Its Place within Human Rights
Historical Dimension
The foundation of the European Union’s data protection policy is based on the right to privacy outlined in Article 8 of the European Convention on Human Rights, adopted in 1950. The Council of Europe has established the “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data,” taking into account changes in information technologies, the lack of clear boundaries in private life, and the limits of public authorities’ powers. Turkey signed this convention on January 28, 1981, ratified it on May 2, 2016, and it came into force on January 9, 2016. The convention particularly contains provisions aimed at protecting individuals’ fundamental rights and freedoms regarding personal data, especially concerning the right to privacy. Data protection represents a broader area related to privacy, while also indicating a specific area within the right to privacy. While the subject of data protection is related to fundamental rights and freedoms, it can sometimes fall outside the realm of privacy and private life. Indeed, the European Court of Human Rights has ruled that the principle of privacy and the protection of private life cannot be applied universally to all personal data. Following the convention in 1981, the European Union published the Data Protection Directive 95/46/EC, which protects natural persons in the processing of personal data and regulates the free movement of data. Subsequently, it published Directive 97/66/EC regarding the protection of personal data and privacy in the telecommunications sector, which was amended by Directive 2002/58/EC in 1997. The Parliamentary Assembly of the Council of Europe regulated the protection and free movement of personal data within the European Union institutions with Resolution 45/2001. Article 7 of the “Charter of Fundamental Rights of the European Union,” published in 2000, also includes the provision related to the protection of private life in Article 8 of the European Convention on Human Rights. Article 8 of the Charter focuses on the protection of personal data, stating: “1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the data subject or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.” Here, it is evident that the right to the protection of personal data is regulated as a separate right from the right to privacy, which is found in the European Convention on Human Rights. The right established in the 2000 Charter was incorporated into the 2004 Treaty Establishing a Constitution for Europe with slight modifications. The European Constitution encountered problems during the ratification phase and did not fully come into force. Therefore, the fundamental articles of the mentioned constitution were included in the Reform Treaty for the European Union. The final form of the Reform Treaty was signed at the Lisbon Conference in 2007 and submitted for approval. The aim is to implement the rights enshrined in the Charter of Fundamental Rights of the European Union. The Lisbon Treaty also includes regulations regarding the protection of personal data in judicial cooperation and security policies between law enforcement agencies.
The European Union system recognizes data protection as a fundamental right. Throughout history, the approaches of member states of the European Union to personal data protection have varied significantly. Data protection and privacy are not interchangeable or equivalent. The scopes, objectives, and contents of data protection and the right to privacy differ from each other. Personal data protection safeguards values that are not at the core of privacy, and while doing so, it can interfere with this right on the grounds of consent, legality, non-discrimination, and legitimacy. The approach that data protection and privacy cannot substitute for each other does not only yield a positive result but carries a deeper meaning. While privacy is central to data protection, the belief that data protection regulations will safeguard privacy can be misleading. Data protection regulations serve multiple purposes beyond the traditional conceptualization of privacy. There are very few genuine concepts related to privacy within data protection. A broad notion of privacy does not inherently endorse the principles of data protection, which are formed around targeted restrictions, data quality, and security. In the European Union, countries like Belgium and the Netherlands consider privacy as the starting point for data protection, while France bases data protection on freedom and Germany on human dignity.[1]
The European Court of Human Rights’ Approach to Private Life
Article 8(1) of the European Convention on Human Rights (ECHR) states, “Everyone has the right to respect for his private and family life, his home and his correspondence.” This article guarantees four interconnected rights related to private life, family life, home, and correspondence. These rights are not absolute, and Article 8(2) outlines the limitations and conditions on the exercise of these rights. The state’s duty under this article involves not only a negative obligation to refrain from arbitrary interference but also a positive obligation to ensure respect for these rights.
The positive obligation may require the state to take measures in relationships between individuals. According to the Court, establishing legal regulations, creating mechanisms to protect individual rights, and applying specific measures when necessary fall under positive obligations. Conducting an effective investigation at the national level when a violation occurs is also considered a positive obligation.
Article 8 imposes three types of obligations on the state: non-interference, protection, and investigation. When a claim of violation of rights under Article 8 is brought before the Court, it examines whether there has been an interference with the rights exercised by the individual through actions, omissions, or measures by public authorities. The Court evaluates claims of interference in private life under the framework of negative obligations and claims regarding the protection of private life under positive obligations.
If it is determined that there has been an interference with private life, the Court then assesses whether that interference is justified. The first step in examining justification is to determine whether the interference was lawful. If it is lawful, the Court will then consider whether the interference was for legitimate purposes and finally assess whether the interference was necessary in a democratic society. If all these conditions are met, a violation of rights is not deemed to have occurred.[2]
According to the Court, the concept of private life is broad and not easily definable. It encompasses both the material and spiritual integrity of the individual. The notion of private life sometimes includes aspects related to a person’s “physical and social identity.” Furthermore, Article 8 protects elements related to the “private sphere,” such as gender identity, name, sexual orientation, and sexual life.
Article 8 also safeguards the right to personal development and the right to establish and cultivate relationships with others and the outside world. The Court emphasizes that personal autonomy is an important principle in its interpretation. Within the scope of material and spiritual integrity, states have a positive obligation to ensure effective respect for an individual’s physical and mental integrity against physical and sexual assaults, medical interventions, and private attacks that affect honor and reputation.[3]
The European Court of Human Rights’ Approach to Personal Data
The European Convention on Human Rights (ECHR) does not contain specific provisions regarding personal data. The Convention seeks to avoid metaphysical approaches, and rights such as the right to freedom, the right to the protection of human dignity, autonomy, and the right to self-determination are not explicitly included. In a convention aimed at diverse cultures, there has been a deliberate avoidance of prioritizing such superior values. This raises questions about whether it is possible to protect and define rights without referencing these higher principles.
In the case of **Pretty v. United Kingdom** (2002), the Court considered whether the right to die with medical assistance for a patient with no hope of recovery falls under the scope of private life as defined in Article 8. In this case, Pretty challenged the refusal of authorities to refrain from investigating her husband if he assisted her in dying, arguing that this refusal violated Articles 2, 3, 8, and 14 of the ECHR. However, her claim of a violation was not upheld.
In the judgment, the Court provided a comprehensive and appropriate definition of private life in paragraph 61, noting that it includes the individual’s psychological and physical integrity. The Court stated that private life sometimes encompasses social life alongside physical life. Elements such as a person’s name, gender, identity, sexual life, and sexual orientation are protected under Article 8. Additionally, Article 8 safeguards the right to establish relationships with others and to make decisions regarding oneself.
Although the right to self-fulfillment had not previously been addressed under Article 8 in any case, the Court ruled that the concept of personal autonomy should be considered a principle when determining the scope of private life. Thus, with this approach, personal autonomy is included within the right to privacy as defined by Article 8. However, the Court notably avoided extensively discussing Pretty’s right to determine her own future in this judgment.[4]
The European Court of Human Rights’ Approach to Personal Data Protection
Although the European Convention on Human Rights (ECHR) does not specifically mention modern communication tools, the Court considers concepts such as telephone calls, phone numbers, computers, video conferencing, voice recordings, and emails within the scope of Article 8. The Court has recognized workplace phone calls and emails as aspects of private life and communication (Copland v. United Kingdom). The monitoring of an individual’s internet use at work has also been evaluated under the concept of private life. The Court has extended the definition of private life beyond the confines of a person’s home, encompassing personal relationships and public interactions.
The Court acknowledges the confidentiality of private life within the context of business and workplace activities. It has emphasized that not only the state but also other legal entities must adhere to obligations to protect private life. This approach creates positive obligations in addition to negative ones. Accordingly, the right of individuals to access their personal data should be ensured by the contracting states under Article 8. Similarly, private entities such as companies, newspapers, employers, and public authorities will be held responsible for violations of private life under these positive obligations. In cases brought against these actors, the rulings of the European Court of Human Rights (ECHR) should be considered by national courts.
The ECHR has demonstrated several detailed approaches to the protection of personal data under Article 8. The Court has interpreted Article 8 in light of new technological developments, relating it to the right to privacy and the freedom of communication. In doing so, it has avoided evaluating whether communication or private life constitutes the fundamental right. The Court has made several determinations regarding the inclusion of data protection under Article 8 (Lundvall v. Sweden, Amann v. Switzerland, Rotaru v. Romania). It has concluded that systematic storage of personal information by public authorities could lead to violations of Article 8. Additionally, the Court has recognized individuals’ right to control their personal data and access their files (Gaskin v. the United Kingdom, Antony and Margaret McMichael v. the United Kingdom, Guerra v. Italy, McGinley & Egan v. the United Kingdom). It has also emphasized the right of transgender individuals to correct their identities (Leander v. Sweden).
Moreover, the Court has stressed the need for an independent oversight authority to ensure the rule of law in the protection of personal data and to prevent the misuse of power (Klass v. Germany, Leander v. Sweden, Rotaru v. Romania). In cases such as Peck, Perry, and PG v. VD Jh, the Court indicated that the purpose behind the targeted use of data protection is to prevent unforeseen uses of personal data. In the Amann and Segerstedt Wiberg cases, the Court ruled that state authorities may only collect data related to a suspect in cases of concrete suspicion.[5]
The European Court of Human Rights has consistently evaluated the collection of personal information related to an individual’s private life, as well as the storage of sensitive data in confidential registers and its disclosure to relevant parties, under Article 8 of the Convention (Leander, 48; Amann, Rotaru, 43; S. and Marper, 67; Khelli, 55). According to the Court, systematic data collection and storage by security forces regarding specific individuals constitutes an interference with private life, even if the data is collected in public spaces (Segerstedt-Wiberg and Others, 72; Cemalettin Canlı, 43), or if the information pertains only to the individual’s professional or public activities (Peck, 59; PG and J.H., 57-59; Rotaru, 43-44). The Court has ruled that even if the information relates to an individual’s distant past, it still represents an interference with their private life (Cemalettin Canlı, 43).
For instance, determining a person’s location through GPS devices installed in their personal vehicle violates their right to respect for private life (Uzun v. Germany, 51-53). Access to information regarding one’s own past is also considered part of private life (Odievr v. France).
Examples of personal matters related to private life as highlighted in the Court’s judgments include the following:
– A person’s name is a means of identifying them and connecting them to a family, thus it pertains to their private and family life (Burghartz, 24).
– Issues related to parentage concern personal identity and, consequently, private life (Rasmussen, 33; Kruskovič, 20).
– Matters concerning gender reassignment are also relevant to private life (Rees, 42; Cossey, 38-39).
– Ethnic identity pertains to an individual’s private life (S. and Marper, 66).
– Sexual relationships and sexual orientation are among the most intimate aspects of private life (Laskey, Jegard, and Brown, 36).
– An individual’s request for information about their origins and access to information held by public authorities forms part of their right to respect for private life (Odievr v. France).
– Additionally, the collection of audio, written, and visual data by public authorities regarding individuals and their activities for the purpose of investigating a crime constitutes an interference with the right to respect for private life (Klass and Others v. Germany, 48-49).[6]
Attorney Yalçın TORUN
[1] P. De Hert and S. Gutwirth, Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutiona-lisation in Action.
[2] Osman DOĞRU İnsan Hakları Avrupa Sözleşmesi Açıklama ve Önemli Kararlar,2013, Ankara Pozitif Matbaa, p.1-2
[3] DOĞRU, p .3
[4] P. De Hert and S. Gutwirth, Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutiona-lisation in Action
[5] P. De Hert and S. Gutwirth, Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutiona-lisation in Action
© 2025 Torun Law Firm – All Rights Reserved.
This article is protected under the provisions of the Law on Intellectual and Artistic Works (No. 5846). The content, in whole or in part, may not be copied, reproduced, published, or shared on any other website without the prior written permission of the author and Torun Law Firm. This material may only be shared by licensed attorneys, for professional purposes, without any modifications, and with full attribution to the author and the source. Any unauthorized use may result in legal and criminal liability.