for safeguarding privacy on the one hand and on the other hand, the consideration for other fundamental rights, including freedom of expression and information and freedom to conduct business etc. Depending on the nature of the personal data, and what it is to be used for, the access to processing the data is restricted.

The right not to be forgotten

The consideration for the freedoms of expression and information is particularly important among the opposite considerations, and it is mentioned several times in the GPDR, e.g. in connection with the right to be forgotten.

An example could be an artist who, as part of his new political provocative work of art, uses old newspaper clippings in which several individuals are named. The individuals strongly disapprove of the work of art as they do not identify with its political statement and consequently they want to exercise their right to be forgotten. In this case, enforcing the right will imply that the names of the individuals were to be erased or blurred which would reduce the artistic merit considerably and consequently limit the freedom of expression of the artist. It is impossible to clearly foresee outcome of such balancing act because it is subject to a concrete judgement that must consider all the facts of the case. Sometimes the consideration for the freedom of expression of the artist outweighs the right of privacy of the individuals and sometimes it is vice versa.

Similar derogations include that the right to access can be derogated from if the right could violate the rights or freedom of other individuals e.g. in a situation where the right to access would imply propounding a patented invention of a third party.

More potential derogations

Moreover, the GPDR prescribes a general access to derogate from the rights of the individuals for the member states if it is necessary for the purposes of public safety, investigating criminal offences and safeguarding general public interests (e.g. budgetary and taxation matters, public health and social security). However, the possibility to introduce broad derogations is subject to strict criteria with regard to the protection of the rights and freedom of the individuals and may not be more extensive than required to fulfil the purpose.

Furthermore, the GDPR allows the member states to introduce national derogations from the rights of the individuals specifically with the purpose of protection the right of freedom of expression and information, including particularly in relation to journalistic, academic, artistic and literary activity.

The balancing by member states with respect to freedom of expression and information may very well result in varying legal status within the member states. This in particular could lead to challenges for international companies with regard to cross-border processing of personal data, e.g. via the internet.

Unpredictable legal status

On a general level, it may be difficult for individuals to predict their legal status in consequence of the derogations. First of all because it will always rely on a concrete balancing of relevant considerations and secondly because it often is unclear where your data may end up and in which contexts it is used (particularly via the internet) and thirdly because the derogations may vary from member state to member state.

(I would like to thank my Bird & Bird colleagues, student assistant Mathias Bartholdy, junior associate Amalie Langebæk and associate Kamilla Pierdola Mondrup, for assisting with this blog entry.)

Share
Written by
Martin von Haller
Martin von Haller
Martin is recognised for his solid legal skills and as an innovative thought leader and strategist within the IT industry. He is a partner in Bird & Bird's International Tech and Comms Group and is based in Denmark. Martin is one of Denmark’s leading IT lawyers with almost 20 years’ experience of advising Danish and international organisations, including large blue chip companies on legal and commercial matters in connection with IT in a wide sense. He is considered a pioneer with respect to legal aspects of Online Technology Solutions (Ecommerce, internet and web services), Cyber and IT security, open source and open data and use of other open licence forms such as Creative Commons.
Related articles
Recent initiatives impacting the digital sector
Recent initiatives impacting the digital sector
Recent months have seen a veritable flurry of legislative, regulatory and soft law initiatives and proposals. The measures often tackle similar sectors – all things digital often being in the eye of the...
The EU considers allowing collective bargaining for gig workers
4 min to read
March 09, 2021
The EU considers allowing collective bargaining for gig workers
Over the past years, the EU institutions have shown quite some attention to the position of workers in the so-called gig or peer economy, despite the limited legislative authority of the EU in the area...
Bird & Bird Space & Satellite Bulletin: January 2021
2 min to read
January 31, 2021
Bird & Bird Space & Satellite Bulletin: January 2021
Bird & Bird’s international space and satellite activities sector group has published its latest International Space and Satellite Bulletin, which can be accessed following the link provided below....
Dutch competition authority focuses supervision on algorithmic applications
1 min to read
January 21, 2021
Dutch competition authority focuses supervision on algorithmic applications
On 10 December 2020, the Dutch Authority for Consumers & Markets ("ACM") published its position paper on the supervision of algorithmic applications (Position Paper on Supervision...
Cookies
We use analytics cookies to help us understand if our website is working well and to learn what content is most useful to visitors. We also use some cookies which are essential to make our website work. You can accept or reject our analytic cookies (including the collection of associated data) and change your mind at any time. Find out more in our Cookie Notice.