This thesis explores privacy: why we value it and how we protect it. It builds on the presumption that, to the extent that we can sufficiently understand its importance, privacy is more likely to prevail against competing interests, rights and powers.

With an outset in modern privacy theory, the thesis explores why privacy is important. It extracts and synthesises the overarching directions of privacy theory into three underlying rationales for why privacy is important to the individual and democracy. The individual rationale perceives privacy as a precondition for personality and self-determination; the social rationale speaks to privacy as a precondition for social relations, and the democratic rationale iterates privacy as a precondition for democracy and democratic self-government. All three rationales cover a negative dimension, under which public authorities must refrain from interfering arbitrarily with the individual’s privacy, and a positive dimension, under which the individual develops personality, self-determination, social relations and democratic self-government. Thus, the analysis demonstrates that all theories can be organised and understood according to common themes, making them applicable – as a whole – to legal analysis.
Subsequently, the thesis circumscribes the scope and meaning of the rights in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (CFREU) in accordance with case law from the Court of Justice of the European Union (CJEU) (and Article 8 of the European Convention on Human Rights (ECHR), pursuant to case law from the European Court of Human Rights (ECtHR)), and explores the extent to which they reflect the rationales. This process provides the rights with normative justifications capable of guiding the adjudication of privacy against other rights and interests within policy and legal decision-making (de sententia ferenda), or suggesting legal alternatives (de lege ferenda), enabling a stronger and balanced approach to privacy. Moreover, the ways in which the rights reflect the rationales brings clarity to nature of the rights and the contested relationship between them.

The right to respect for privacy in Article 7 CFREU covers three rights, i.e. respect for private life, home and communications, respectively, whose scope and meaning are largely identical to those under Article 8 ECHR (Article 52(3) CFREU). The right to respect for private life covers almost every aspect of life (though its essence lies in the most intimate aspects of life), and it reflects both dimensions of the individual and social rationales. Moreover, the essential object of Article 8 ECHR and Article 7 CFREU (Article 52(3) CFREU) is the protection against arbitrary intervention from public authorities. It reflects the negative dimension of the democratic rationale and suggests that privacy is inherently and specifically related to the limitation of state powers, over and above the general capacity of fundamental rights. The right to respect for the home protects private and business premises of natural and legal persons, supporting the particular role played by privacy in restricting state powers. However, its essence is the private home, reflecting the individual rationale. Finally, the right to respect for communications protects all mediated discourse, irrespective of its nature. While ECtHR case law reflects the social and democratic rationales, CJEU case law reflects all three rationales, tying them together and attaching them to freedom of expression (Article 11 CFREU) via the positive dimension of the democratic rationale. Based on ECtHR case law, its essence seems to be the mere breaking of confidentiality, while the CJEU relates it to the quantitative degree of the interference. Although it reflects both dimensions of the rationales, the right in Article 7 CFREU remains negative and prohibitive, ensuring the respect for privacy.

By contrast, the right to the protection of personal data in Article 8 CFREU is mainly positive and permissive. As a hybrid between a fundamental right and a market freedom, it pursues the dual objective of protecting fundamental rights, while ensuring the free movement of personal data. Hence, while any processing of personal data amounts to an interference with the right, such processing is legitimate if it complies with the requirements set out in Article 8(2) CFREU (i.e. the principles of fairness and purpose specification, the requirement of lawful processing, the rights of access and rectification) and 8(3) CFREU (i.e. the right to independent control), read in conjunction with Article 52(1) CFREU. Thus, Article 8 CFREU is expressed by a positive right to exercise a minimum level of control over personal data (i.e. informational self-determination) and those processing the data (i.e. democratic self-determination) (Article 8(2) CFREU), expressing the positive dimension of the individual and democratic rationales, and a (largely) negative right to independent control in Article 8(3) CFREU, reflecting the negative dimension of the democratic rationale. These rights constitute the essence of Article 8 CFREU and bestow the individual with a democratic duty to exercise control over personal data and the controller to participate actively and mitigate the risk of harms to the individual’s fundamental rights. Read in that light, Article 8 CFREU implies a new kind of fundamental right.

Article 8 CFREU applies to any processing of personal data, irrespective of whether the controller is a public or private actor. Hence, when they are applied correctly, Articles 7 and 8 CFREU provide two opposite directed, i.e. negative and positive, instruments of power in terms of over those interfering with privacy, in terms of either opacity or transparency, against both public and private controllers. Accordingly, although Article 8 ECHR and Article 7 CFREU (Article 52(3) CFREU protect personal data as private life, having regard to the distinct nature of the Article 8 CFREU, including its dual objective, the CJEU must cease to apply such privacy-oriented approach to data processing pursuant to ECtHR case law and its own pre-Charter case law. Ultimately, the rights in Articles 7 and 8 CFREU remain mutually dependent. To realise their full potential in terms of the protection of privacy and democracy, the CJEU must cease to conflate them, but apply each of them in accordance with their actual scope and meaning.