This chapter introduces the European approach to privacy and data protection. Two things are important to point out from the start. First, there are differences between the right to privacy and the right to data protection, which will be described in more detail below. Perhaps the most prominent difference lies in the material scope. The right to privacy usually does not extend to the collection of nonprivate and non-privacy-sensitive data, whereas the term ‘personal data’, central to most data protection documents, is not limited to private or sensitive information, but extents to any data with which someone could potentially be identified. ‘Even ancillary information, such as “the man wearing a black suit” may identify someone out of the passers-by standing at a traffic light.
’Second, this study will primarily discuss the European perspective and in doing so will refer to documents of both the European Union (EU) and the Council of Europe (CoE). For privacy, the case law by the European Court of Human Rights (ECtHR) on Article 8 of the European Convention on Human Rights (ECHR) will be central and with regard to data protection, the EU's Data Protection Directive and the General Data Protection Regulation, which will replace the Directive over time, will function as the primary (though not exclusive) points of reference.
Article 8 ECHR grants a right to respect for private and family life, home and correspondence:
The right to data protection is currently protected by the Data Protection Directive, which contains rules for data controllers such as: store data only when necessary, store data safely, process personal data with a legitimate aim, be transparent about the processing activities, etc. It also contains some rights for data subjects, such as the right to have access to personal data, to correct inaccurate data and to object to certain types of data processing.