Even with the advent of Web 2.0, data protection law is still often seen as technical and only narrowly applicable. Technical abstruseness aside (and data protection’s reputation here is certainly deserved!), this understanding couldn’t be more wrong. The existing European data protection framework actually has a breath-taking scope. It applies to anything done electronically with any information about an identified or identifiable person (possibly even the dead). According to the EU, even innocuous details already in the public domain are protected (perhaps even the title of an author’s book). Moreover, if the information reveals in any way, for example, race/ethnic origin, political opinions, religious belief, trade union membership, health or criminality, then it is classed as “sensitive” information and subject to even tighter regulation. A number of European courts have ruled that all colour images are covered by this as they display racial information. The European data protection framework (Directive 95/46/EC) is not only broad but often onerous. Barring a specific exception (including a liberal one (Art. 9) which can be invoked for journalism, literature and the arts), there is a presumption that individuals will be informed about the processing of data about them (Arts. 10-11) and given a right to object (Art. 14), that the processing of “sensitive” personal information will be banned (Art. 8.1) and that no personal information will be transferred outside the European Economic Area without “adequate protection” (Art. 25.1).
So the popular perception of data protection is woefully inaccurate – which leads to a radical underestimation of the threat this regime poses to the enjoyment of other fundamental rights and pursuit of legitimate activities. Nowhere is this more the case than in relation to social and humanities research. Since the advent of the EU data protection framework, researchers have witnessed dramatic restrictions on their freedom to use “sensitive” data or to resort to covert methodologies. Coupled with the growth of sometimes intrusive “ethical” review policies, the barriers and burdens placed in the way even of ordinary, innocuous, yet socially beneficial research and on researchers have become considerable.
It might have been hoped that the proposed EU Data Protection Regulation would provide an opportunity to reverse this. But if the European Parliament’s just published draft report and amendments are anything to go by, the converse is true. Prepared by Jan Albrecht MEP, the Rapporteur of the Civil Liberties, Justice and Home Affairs Committee (the lead Committee for considering the Regulation), these stringent proposals would effectively outlaw almost all research in law and in contemporary history as well as a great deal of work in sociology and political science. Now, any processing for historical, statistical or scientific research purposes would be subject to the following:
- A complete ban on publishing even the most innocuous personal data in identified form unless the individual in question either has themselves put it into the public domain or has freely given, specific, informed and rescindable consent (Amendment 339, p. 201). This would deny a historical researcher the right to publish information from a newspaper article accurately reporting the public activities of a public official (e.g. Tony Blair’s involvement in the decision to go to war in Iraq). It would also prohibit the citation and publication of analyses of already published court judgments since these are full of identifying details which the justice system rather than the individuals concerned have put into the public domain.
- If the details in question reveal any “special” categories of information (see above), then the restrictions would be even greater. In the absence of freely given, specific, informed and rescindable consent, all such research would be banned unless Member States, on a purely optionally basis, allow their Data Protection Authority to issue permits for this. These could however only be granted if the information “be anonymized, or if that is not possible for the research purposes, pseudonymised under the highest technical standards, and all necessary measures…taken to prevent re-identification of the data subjects”. The research must also serve “exceptionally high public interests” and be something that “cannot possibly be carried out otherwise” (Amendment 337, p. 200). Not even information previously published by the individual in question would be exempt. Thus, for example, a historian would have no right to report that Emma Nicholson, now a Liberal Democrat Peer, used to be Conservative MP despite this being public knowledge freely available on Wikipedia. (According to the Information Commissioner’s Office the political affiliation of an MP is “sensitive” personal data (p. 8)).
- We are also told that in all cases “data enabling the attribution of information to an identified or identifiable data subject” must be “kept separately from the other information” (Amendment 335, p. 199). This would prevent a researcher from saving a court judgment or a newspaper report on a laptop without having first replaced all personal identifiers (such as “David Cameron” or “Lord Hutton”) with a pseudonymised (as above) code, the key to which would then have to be stored elsewhere.
- Finally, the clause allowing the European Commission to propose delegated legislation to allow for covert research has simply been deleted (Amendment 341, p. 202). But, subject to suitable safeguards, such research has often been essential in bringing to light important facts including illegal police practices and discriminatory attitudes on the grounds of sex, ethnicity or race. People are obviously not going to be willing to give consent to their wrongdoing being researched.
Albrecht is candid about the restrictions on research freedom which are being proposed. Thus we are told baldy that “[r]esearch purposes should not override the interests of the data subject in not having his or her personal data published” (at p. 201). If the word “journalistic” were substituted for “research”, then it would be obvious to everyone, including of course the Press, just how onerous this censorship is. Ironically, alongside these harsh restrictions on research, Albrecht proposes broadening the protections set out in Article 80 as regards journalism, literature and arts so as to protect freedom of expression per se (Amendment, 324, p. 193). This is to ensure that “freedom of expression is protected in general, not just for journalists, artists or writers” (p. 52).
Freedom of expression is defined by reference to the EU Charter which includes freedom to “receive and impart information and ideas without interference” (Art. 11), a right similarly protected in Art. 10 of the European Convention on Human Rights. In creating and disseminating new knowledge, social and humanities research intrinsically instantiates such freedom of expression. Moreover, the special concern of research to investigate genuinely important issues whilst upholding the qualities of rigour, culmination and precision ensures that social and humanities research will usually constitute ‘high-value’ publicly interested speech which the European Court of Human Rights has correctly stated should generally be free from legal restriction. As Brian Harrison has also correctly argued “there is no distinction in principle between the journalist and the historian: the historians simply have more time for research and reflection”. However, the one type of actor whose freedom of expression is not protected by this proposed revision to Article 80 is researchers (historical or otherwise). This is because, whilst Article 80 does allow for (balanced) derogations from most of the Regulation, Article 83’s stipulations on historical, statistical and scientific research are excluded from this. Freedom of expression is turned “on its head”!
It is vital that the draft Data Protection Regulation be amended. We need to ensure that social and humanities research is unequivocally included within Article 80’s freedom of expression protections. This should also prompt a wider rethink of the over-regulation of research compared with other, often less socially valuable, activities. The proposals are still being considered by both the European Parliament and the Council of Ministers. It is not too late to press for the necessary changes. All who care about the future vitality of academic inquiry need to wake up to the realities of Data Protection. Universities and other research organizations need to be forthright and assertive in opposing these unjustified and unworkable proposals. Everyone acknowledges that, in some contexts, genuinely sensitive personal data needs protection. But when this balloons into wide, and wild, overreaction we find ourselves able to know less and less about the societies we live in – including, paradoxically, about the nature of privacy and about the effects of Data Protection regulation itself.
A version of this article was originally published in Times Higher Education (“Mustn’t ask, mustn’t tell”, 14 February 2013, p. 30).
Suggested citation: D. Erdos, ‘Mustn’t Ask, Mustn’t Tell: Could New EU Data Laws Ban Historical and Legal Research?’ UK Const. L. Blog (14th February 2013) (available at http://ukconstitutionallaw.org)