Effective Redress of Grievance in Data Protection: An Illusion?

DOI10.1177/1023263X1602300310
Date01 June 2016
Publication Date01 June 2016
AuthorMike Varney
SubjectArticle
550 23 MJ 3 (2016)
EFFECTIVE REDRESS OF GRIEVANCE
INDATA PROTECTION: AN ILLUSION?
M V*
ABSTRACT
is article que stions whether the current data protection legislative framework in the EU
to provide e ective redress of grievance for those who are a ected by a breach of data
protection law. It considers the extent to which the pr inciple of e ective judicial prote ction
is satis ed where judicial redress is sought and also considers whether supervisory
authorities are able to grant adequate administ rative redress. In undertaking this analysi s
the article seeks to demon strate that there are a number of areas where judicial protection
is uncertain. ere is a lack of consistency in the award of compensation, particularly in
cases of non-pecuniary loss and some uncertainty as to what an ‘e ective remedy’ might
be in some data protection cases. Furthermore, substantial procedural di erences exist
between Member States for those seeking to bring data protection cases before national
courts resulting in a situation where the conditions of a ccess to judicial remedy are uneven.
Keywords: data protect ion; European Union; grievance redress; reform; remed ies
§1. INTRODUCTION
Much focus has been placed on the role of data protection, given t he predicted importance
of innovation in online services and the use of personal data to economic growth and
development in the European Union.1 It is acknowledged that one vital aspect of the
regime is the need to provide en hanced redress where data protection rules a re violated.2
Similarly, the provision of public services and many administrative and regulatory
* Senior Lectu rer at the University of Hull L aw School, University of Hull, Hu ll, United Kingdom.
1 Communication f rom the Commission to t he European Parliament, the Council, the European
Economic and Social Committee a nd the Committee of the Regions, Safeguarding Pr ivacy in a
Connected World: A Europ ean Data Protection Framework for t he 21st Century, COM(2012) 9  nal,
p.2.
2 Ibid., p.6.
E ec tive Redress of Griev ance in Data Protection : An Illusion?
23 MJ 3 (2016) 551
activities undertaken by public authorities or for public services require ever greater
use of personal data and d ata exchange, both w ithin and outside the European Union.3
Whether data is us ed by public bodies or organisations in the private s ector, the need for
public con dence in data processing sys tems will become increasing ly important if there
is to be public willingness to engage in further and more innovative use of data,4 o en
shared not only within t he borders of the European Union, but also outside.
e question which this article seeks to address is whether the existing framework
of data protection legislation and its future reform will provide an e ective system of
grievance redress for those who have faced breaches of data protection rules. Such a
system of grievance red ress should focus not only on e ective judicial protection, but al so
administrative regulation and methods of internal redress, o ered by data controllers
and processors.
e aims of this article are threefold.  e rst aim is to interrogate the concept of
e ective judicial protection in data protection cases. In the European Union, this may
take two distinct angles.  ere is an issue of e ective redress of grievance – that is,
can the aggrieved citizen obtain an e ective remedy? Furthermore, there is an issue of
ensuring e ective judicial protection throug hout the Member States when a data breach
occurs and redres s is sought from a data controller in another Member St ate, or possibly
even from a data controller outside of the Eu ropean Union.  e second objective of the
article will be to consider whether e ective protection is o ered by the current legal
regime.  e third and  nal purpose of the article is to consider the steps that might be
taken to address potentia l remaining gaps in protection.
§2. THE NATURE OF THE CHALLENGE
A. THE MANY LAYERS OF GR IEVANCE REDRESS IN DATA
PROTECTION BREACHES
e right to protection of personal data is provided for in Articles6 and 39 TEU,
Article16 TFEU and Article8 of the EU Char ter of Fundamental Rights . A more detailed
framework of protection is provided for by secondar y law, including the Data Protection
Directive,5 a Council Framework Decision on processing of data in matters of police
3 H.C.H. Hofmann, G.C. Rowe and A.H. Tü rk, Administrative L aw and Policy of the European Union
(Oxford University Pres s, 2011), p.143–221.
4 Communication f rom the Commission to t he European Parliament, the Council, the European
Economic and Social Committee a nd the Committee of the Regions, Safeguarding Pr ivacy in a
Connected World: A Europ ean Data Protection Framework for t he 21st Century, COM(2012) 9  nal,
p.2.
5 Directive 95/46/EC of t he European Parli ament and of the Counc il of 24October 1995 on the protect ion
of individuals with regard to the processing of personal data and on the free movement of such data,
[1995] OJ L 281/31.

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT