2 The European legal framework
The regulatory framework regarding the right to freedom of expression and the regime of data protection in Europe is mainly linked to the Council of Europe and the European Union legal systems. In the case of the Council of Europe, the regulation is twofold. On the one hand, the main rights at stake, right to freedom of expression and right to privacy are part of the European Convention of Human Rights. Its article 10.1 states that “Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This Article shall not prevent states from requiring the licensing of broadcasting, television or cinema enterprises.” Quite obviously, this right might be limited according to the provisions made by number 2 of this clause. Article 8, instead, focuses on the defense of privacy, by stating that
- Everyone has the right to respect for his private and family life, his home and his correspondence.
- There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
On the other hand, the Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108), also approved by the Council of Europe, regulates data protection issues. Indeed, at the present moment is the only international legally binding agreement on the data protection law. However, the European Court of Human Rights does not hear cases on the alleged violations of this Convention, since it is only related to the European Convention of Human Rights.
In the EU context, the right to freedom of expression was included in article 10 of the EU Charter of Fundamental Rights, which reads:
- Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.
- The freedom and pluralism of the media shall be respected.
Instead, articles 7 and 8 of the Charter included the right to privacy and the right to the protection of personal data concerning him or her. At the present moment, the legal framework for data protection is mainly drawn by the Regulation (EU) 2016/679 of the GDPR.Alleged violations of the EU law are heard by the Court of Justice of the European Union (CJEU). There is no equivalent piece of overarching and comprehensive secondary legislation about free speech and media freedom mostly due to the Commission’s position that the EU has no authority to legislate in this area (Biriukova, 6).
The GDPR applies whenever anyone processes (collects, retains, uses, or discloses, for instance) any information about a living person. As the ICO remarks, “it does not prevent responsible journalism, as the main principles are flexible enough to accommodate day-to-day journalistic practices (…) However, the media are not automatically exempt and will need to ensure they give some consideration to the data protection rights of individuals. Legal responsibility usually falls on the relevant media organization rather than individual employees, although freelance journalists are likely to have their own separate obligations”. However, it is good to keep always in mind that employees of media organizations need to be aware of their legal responsibilities, particularly day to day adherence, when working for their employer.