Norberto Nuno Gomes de Andrade

Oblivion: The Right to Be Different from Oneself - Reproposing the Right to Be Forgotten

The ‘right to be forgotten’, also known as the right to oblivion, droit a l’oubli (French) or diritto al’oblio (Italian), is a complex and intriguing juridical instrument. Defined as ‘the right to silence on past events in life that are no longer occurring’ (Pino, 2000: 237), the debate around this right has recently been resumed in Europe. Due to outstanding ICT developments, namely the digitisation and proliferation of information,3 and its storage by default, the question over the need, admissibility and feasibility of a specific and wider legal instrument to delete information has been inexorably posed.

Pan-European Survey of Practices, Attitudes and Policy Preferences as regards Personal Identity Data Management

This study presents the results of the largest survey ever conducted in Europe and elsewhere about people’s behaviours, attitudes and regulatory preferences concerning data protection, privacy and electronic identity, both on the Internet and otherwise in their daily lives. The report draws conclusions in direct relation to four key Digital Agenda areas: Authentication and Identification, e-Commerce, Social Networking Sites, and Medical Information as Personal Data. The survey was conducted in the 27 Member States of the EU between the 25 November and 17 December 2010. 26,574 Europeans aged 15 and over resident in each EU Member States were interviewed. The methodology used is that of the Standard Eurobarometer. The study finds that personal data disclosure is increasingly prevalent in the European society, largely due to the expansion of the Information Society. In turn, most services provided in the digital economy rest on the assumption that this data and associated electronic identities are collected used and disposed of according to existing legislation. The survey shows very clearly how Digital Europe is shaping up. About two thirds of EU27 citizens use the Internet frequently, more than one third uses Social Networking Sites (SNS) to keep in touch with friends and business partners and almost 4 out of 10 shop online. In both of these contexts, people disclose vast amounts of personal information, and also manage a large and growing number of electronic identities. However, there are equally significant differences among Member States and considerable digital exclusion, mainly due to socio-demographic differences in affluence, education and age. Europeans know that if they want to benefit from using the Internet to its full potential they have to disclose their data (biographical, social, financial or medical) and manage online identities. Almost three in four Europeans accept that revealing personal data, so as to benefit from online services, is part of everyday life. While nearly all disclose biographical data (i.e. name, nationality, online account identity) to access a service, users shopping online also disclose address information and financial information and users of social networking sites disclose more social information but not financial. There is significant use of business-issued rather than public-issued credentials for all Internet transactions, especially for eCommerce; in part, this depends on the fact that although many countries issue credentials these are seldom directly usable online for commercial purposes. This implies that: A transaction system based on the use of third-party credentials, rather than on direct disclosure of bank or credit related information, and in general other ways of pegging ‘virtual identity’ to real identity may enhance accountability and be useful to stimulate cross-border shopping. b) The offer of interoperable, easy to use national and cross-border systems with similar look and feel and more uniform protection of the rights of consumer and their personal data across the EU contribute to making it easier to transact cross-border. But online users are also very much aware of risks in transacting online and are naturally concerned. The perception of risk is greater for more ‘mature/active’ users but it does not seem to curb abuse and misuse – such as data loss and identity theft. Providentially, these are still uncommon in Europe. People trust institutions more than companies, especially medical institutions, to protect the data they are entrusted with; they are slightly less sanguine about whether Governments and Banks are to be trusted and concur as to the perception that private companies such as Internet service providers, e-shops and telephone companies are not to be trusted with their data.

Data Protection, Privacy and Identity: Distinguishing Concepts and Articulating Rights

The purpose of this article is to provide a sound and coherent articulation of the rights to data protection, privacy and identity within the EU legal framework. For this purpose, the paper provides a number of important criteria through which the three different rights in question can be clearly defined, distinguished and articulated. Although intrinsically interrelated, the article draws attention to the importance of keeping the rights and concepts of data protection, privacy and identity explicitly defined and separated.Based on two proposed dichotomies (procedural/substantive and alethic/nonalethic), the paper makes three fundamental arguments: first, there are crucial and underlying distinctions between data protection, privacy and identity that have been overlooked in EU legislation (as well as by the legal doctrine that has analyzed this topic); second, the current data protection legal framework (and its articulation with the concepts of privacy and identity) presents serious lacunae in the fulfilment of its ultimate goal: the protection of the autonomy, dignity and self-determination of the human person; and, third, the right to identity should be explicitly mentioned in the EU Data Protection Directive.Profiling is taken as a case study technology to assert the importance of incorporating the right to identity in the EU data protection framework as well to document its current shortcomings.

Right to Personal Identity: The Challenges of Ambient Intelligence and the Need for a New Legal Conceptualization

Ambient intelligence, profiling techniques and the convergence between digital and physical environments, among other technological progresses, promise to revolutionize the way we live and interact in society. In this article I will focus upon how those technologies will put into question the classical and static ideas we have about ourselves and about our own identities. As such, and in order to face the various challenges posed by future and emerging technologies to the definition and establishment of personal identity, I will elaborate on a novel, needed and comprehensive conceptualization of the right to personal identity. The analysis of the right to personal identity includes a brief account of its legal evolution, emphasizing its main theoretical predecessors. Such historical digression encompasses also the main contributions to the conceptualization of this legal disposition delivered by the modern doctrine of personality law, constitutional law and human rights legal framework. After such analysis, I will then examine the main challenges posed to the right to personal identity by new and forthcoming technological developments, namely the ones brought by the vision of ambient intelligence. Having acknowledged those challenges, I will then strive to demonstrate the pressing need to rethink the right to personal identity. As such, after a critical analysis of the configuration of the right to identity made by the Italian jurisprudence, one of the most active legal systems in the theorization of this juridical figure, I will propose a renewed conceptualization of the right to personal identity. In the ambit of such theorization, I will present a list of different “sub-rights” which should be accommodated under the umbrella of the right to identity, namely the right to be forgotten and the right to multiple identities.

Enhanced cooperation: the ultimate challenge of managing diversity in Europe

Diversity in the EU has always been a permanent factor accompanying the European integration process. With the recent enlargement and those in the pipeline this diversity will grow, bringing the ultimate challenge for the continuity and feasibility of the integration process: the management of this increasing variety. The mechanism of enhanced cooperation was established in the Amsterdam Treaty to provide a solution to this challenge. The following article sheds some light on the future utilisation of this mechanism and its consequences and repercussions for the European integration process.

La re-identificazione dei dati anonimi e il trattamento dei dati personali per ulteriore finalità : sfide alla privacy

Questo articolo introduce e descrive due aspetti relativi alla protezione dei dati, uno di natura tecnologica e l’altro di carattere giuridico. Entrambi gli aspetti costituiscono due importanti sfide alla privacy: la re-identificazione dei dati anonimi e il trattamento dei dati personali per ulteriori finalità. Le due possibilità, curiosamente, non hanno ricevuto finora la meritata attenzione dalla dottrina specializzata, rimanendo in un “limbo” giuridico che potrà portare dei seri problemi alla difesa della privacy.