PERSONAL DATA CONCEPT IN THE ELECTRONIC ENVIRONMENT

Abstract

This paper asserts that the notion of personal data, as enshrined by the Directive, has failed to be harmonised with realities of the global electronic era. The question of information‘s links with individual person highlights essential uncertainty brought about the concept – in online environment, using the internet search engine or other communication mediums, virtually any personal information can be associated with a specific person or at least group of individuals. In virtual environment the individual‘s name and surname have lost their customary meaning. Many other categories of information have assumed the qualities unique to personal identity: frequency of login to virtual accounts, goods purchased online, online ads clicked on, websites visited and etc. Broad concept of personal data, as proposed in the initial version of draft Regulation proposed by the European Commission presumably, could have opened the gates for more vigorous personal data protection regime in cyberspace. However, after the first reading in the European Parliament, the draft Regulation has been advertently reverted back to the original notion laid down in the Directive. This shift might signal acknowledgement that the expectations to target the personal information stretching online by means of statutory regulation of one specific jurisdiction (even as wides as EU is) are somewhat unrealistic. Finally, even the recent ECJ case-law has not yet provided any more coherent guidance on the future concept of personal data in the EU. The paper focuses on the analysis of Directive, national legislation in the Republic of Lithuania as well as the case law of Court of Justice and national courts, whereas limited attention is also paid to the new Regulation for personal data protectionThis paper asserts that the notion of personal data, as enshrined by the Directive, has failed to be harmonised with realities of the global electronic era. The question of information‘s links with individual person highlights essential uncertainty brought about the concept – in online environment, using the internet search engine or other communication mediums, virtually any personal information can be associated with a specific person or at least group of individuals. In virtual environment the individual‘s name and surname have lost their customary meaning. Many other categories of information have assumed the qualities unique to personal identity: frequency of login to virtual accounts, goods purchased online, online ads clicked on, websites visited and etc. Broad concept of personal data, as proposed in the initial version of draft Regulation proposed by the European Commission presumably, could have opened the gates for more vigorous personal data protection regime in cyberspace. However, after the first reading in the European Parliament, the draft Regulation has been advertently reverted back to the original notion laid down in the Directive. This shift might signal acknowledgement that the expectations to target the personal information stretching online by means of statutory regulation of one specific jurisdiction (even as wides as EU is) are somewhat unrealistic. Finally, even the recent ECJ case-law has not yet provided any more coherent guidance on the future concept of personal data in the EU. The paper focuses on the analysis of Directive, national legislation in the Republic of Lithuania as well as the case law of Court of Justice and national courts, whereas limited attention is also paid to the new Regulation for personal data protection.