Konturen des europäischen Datenschutzgrundrechts Zu Gehalt und horizontaler Wirkung von Art. 8 GRCh
26,60 € inkl. gesetzl. MwSt.
Art. 8 of the EU Charter of Fundamental Rights (CFR) guarantees the protection of personal data. Unlike the German Basic Law and most international human rights treaties, Art. 8 CFR introduces an independent right to data protection. This paper explores the normative scope and content of Art. 8 CFR and clarifies its implications with respect to private parties. It shows that Art. 8 CFR is not merely a subset of the right to privacy. The right to data protection serves a variety of purposes. In addition to privacy aspects and personality rights, the protection of personal data enhances the exercise of fundamental rights and freedoms such as the freedom of information and communication, and the exercise of economic rights. Therefore, Art. 8 CFR must be understood as a set of basic principles of data protection. These principles do not only apply vis à vis state action, but have regulatory implications for the data economy as a whole. The effect on private parties, how ever, is in need of further explanation. Despite several decisions of the Court of Justice of the European Union (CJEU), in particular the Google Spain judgement, the conceptual frame of the horizontal effect remains unclear. According to Art. 51 CFR, the rights of the Charter address the institutions and bodies of the Union and the Member States. The paper explicates the doctrinal grounds on which a horizontal effect of fundamental rights can be construed. It argues that is not the mere social or economic power of private actors, platforms and other intermediaries, but the capacity to shape the infrastructure of the internet and a digitized society that entail special obligations. The legislator in particular has a responsibility to observe whether the conventional mechanisms of self-determination in the private sphere, like consent, are effective under these conditions. Art. 8 CFR allows for a variety of regulatory interventions to protect personal data, but does not compel an arrangement of uniform data protection rules for state actors and private companies alike.