CHAPTER 5: LEGAL CONSTRAINTS
5.58.
There is no direct equivalent in the EU Charter of Article 8(2) of the ECHR. But Article
52(1) provides that:
“Subject to the principle of proportionality, limitations may be made only if they
are necessary and genuinely meet objectives of general interest recognised by
the Union or the need to protect the rights and freedoms of others,”
and the “objectives of general interest” are effectively limited to those referred to in
Article 8(2) of the ECHR by Article 52(3), which provides that insofar as the EU Charter
rights correspond with ECHR rights, “the meaning and scope of those rights shall be
the same”. That is to be read however together with the last sentence of Article 52(3):
“This provision shall not prevent Union law providing more extensive protection”. The
position is thus that the ECHR provides a floor for interpreting the EU Charter rights,
but not a ceiling.
Data protection law
5.59.
Two pieces of EU legislation constrain the freedom to gather and process information
without constraint, via surveillance or any other method.81
5.60.
First, the Data Protection Directive sets out a framework for “data processing” that
respects “fundamental rights and freedoms, notably the right to privac12 y” (Recital
2). It lays out the standards that govern the processing of personal data, including
the collection, recording, organisation, storage, adaptation, retrieval, consultation, use
or dissemination of that material throughout the Union (Article 2). Personal data may
only be collected for “specified, explicit and legitimate purposes and not further
processed in a way incompatible with those purposes” (Article 6(1)(b)) and “kept in a
form which permits identification of data subject for no longer than is necessary for
the purposes for which the data were collected...” (Article 6(1)(e)).82
5.61.
Member States are obliged to ensure that appropriate technical and organisational
measures are in place to protect personal data from accidental or unlawful destruction,
loss or unauthorised disclosure (Article 17(1)).
5.62.
Secondly, the e-Privacy Directive is concerned with the data generated by and in
association with use of electronic communications. It harmonises the standards of
protection throughout Europe, in order to ensure that personal data, which is protected
by Articles 7 and 8 of the EU Charter, is given adequate security. Article 15(1)
provides:83
“Member States may adopt legislative measures to restrict the scope of the
rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and
(4) and Article 9 of this Directive, when such restriction constitutes a necessary,
appropriate and proportionate measure within a democratic society to safeguard
national security (i.e. State security), defence, public security, and the
81
82
83
Though it is arguable that they do not do so in all circumstances: see, in particular, the comments on
TEU Article 4(2) at 5.2(b) above.
Directive 95/46/EC.
Directive 2002/58/EC.
85