INTERRUPTORES DE POTENCIA a Definición de Interruptor de Potencia

A “reasonable expectation of privacy” test in the EU was first used in the landmark case of Lüdi v. Switzerland564_{, though the words “reasonable expectation” were not directly} used, in a case where a Swiss national was convicted in Switzerland of drug trafficking primarily based on a written testimony by an undercover agent and phone recordings. The Court established that there was a violation of the defendant’s Article 8 right to private life due to the telephone interception, but that the goal of “prevention of crime”, which was necessary in a democratic society, was more important. The Court stated that once Mr Lüdi proceeded to participate in a criminal activity, he “assumed the risk” of encountering an undercover police officer. Thus one can assume that committing certain actions (such as criminal activity) means that a lesser expectation of privacy can be expected.

This has some similarity to the American approach, which also uses certain contexts to determine that a person has relinquished their reasonable expectation of privacy when certain actions are performed. It is interesting to point out that this “action” in the US can be simply using a phone, while in the European context it is pursuing an illegal activity.

The appearance of the “reasonable expectation of privacy” test in Europe was developed after Lüdi in relation to employer/employee privacy issues. In the US, localization tools are common practice in a company setting, as well as computer and communications monitoring, including e-mails and phone communications, but also software recording

564 _{Lüdi v. Switzerland, 1992, ECHR, Series A, No. 238, PN 2004-135}

151

every keystroke and mouse click565_{. On the other hand, the EU Courts - and especially} the French courts - do not allow a fraction of those employee-monitoring measures566_{. In} particular, certain European Union member states (including the United Kingdom, Germany and the Netherlands) strictly prohibit the monitoring of employee communications and under normal circumstances electronic monitoring is not permitted567_.

In the Halford v United Kingdom case568_{, an employer was monitoring an employee’s} telephone transmissions. This was held to be part of one’s private life under Article 8, and that there existed a “reasonable expectation of privacy” when making these calls569_. In relation to the phone calls the plaintiff was performing, the Court noted that she would “have had a reasonable expectation of privacy for such calls, which expectation was moreover reinforced by a number of factors.” In this case, it is important to note the broad range of the test, when compared to how strictly it is applied in the American system: in Halford the test seemed to protect all Article 8 rights including family life, home, and correspondence570_{, which may have been intentional.}

That is not to say the European vision of the “reasonable expectation” test is a wall of protection that is only breached in overwhelming circumstances. In the case of P.G and J.H v. United Kingdom571_{, the next case to reference a “reasonable expectation” test,} covert listening devices were planted in the plaintiff’s home, and though the Court ruled the measure illegal, it did add that “there are a number of elements relevant to a consideration of whether a person’s private life is concerned by measures effected outside a person’s home or private premises. Since there are occasions when people knowingly or intentionally involve themselves in activities which are or may be recorded or reported in a public manner, a person’s reasonable expectations as to privacy may be a significant, although not necessary conclusive, factor”572_.

This case shows that the European conception of “reasonable expectation of privacy” is a balancing test, and not a binary decision. This shows an interesting difference between 565 _{Determann, L., & Sprague, R. (2011). Intrusive monitoring: Employee privacy expectations} are reasonable in Europe, destroyed in the United States. Berkeley Technology Law Journal, 26(2), 979-1036

566 _Ibid 567 _Ibid

568 _{Halford v. United kingdom (20605/92) 1997 ECHR 32, PN 2003-49}

569_{Gomez-Arostegui, H. T. (2004). Defining private life under the European convention on} human rights by referring to reasonable expectations. Cal. W. Int'l LJ, 35, 153. p.10

570 _Ibid

571 _{P.G. and J.H. v. United Kingdom, (44787/98) [2001] ECHR 546 2001 PN 2004-199} 572 _{P.G. and J.H. v. United Kingdom, (44787/98) [2001] ECHR 546 2001 PN 2004-199}

152

privacy and data protection European law: while privacy law recognises the need for balancing interests and contextualising different cases, data protection is still using a binary approach for what is or is not personal. This approach was restated in Peck v The United Kingdom573_{, in which CCTV footage of the applicant’s attempted suicide was used} in news programs without his consent. The Court noted that “the applicant’s reasonable expectations of privacy, among other factors”574 _{would be relevant to an Article 8} analysis.

A major development came in von Hannover v. Germany575_{. In this case, reasonable} expectations were reinforced as the benchmark for a violation of Article 8, discussed as a “legitimate expectation” of protection of one’s private life. In this case, the Court ruled that one has such an expectation despite being a person in the public eye. The ‘’balancing test’’ between the right of the public to obtain that information and the right of the individual to privacy fell on the side of the individual and it was held that the plaintiff had a ‘’legitimate expectation’’ of privacy. In a dissenting opinion, Judge Barreto stated that the princess of Monaco’s “legitimate expectation” should not be valid where pictures were taken of her in a beach club swimming pool, because there was no possibility of entertaining a “reasonable expectation of not being exposed to public view”576_{. Judge} Zupančič was even more vocal in asking for the reasonable expectations test as the standard for privacy cases, as it “permits a nuanced approach to every new case”577_.

However, for this test to be valid, it is important that the exact specification of what constitutes “reasonableness” - whether a subjective, objective, or combined approach - be cleared by the Court. A possible answer can be found in a UK House of Lords case, Campbell v MGN578_{. In this case, Lord Hope discussed the concept of “reasonable} expectation of privacy”, explaining the House of Lords’ position: “the question is what a reasonable person of ordinary sensibilities would feel if she was placed in the same position as the claimant and faced with the same publicity”. This objective view is a good indication of the European position. What’s more, the European vision of privacy as a “social good” would point towards the same objective approach579_.

573 _{Peck v The United Kingdom, (44647/98) [2003] ECHR} 574 _Ibid

575 _{von Hannover v Germany [2004] EMLR 379; (2005) 40 EHRR 1} 576 _{von Hannover v Germany [2004] EMLR 379; (2005) 40 EHRR 1} 577 _{von Hannover v Germany [2004] EMLR 379; (2005) 40 EHRR 1} 578 _{Campbell v Mirror Group Newspapers Ltd [2004] UKHL 22}

579_{Custers, B., van der Hof, S., & Schermer, B. (2014). Privacy expectations of social media} users: The role of informed consent in privacy policies. Policy & Internet, 6(3), 268-295.

153

So we have seen there is at least some understanding of a reasonable expectation of privacy, which impacts every space including the work space (Halford v. United Kingdom580_{), the private space (P.G and J.H v. United Kingdom}581_{), and the public space} (von Hannover v. Germany582_{). We will now see how that expectation works in the public} space.

An ECtHR case in 2000, Rotaru v. Romania583_{, confirmed its previous jurisprudence over} the reasonable expectation of privacy when it comes to a file stored by agents of the state by stating that this file fell within the scope of Article 8584_{. As to whether public} information can be considered part of one’s “private life”, the Court noted that “Moreover, public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities. That is all the truer where such information concerns a person's distant past.”585

This is particularly relevant because this is the same approach taken to “reasonable expectation of privacy” as in the American conception, with the same conclusions to the concepts of transparency and opacity. The conclusion was reinforced in the aforementioned P.G. and J.H. v The United Kingdom, where the Court defined that “There is therefore a zone of interaction of a person with others, even in a public context, which may fall within the scope of ‘private life’.”586 _{Additionally, the Court added elements} to decide whether one’s private life is affected in public places587_:

“Since there are occasions when people knowingly or intentionally involve themselves in activities which are or may be recorded or reported in a public manner, a person’s reasonable expectations as to privacy may be a significant, although not necessarily conclusive, factor. A person who walks down the street will, inevitably, be visible to any member of the public who is also present. Monitoring by technological means of the same public scene (for example, a security guard viewing through closed-circuit television) is of a similar character. Private-life considerations may arise, however, once any systematic or permanent rec

580 _{Halford v. United kingdom (20605/92) 1997 ECHR 32, PN 2003-49}

581 _{P.G. and J.H. v. United Kingdom, (44787/98) [2001] ECHR 546 2001 PN 2004-199} 582 _{von Hannover v Germany [2004] EMLR 379; (2005) 40 EHRR 1}

583 _{European Court of Human Rights, Judgment of 4 May 2000 (Rotaru v Romania), no.}

28341/95.

584 _{Nouwt, S. (2008). Reasonable expectations of geo-privacy. SCRIPTed, 5, 375.} 585 _{European Court of Human Rights, Judgment of 4 May 2000 (Rotaru v Romania), no.}

28341/95.

586 _{P.G. and J.H. v. United Kingdom, (44787/98) [2001] ECHR 546 2001 PN 2004-199} 587 _{Nouwt (n.584)}

154

ord comes into existence of such material from the public domain. It is for this reason that files gathered by security services on a particular individual fall within the scope of Article 8, even where the information has not been gathered by any intrusive or covert method…”588

Despite this acknowledgment of privacy in public in a similar vein as in the American conception, a very big exception based on surveillance is permitted by the ECtHR jurisprudence. This includes the case of Perry v. The United Kingdom589_{, in which the} Court concluded that camera surveillance in public places without recording visual data was fulfilling a legitimate purpose and was not a breach of Article 8.

Overall, as we can see, privacy law in the EU provides a concept of “reasonable expectation of privacy” in public spaces, taking into account the context and in particular potential data-gathering and data aggregation by private or public entities. This contextual approach to how much something is ‘’private’’ or ‘’public’’ and likely to represent a breach of informational privacy has been effective in adapting informational privacy to new technological and social trends, yet a similarly contextual approach to whether data processing represents a breach of informational privacy has not found its way to data protection, despite signs of it with the ‘’risk-based’’ approach.

Indeed, on the Data Protection side, the challenges of the European approach to data protection regulation remain true in the public context. Though there remain barriers to gathering data from individuals in public, it can be done quite well in certain contexts where the infrastructure allows it. Besides the CCTV common in public spaces (especially in the UK), collecting information can be done increasingly well by those with enough motivation. This includes loyalty cards to track what people buy in stores, transport cards that track journeys by the user, and any other IoT-enabled device that allows the monitoring of user data throughout their day as they spend time in public spaces590_.

As we have shown, there is recognition, in privacy law, that informational privacy needs to be protected by an opacity/transparency balance of which factors can be used to obtain the information. We have also shown that there are signs that the GDPR is showing hints of moving towards such an approach. However, as analysed earlier in this Chapter, the core pillars of EU data protection law are not adaptable to this new type of

588 _{P.G. and J.H. v. United Kingdom, (44787/98) [2001] ECHR 546 2001 PN 2004-199} 589 _{Perry v The United Kingdom: ECHR 17 Jul 2003}

590 _{Treacy (n.312)}

155

approach, which is leading to a conflict between those two approaches in how to protect informational privacy.

In conclusion, both the European and American privacy law systems, despite their strong differences at both the conceptual and practical levels, have developed an understanding of a reasonable expectation of privacy. However, in both jurisdictions, this reasonable expectation is separate from the normal system of protection of individuals and not part of the main currents of thought and jurisprudence, and in particular in the EU is not taken into account in the data protection side of informational privacy. We have seen the development of an approach where instead of “public” and “private” spaces, a focus on “transparency or opacity” has appeared through judicial decisions brought about by the fundamental changes that public spaces are going through. In particular, a recurring factor is the aggregation of data into new ways of understanding data, showing that the distinction between “personal” and “non-personal” data is increasingly obsolete and a similar ‘’transparency/opacity’’ view is necessary and is showing signs of being adopted.

3. Public Spaces as Privacy-Neutral Environments: The