Classification of the definitions. Instead of providing a unique definition of privacy, it is worth examining what clusters of privacy or categorization of the definition

of privacy exist, as they can provide important guidance in relation to the far-reaching nature of privacy and can improve instincts on privacy relating to which areas of life should receive legal protection.

191 Levin, A. and Sánchez Abril, P. (2009) ‘Two Notions of Privacy Online’, Vanderbilt Journal of Entertainment and Technology Law, 11(4), p. 1013.

192 Julie C. Inness, J. C. (1992) Privacy, Intimacy, and Isolation. Cited in: Solove, D. J. (2002)

‘Conceptualizing Privacy’, California Law Review, 90(4), p. 1121.

193 Cited in: Levin, A. and Sánchez Abril, P. (2009) ‘Two Notions of Privacy Online’, Vanderbilt Journal of Entertainment and Technology Law, 11(4), p. 1013.

194 As Daniel Solove analysed in his article entitled “Conceptualizing Privacy”, most of the existing definitions are either too narrow or too broad and presented his thorough criticism regarding these notions.

He argued that definitions do not lack merit, as they might provide valuable insight into privacy, but none of them in itself succeed in perfectly capturing the essence of privacy. (Source: Solove, D. J. (2002)

‘Conceptualizing Privacy’, California Law Review, 90(4), p. 1099.) Also, for the purpose of the dissertation not all “types” of privacy will be relevant – for example, the privacy of the home or physical privacy – instead, focus will be put on control over information and the autonomy or self-determination of the individual.

53 56. Certain scholars avoided providing a unique definition but defined different categories or clusters of privacy. Judith Wagner DeCew differentiated between three clusters of privacy claims: informational privacy, accessibility privacy and expressive privacy.¹⁹⁵ Jerry Kang argued that privacy is composed of three overlapping clusters:

spatial privacy (physical space), decisional privacy (choice) and information privacy (flow of information).¹⁹⁶ The Supreme Court of Canada distinguished between three “zones of privacy”: territorial privacy, personal privacy and informational privacy.¹⁹⁷ According to József Hajdú, privacy protection can take four forms: data protection, protection of the human body, protection of communication and protection of space.¹⁹⁸

57. Other scholars regrouped the existing definitions into different groups:

according to Ken Gormley, the different privacy notions that appeared after Warren’s and Brandeis’s ground-breaking work can be grouped into four categories: (1) privacy as the expression of one’s personality, (2) privacy as autonomy, (3) privacy as the ability to regulate information and (4) privacy composed of different essential components.¹⁹⁹ In addition to these four categories defined by Gormley, Éva Simon identified two more to be added to this list: (5) concepts according to which privacy is approached from societal interests, (6) while the sixth category is composed of theories according to which the right to privacy cannot and should not be reduced to one single definition.²⁰⁰

Another study from 2013, entitled “Seven Types of Privacy”, written by Rachel L.

Finn, David Wright and Michael Friedewald, made a huge contribution towards how to approach privacy. In this article the authors also opted for categorizing the types of privacy in a structured, logical way instead of creating a universal definition. They based their analysis on the four privacy subsets defined by Roger Clarke in 1997 and revised and expanded these categories while taking into account the technological developments that occurred during the past decades. They differentiated between seven types of privacy: (1) privacy of the person, (2) privacy of behaviour and action, (3) privacy of personal

195 Solove, D. J. (2002) ‘Conceptualizing Privacy’, California Law Review, 90(4), p. 1125. See more on their analysis in: McCullagh, K. (2008) ‘Blogging: self presentation and privacy’, Information & Communications Technology Law, 17(1), pp. 4-6.

196 Kang, J. (1998) ‘Information Privacy in Cyberspace Transactions’, Stanford Law Review, 50(4), pp. 1202-1203.

197 McKay-Panos, L. (2007) ‘Workplace Surveillance’, LawNow, 32(2), p. 45.

198 Hajdú, J. (2005) A munkavállalók személyiségi jogainak védelme. Szeged: Pólay Elemér Alapítvány. p.

10.

199 Gormley, K. (1992) ‘One Hundred Years of Privacy’, Wisconsin Law Review, (5), pp.1137-1138.

200 Simon, É. (2005) ‘Egy XIX. századi tanulmány margójára’, Információs Társadalom, (2), p. 33.

54 communication, (4) privacy of data and image, (5) privacy of thoughts and feelings, (6) privacy of location and space and (7) privacy of association.²⁰¹ In order to be able to successfully assess the future challenges posed by new emerging technologies, the authors argued that “[…] privacy is an inherently heterogeneous, fluid and multidimensional concept, and […] suggest that this multidimensionality may be necessary to provide a platform from which the effects of new technologies can be evaluated.”²⁰²

58. One important example of those who think that privacy should not be reduced to a single definition is Daniel Solove’s approach. In his article, “Conceptualizing Privacy” he argues that instead of creating an overarching concept, privacy should be better understood as “drawing from a common pool of similar characteristics”.²⁰³ In his article Solove differentiated between six categories of privacy and regrouped the existing definitions into these categories. According to him, privacy can be interpreted as (1) the right to be let alone, (2) limited access to the self, (3) secrecy, (4) control of personal information, (5) personhood and (6) intimacy.²⁰⁴ He pointed out that there is a problem with all these definitions: their scope is either too narrow or too broad. He emphasized that it does not mean that these concepts lack merit, the problem is that these authors use a traditional method of conceptualizing privacy, and as a result their definitions only highlight either some aspects of privacy, or they are too broad and do not give an exact view on the elements of privacy.²⁰⁵

These headings defined by Solove can be understood as the main elements when it comes to the content of privacy, as knowing all these definitions, we can have a clue what areas of life privacy covers, and it can help to broaden and to improve instincts on privacy.

Instead of applying these methods of conceptualizing privacy, Solove adopts a pragmatic approach by seeking to provide not one exhaustive definition but rather an approach to better understand privacy.²⁰⁶ He takes into account that privacy depends on several factors – such as societal norms, technology and context – and argues that a practical approach is

201 Finn, R. L. et al. (2013) ‘Seven Types of Privacy’, in Gutwirth, S. (ed.) European Data Protection:

Coming of Age. Dordrecht: Springer, p. 7.

202 Finn, R. L. et al. (2013) ‘Seven Types of Privacy’, in Gutwirth, S. (ed.) European Data Protection:

Coming of Age. Dordrecht: Springer, p. 26.

203 Solove, D. J. (2002) ‘Conceptualizing Privacy’, California Law Review, 90(4), p. 1088.

204 Solove, D. J. (2002) ‘Conceptualizing Privacy’, California Law Review, 90(4), p. 1094.

205 Solove, D. J. (2002) ‘Conceptualizing Privacy’, California Law Review, 90(4), p. 1099.

206 Solove, D. J. (2002) ‘Conceptualizing Privacy’, California Law Review, 90(4), pp. 1126-1128, p. 1129

55 needed to address privacy related issues, instead of creating one overarching definition of privacy.²⁰⁷

59. The complexity of the subject was also highlighted by Koop et al. who have provided in their article, entitled “A Typology of Privacy” a typology of privacy “that is more systematic and comprehensive than any existing model.”²⁰⁸ In their typology they positioned the main types of privacy in a two-dimensional model, composed of the degree of privateness²⁰⁹ and the spectrum of positive to negative freedom.²¹⁰ They identified eight types of privacy (bodily, intellectual, spatial, decisional, communicational, associational, proprietary, and behavioral privacy) and an extra “one”, informational privacy which – as it overlaps but does not coincide with each identified privacy type – constitutes an overarching concept instead of a separate type of privacy.²¹¹

60. Again, these classifications are important as they can indicate that privacy in relation to SNSs cannot be reduced to one element, but several aspects of privacy gain significance in relation to SNSs (e.g. communication through using the messenger functions of these platforms, the ability to express one’s personality through posting a variety of content, deciding who can have access to the shared content through the application of privacy settings, etc.).

(b) Factors influencing privacy

61. Privacy should not and cannot be interpreted in a vacuum: what is considered to be private is highly dependent on the circumstances: there are huge differences between particular societies and cultures, or scientific development can also lead to a different, urging need for ensuring the protection of privacy.²¹² Different factors might influence privacy norms in a given society, such as, for example, the political, the socio-cultural and the personal level,²¹³ the new generations of technology and new generation of users,²¹⁴ or dimensions of time, place, economy and technology.²¹⁵ All these

207 On this approach see: Solove, D. J. (2002) ‘Conceptualizing Privacy’, California Law Review, 90(4), pp.

1129-1154.

208 Koops, B-J. et al. (2017) ‘A Typology of Privacy’, U. Pa. J. Int’l L., 38(2), p. 483

209 Koops, B-J. et al. (2017) ‘A Typology of Privacy’, U. Pa. J. Int’l L., 38(2), p. 564

210 Koops, B-J. et al. (2017) ‘A Typology of Privacy’, U. Pa. J. Int’l L., 38(2), p. 565.

211 Koops, B-J. et al. (2017) ‘A Typology of Privacy’, U. Pa. J. Int’l L., 38(2), pp. 566-568.

212 Fried, C. (1968) ‘Privacy’, The Yale Law Journal, 77(3), p. 486., p. 475.

213 Westin, A. F. (2003) ‘Social and political dimensions of privacy’, Journal of Social Issues, 59(2), pp. 431-434.

214 Tene, O. (2011) ‘Privacy: The new generations’, International Data Privacy Law, 1(1), p. 15.

56 factors make it even more difficult to establish one single definition of privacy. Among the possible factors influencing the understating of privacy, attention will be drawn to technology, social norms and the individual and the context.

62. Technology has always had a close connection with privacy as new innovations of technology change how privacy might be violated, as they gave rise to different kinds of privacy intrusions²¹⁶ – which is also in the focus point of the dissertation.

Technological innovations, such as profiling, location tracking, mobile devices, biometrics, RFID, cloud computing, etc. evoke new kinds of privacy challenges.²¹⁷ Existing threats to privacy have become increasingly important due to the growth of Internet and online activities.²¹⁸ As part of technological inventions, social media and SNSs will have their influence on privacy as well – but these questions will be discussed in detail in Title 2. As it will be demonstrated in relation to the possible existence of “social media law”, these technological innovations do not raise the question of the existence of a fundamentally new online privacy law, they rather challenge existing conceptions of privacy.^{219, 220}

63. As technology advances, it naturally influences individuals’ behaviour and social norms relating to privacy and expectations of privacy: social media and the

215 Report of the Special Rapporteur on the right to privacy (2016). A/HRC/31/64. United Nations, General Assembly. par. 21.

216 For example, taking someone’s photograph has become considerably easier – an example also used by Warren and Brandeis back in 1890: while formerly, in order to capture one’s image, the individual had to pose for hours to get his/her portrait taken. The invention of cameras changed this landscape. Ever since, these devices have become smaller and cheaper, available to the general public. Today basically every smartphone has a built-in camera, making it possible to capture one’s image, without the individual’s knowledge. Development has not stopped here: Google glasses or Google contact lenses will raise different types of challenges. Or, eavesdropping also changed through time: the invention of printing, the invention of telephone, e-mails changed how the confidentiality of communications can be infringed.

Though technology can indeed pose a threat to privacy, it must be seen that technological evolution is not an enemy of privacy, as in certain cases it can contribute to protecting privacy in more effective ways, enabling individuals to experience more privacy than their ancestors. Source: Schoeman, F. D. (2007) ‘Privacy:

philosophical dimensions of the literature’, in Schoeman, F. D. (ed.) Philosophical Dimensions of Privacy:

An Anthology. Cambridge: Cambridge University Press, p. 2.

217 See more on how technology affects and challenges privacy in: Weber, R. H. (2015) ‘The digital future – A challenge for privacy?’, Computer Law and Security Review, 31(2), pp. 236-239.; Tene, O. (2011)

‘Privacy: The new generations’, International Data Privacy Law, 1(1), pp. 16-21. and Türk, A. (2011) La vie privée en péril: des citoyens sous contrôle. Paris: OJacob.

218 One example is identity theft, which is greatly facilitated in the online environment, compared to its offline counterpart. Source: Knight, A. and Saxby, S. (617) ‘Global challenges of identity protection in a networked world’, Computer Law and Security Review, 30(6), p. 619.

219 See more on this matter in Title 2.

220 The UN special rapporteur on privacy also calls attention to the re-examination of understandings of privacy, such as distinctions between “individual and collective privacy”, expectations of privacy in public and in private places, with special regard to the free development of one’s personality in the light of technological development. Source: Report of the Special Rapporteur on the right to privacy (2016).

A/HRC/31/64. United Nations, General Assembly. par. 27.

57 unprecedented extent of online self-exposure can be mentioned as one example.²²¹ For example, while a few decades ago it was completely unimaginable to publicly share with an undetermined or a very high number of people what someone ate for breakfast, which itinerary this person used for his/her morning run, or who he/she is dating, today the share of such information is commonplace on SNSs.

64. The individual also plays a central role, as expectations of privacy can vary from individual to individual.²²² Anders J. Persson and Sven Ove Hansson also took into consideration the individual’s expectations and they divided privacy into two parts: a core part, which is protected “by default” – regardless of the individual’s acts – and a discretionary part, which is considered to be private depending on the individual’s attitudes.²²³ Privacy is highly dependent on the given context as well: Helen Nissenbaum emphasizes the importance of “contextual integrity” when it comes to privacy, pointing out that depending on the concrete situation, on the context in which the same information is shared might be considered private differently.^{224, 225}

65. Conclusions of Part (B). To conclude, all these factors, such as technology, ever-changing social norms, and perceptions of the individual, hinder the creation of a universal definition of privacy. Consequently, what is considered to be private (e.g. by a society or by an individual) is not always going to be subject to legal protection. Despite the lack of the ability to define privacy and despite its ever-changing nature, legal regulations must find an average standard that must receive legal protection. In §2 these international and national legislations will be discussed.

66. In spite of the difficulties in creating a uniform definition, a definition must be adopted in order to determine what will be understood by privacy for the purpose of the dissertation. As it became apparent, privacy can comprise different aspects. In the context of SNSs, mostly two aspects of privacy, the informational aspect of privacy and decisional privacy will gain utmost importance. Although at the outset it can be concluded that the

221 Tene, O. (2011) ‘Privacy: The new generations’, International Data Privacy Law, 1(1), p. 22.

222 What one might consider as intrusion into private life – e.g. opening up about his/her relationship to a distant relative – another might consider as completely normal – e.g. sharing the same information documented in detail with photos, videos, etc. on social media with several hundreds of contacts.

223 Persson, A. J. and Hansson, S. O. (2003) ‘Privacy at Work – Ethical Criteria’, Journal of Business Ethics, 42(1), pp. 61-62.

224 Nissenbaum, H. (1998) ‘Protecting Privacy in an Information Age: the Problem of Privacy in Public’, Law and Philosophy, 17(5–6), p. 581.

225 For example, sharing information relating to one’s health might feel appropriate if the recipient is the individual’s doctor, but sharing exactly same information might feel inappropriate and as an intrusion into privacy if the employer asks for the same information.

58 informational aspect of the question will also be directly regulated by the right to data protection. Therefore, when addressing privacy, particular attention should be paid to autonomy, meaning the individual’s right to decide on his/her own. On the basis of the above, for the purposes of the dissertation, privacy is understood broadly, as the control over the autonomy of the individual, meaning that the individual should be able to decide how to live his/her life. In the context of SNSs – as it will be addressed under Title 2 – it should primarily mean that the employee is free to decide whether to engage in SNSs, and how he/she can use these sites (what content to share, with whom, etc).

§2. The legal regulation of the right to privacy

67. As it was already referred to, several international human rights agreements guarantee the protection of privacy/respect for private life.²²⁶ In the following, the substance of the relevant (A) international (with the European legal order at the focus point) and (B) national norms will be addressed, with the aim of understanding what circumstances receive legal protection under the right to privacy.

(A) International human rights instruments

68. United Nations. Among the UN’s international documents ensuring the right to respect for private life, the UDHR and the ICCPR must be mentioned. However, for lack of space, these provisions will not be addressed in detail,²²⁷ as focus will be rather put on the examination of the ECHR and the CFREU, as they are concentrated on the European legal order. Under the aegis of the UN, the UN special rapporteur on privacy

226 So far, the expressions “privacy” and “right to privacy” were employed, but (European) legal regulations mostly refer to the expression “right to respect for private life”. It must be emphasized that privacy and private life are not synonyms, private life supposes a narrower scope, traditionally connected to secrecy or concealment, to protection against certain interferences – as it will be presented in the following paragraphs.

However, there is a tendency indicating that the right to respect for private life is understood in a broader way (see, for example, the analysis on the ECtHR’s practice), incorporating also the autonomy of the individual – which matter is connected to privacy rather than to private life.

227 Both documents guarantee the right for respect of private life by stating that it is a fundamental human right and no one shall be subjected to arbitrary interference with his/her privacy, family, home and correspondence, or to attacks against his/her honour and reputation and they have the right to protect themselves against such unlawful interference (Article 12 of the UDHR and Article 17 of the ICCPR).

Certain differences exist between the wording of these provisions: for example, compared to the ICCPR, the UDHR protects only against arbitrary interference and not unlawful interference. Also, regarding honour and reputation, the UDHR gives protection against any kind of attacks, while the ICCPR ensures protection against arbitrary attacks. Source: Mendel, T. et al. (2013) Étude mondiale sur le respect de la vie privée sur l’Internet et la liberté d’expression. Paris: Éditions Unesco (Collection Unesco sur la liberté de l’Internet). p.

59.

59 must also be mentioned, who is an independent expert appointed by the Human Rights Council, whose task is to examine, report and raise awareness on the right to privacy.²²⁸

69. Protection in Europe.²²⁹ In Europe, two regional organisations have to be mentioned, both of them having an elaborate system and regulation: the CoE and the European Union. It is the Council of Europe’s European Court of Human Rights (hereinafter referred to as: ECtHR) and the European Union’s European Court of Justice (hereinafter referred to as: CJEU) which created a detailed case law.

(a) ECHR and ECtHR

70. The centrepiece of the European protection of human rights,²³⁰ one of the most important documents regulating the right to privacy is the European Convention on Human Rights (Council of Europe, 1950, Article 8), which served as a genesis for several pieces of privacy legislation throughout Europe.²³¹ Also, the European Court of Human Rights created very important case law regarding Article 8, characterized by rich legal development.²³²

71. Article 8 of the ECHR: right to respect for private and family life. The