Data protection Case law in EU: Bodil Lindqvist-part I.
This month E-Crime Expert is presenting relevant Case law and rulings regarding data protection rights, law applicability and enforcement. Earlier, this blog presented what Social Networking Services and Internet are, how they work, possible risks and the European legal framework regarding privacy and personal data. The purpose of this new series is to show actually how the relevant law should be applied to the Internet and electronic environment in order to properly protect and enforce these fundamental (legal) rights of EU citizens: Privacy and Personal Data protection.
This month’s blog posts will focus on the most relevant rulings of the European Court Of Justice (ECJ) and the European Court of Human Rights (ECHR). Rulings that actually became a new source of EU Law by creating precedents of how the Directives, Regulations, Conventions should be read, applied and enforced within the all 27 EU Member States with regards to privacy and protection of personal data. The case law will balance both the applicability of Data Protection law in the private and public sector, focusing mostly on the Directive 95/46/EC (private sector) and Regulation 45/2001/EC (rights to data protection of individuals working with/for EU Institutions and bodies).
The EU considers privacy and personal data as constitutional rather than consumer protection fields. Privacy and the protection of personal data are fundamental rights, enshrined in law and directly enforceable, with the same status as other fundamental rights such as freedom of expression or freedom of information. It is horizontal in scope, and is not confined to EU citizens, or to consumers, and thus protects all natural persons within the jurisdiction.
The first Case law presented it is the also the first of its kind: “Criminal proceedings against Bodil Lindqvist – Case C-101/01.”
Community Legislation: Directive 95/46/EC
– Publication of personal data on the internet
– Place of publication
– Definition of transfer of personal data to third countries
– Freedom of expression
– Compatibility with Directive 95/46 of greater protection for personal data under the national legislation of a Member State.
Summary of the case:
Mrs. Bodil Lindqvist worked as a catechist in a parish of Alseda in Sweden.
She took a course in data processing where she learned how to set up websites, to upload their content, and also to manipulate the content of her websites. In late 1998, Mrs. Bodil Lindqvist setup an Internet page, using her home computer . She was the only person having access to the website in terms of uploading, manipulating and updating data. The purpose of that particular website was to present useful information for future parishioners to get prepared for their confirmation. Her website contained information about herself and private information such as names, family circumstances and telephone numbers of her colleagues from the parish. In one occasion, Mrs. Bodil Lindqvist mentioned on her website how one of her colleagues got an injured leg and for that reason she was working part-time. Also, mentioned on the website was a humoristic approach to describing her colleagues’ hobbies. Mrs. Bodil Lindqvist did not inform her colleagues about the existence of this website and her comments and that their personal contact details were posted, nor did she inform or seek for advice from the Supervisory Authority on data protection in Sweden. When her colleagues found out, they were not happy about their personal contact details and name being posted on this website and also about Mrs. Bodil Lindqvist personal comments referring to them. With that occasion, Mrs. Bodil Lindqvist removed their personal details and contact information from her website. Soon after, the Public Prosecutor, brought prosecution against Mrs. Bodil Lindqvist, regarding her breach of the national Swedish legislation on data protection and privacy as transposed into the national legislation of the Directive 95/46 EC. The prosecution stated that Mrs. Bodil Lindqvist breached the above-mentioned legislation by processing personal data without prior approval from the Swedish Supervisor Authority as stated in the national legislation and in the Directive 95/46/EC. Also, Mrs. Bodil Lindqvist processed sensitive data by mentioning one of her colleagues, which had at that time a broken leg. The public prosecutor made reference to the disclosure of personal medical data without approval. The last allegation was regarding Mrs. Bodil Lindqvist transferring personal data to a third country without having authorization, beside the National Act and the Directive 95/46/EC stipulate this.
After Mrs. Bodil Lindqvist heard this allegations, she accepted the facts, but she refused that she was guilty of any offence.
The District Court fined Mrs. Bodil Lindqvist with 450 EUR, which made her decide to appeal the decision to the Appeal Court.
The Appeal Court decided to hold the procedures and address few questions to the European Court of Justice (ECJ) as the matter in discussion referred to the applicability of the Community Law (Directive 95/46/EC).
Stay tuned for the next post that will describe the 7 questions addressed to the ECJ and the view of ECJ on this matter.
Any questions can be submitted to: firstname.lastname@example.org
Additional information can be found at: www.e-crimeexppert.com
Have you heard about this Case? Have you heard about other Case that you would like to share with us? What do you think about this Case?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
- @k3rstin Hi Kerstin. Im fine thank you. Still in Brussels. Can we collaborate on any project/assignment? Best regards, Dan. 1 year ago
- 6 Essential Tips on How to Prevent Online Shopping Fraud wp.me/p1N1s0-jD 3 years ago
- Cyberbullying wp.me/p1N1s0-jz 3 years ago
- 10 Ways to Prevent Your Identity From Being Stolen wp.me/p1N1s0-jv 3 years ago
- Infographic-Privacy and Security on Facebook wp.me/p1N1s0-jp 3 years ago