Documente Academic
Documente Profesional
Documente Cultură
by
The digitalization of the world has led to the application of technology to every sphere
of the human life and endeavor with law being no exception. Law and technology have
quite a history embedded in subject areas such legal informatics, legal information,
technology law and other similar nomenclature. The storage/processing of data has
gained so much prominence for a host of reasons prominent among which is the right
to privacy and data protection. Therefore law plays a paramount role in the
processing/storage of data making it inevitable for lawyers to study same. Due to the
dynamic nature of technology with which legal informatics is concerned, it is important
that lawyers keep in tune with both legal and technological advancements to ensure
growth in the field of legal informatics. This writer holds the opinion that
papers/articles/journals on legal informatics are shrouded in abstract and sometimes
not so easily comprehensible language. Therefore, the purport of this paper is to carry
out an overview of legal informatics with the overall objective of reducing the field of
legal informatics into an easily comprehensible short paper.
ii
LITE IT
iii
TABLE OF CONTENTS
A. INTRODUCTION- Page 1
K. CONCLUSION- Page 18
iv
A. INTRODUCTION.
It is usual for persons interested in the study of a subject area to search for materials in
that area. The writer acknowledges that one of the most difficult challenges such
persons can face is seeking academic materials to enhance one‟s knowledge and not
being able to find same. It would appear as though scholars are much more concerned
about the technical aspects of legal informatics that simple, elementary and
foundational issues of legal informatics are not being given much attention.
From seemingly simple activities such as shopping in a mall and having to pay with a
credit card or shopping online to more complex activities like the advent of connected
cars, legal informatics is becoming an important factor in our daily lives. The study of
legal informatics is of such importance that a time may come in the future when one
may not be able to call himself a lawyer if not possessing the knowledge of legal
informatics. Such is the weight legal informatics has gained as of today!
The most developed offspring of legal informatics is undoubtedly data protection, with
the recent legislations within the EU on data protection being an evidence of such
development. With the revolution being created by technology, with modern forms of
storage capable of storing tons of data, it has become imperative for lawyers and
stakeholders alike to take matters of privacy with utmost seriousness.
The fundamental nature of legal informatics will be further appreciated when one
considers the level of technological advancements in the world today and the kind of
problems that will be created if legal informatics had not arisen to save the day.
Therefore, legal informatics can be described as the proverbial prune with which the
farmer trims his flowers (technology) to prevent them from growing out of shape and to
keep them beautiful. Legal informatics therefore brings sanity and respect for the rule of
law in the application and use of technology in our society.
The writer acknowledges that it is impossible to fully address all issues arising from
legal informatics through this short paper. However, some selected issues which are
necessary for a basic understanding of legal informatics will be discussed in this paper.
After reading this paper, one should be able to get the gist of legal informatics as a field
of legal study.
1
B. LEGAL INFORMATICS: LOOKING BACK AT SOME HISTORY.
In any area of study, a consideration of the history and/or origin of the subject matter is
necessary for an appreciation of the background, growth and future of the subject area.
The history of legal informatics is however not the easiest to trace. It has been noted2
that legal informatics, is often described as a new science despite its over sixty–year
history as an “internationally robust and modern legal science”.
Just like Jon Bing3, this writer will start this tracing this history of legal informatics with
an apology due to the distorted nature of the history of legal informatics attempted in
this paper. What this writer has tried to do is to arrange selected accounts of the history
of legal informatics as most chronologically possible.
As a starting point, the history of legal informatics is traceable to the foundation of the
relationship between law and computers. In the year 1955, it was reported4 that
Professor John F. Horty had approached the Data Processing and Computer Center for
the creation of a word retrieval system to aid in the amendment of a piece of legislation
in Pennsylvania. This saw to the creation of the first word retrieval system which was
later demonstrated to the American Bar Association in 1960. This technology is credited
as being used to build the LITE system (Legal information through electronics) and also
the bedrock of the internet search engines of today.5
There has also been reference to the “period of the forerunners” which involved
“disparate attempts to discuss computer-related aspects of law such as Lee Loevinger‟s
vision of legal thinking based on quantitative and formal reasoning in 1949 and Norbert
Wiener‟s reflections on cybernetics and law in 1954.”6 These marked the first sojourn
into the research of legal informatics, though under different titles but covering the
same/similar subject matter.
It is also recorded that in the 1960‟s, the first legal databases were started. In the 1970‟s,
there was a use of informatics by the public administration through the use of large
databases for storing information such as population data, fiscal data.7
2 (2016). Society trapped in the network: Does it have a future? Rovaniemi: Lapin yliopisto, by Prof. Ahti
Saarenpää, page 57, paragraph 2.1.
3 Jon Bing, Computers and Law: Some Beginnings, Olav Torvund and Kirsti Pettersen (ed.), (Oslo), Yulex
http://www.ictparliament.org/sites/default/files/WP002_legislativeinformatics.pdf 23/02/2017 at
2:23pm.
2
The years 1966-1967 saw the creation of a database called STATUS (Statute Search) by
Bryan Niblett but he could upload legislations on the said database for political
reasons.8
Another milestone in the history of legal informatics occurred in 1967 when Alan F.
Westin published his book on privacy titled Privacy and Freedom. The book was
published at a time when privacy started becoming an issue in Europe.9
The developments in Europe will be incomplete without mentioning the Council of
Europe which set up a “Committee of experts on the harmonization of the means of
programming a legal data into computers” which swung into action in the year 1969.
The Committee was later renamed the Committee on Legal data Processing in 1974. The
Committee was credited with facilitating discourse on the legal information sources;
teaching about computers and law; facilitation of communication between European
institutions and also the adoption of legal instruments. 10
From an academic perspective, there was the need to improve the quality of legal
research to meet the requirements of a modern welfare state and this was sought to be
achieved in the form of legal information systems. Professors Fiedler, Simitis and Klug
came together for this purpose in 1972, prepared a report and formed a system called
JURIS.11 Various contributions were also made to the field of legal informatics by
various Professors across Europe in countries including Germany, France, and Italy
etc.12
The 1980‟s saw the use of personal computers and the deployment of IT for personal
purposes. Applications were also set up for use with such personal computers.13
The 1990‟s saw the creation and integration of computer applications for use in many
legal organizations such as parliaments, judiciaries etc. The development of the
„infrastructure of information technology‟ is said to have occurred between the years
1990 to 1995, with Tim Bernes Lee credited with developing the World Wide Web in
1990.14 1993 saw the release of the first web browser, Mosaic by Marc Anderssen and a
search engine, Alta Vista, was launched in 1995.15 Also, it was during the years 1990-
1995 that the EU was debating over what is now known as DPD.
Between the end of the 1990‟s and the beginning of the new millennium, legal
informatics has prospered due to the expansion of the internet and the consequent
increased communication between the legal organizations such as parliaments,
judiciaries etc and the public.16
3
The writer acknowledges that his attempt at stating the history of legal informatics
cannot be complete and all encompassing. However, some part of the history which can
aid an understanding of the journey of legal informatics from inception till more
recently is covered and it is hoped this suffices for the purpose of this paper.
As a starting point, the term legal informatics is made up of two words: legal and
informatics. It is trite that the term legal is used when the concept being described
pertains to law. Informatics has been defined as the study of information processing;
computer science.17 In my own words, legal informatics entails the application of legal
principles to the processing of data to ensure compliance with the law pertaining to all
rights, duties and obligations arising therefrom especially in respect of the rights to
privacy, data protection and other such rights or duties and obligations that may arise
therefrom.
Legal informatics has been defined as the academic field that concerns itself with the
problematics of computers and law.18 Legal informatics has also been defined as the
theory and practice of computable law, i.e., of cooperation/symbiosis between humans
and machines in legal problem-solving.19
Professor Peter Seipel also makes mention of the concept of legal informatics which in
Germany is called “Rechtsinformatik” and includes legal aspects of computer usage
17
http://www.dictionary.com/browse/informatics
18 Society Trapped in the Network: Does It Have a Future? Rovaniemi: Lapin yliopisto, 2016, page 18.
19 Giovanni Sattor and Enrico Franchesconi, Legal Informatics and Legal Concepts. Available at:
http://eurovoc.europa.eu/drupal/sites/all/files/EuroVocConference_Opening_Speech_by_GSarto.pdf
26/02/2017 at 3:17pm.
20 Seipel, Peter. Computing Law: Perspectives On a New Legal Discipline. 1977, (Stockholm).
21 As formulated by Lee Loevinger.
22 As defined by Lee Loevinger and quoted by Seipel (id) at page 122.
23 Id, Seipel at page 122.
4
labeled as data processing law and information law.24 Seipel also made reference to a
definition of Rechtsinformatik (Legal Informatics), attributed to Herbert Fiedler, which
as a discipline should be conceived of as a theory of structures focusing on data
processing in state and law.25
Erdelez and O‟Hare have been quoted as defining legal informatics as follows:
“The American Library Association defines informatics as „the study of structure and
properties of information, as well as the application of technology to the organization,
storage, retrieval and dissemination of information.‟ Legal informatics therefore,
pertains to the application of informatics within the context of the legal environment
and as such involves law-related organizations (e.g., law offices, courts, and law
schools) and users of information and information technologies within these
organizations.”26
One of the primary contributions/roles of legal informatics in the society today is in the
area of E-governance. Due to global digitalization and the ease that computerization
brings to all forms of administration, the administration of governments around the
world has turned to digitalization for the purpose of bringing the dividends of their
governance to the society through easily accessible medium and at a cheaper cost. E-
governance has been defined as “the initiatives of government agencies and
departments to use ICT tools and applications, internet and mobile devices to support
good governance, strengthen existing relationships and build new partnerships within
5
civil society.”27 Don Tapscott has also been quoted as defining E-Government as “an
Internet-worked government which links new technology with legal systems internally
and in turn links such government information infrastructure externally with
everything digital and with everybody – the tax payer, suppliers, business customers,
voters and every other institution in the society.”28 Four target groups have been
identified as the recipients of e-governance as follows: citizens, businesses,
governments (other governments and public agencies) and employees.29
The writer wishes to emphasize the fact that one of the key contributions of E-
governance to the society is the cheap nature of delivering services to the society as
costs arising majorly from processing activities are greatly reduced. The example of
such reduced cost was revealed through the activities of the US Inland Revenue Service
whose cost of processing a paper tax form costs $1.60 but only $0.40 to process an
electronic form.30 Other advantages E-government brings to the table include efficiency,
ease of transacting with the government, acceleration of governmental activities to
mention a few. While E-government makes use of technological advancements (IT) for
the purpose of delivering its objectives, legal informatics is the field of law that
regulates the delivery of such services to ensure compliance with applicable rules and
the rights of consumers.
27 Valentina (Dardha) Ndou: E –government for developing countries: opportunities and challenges,
EJISDC (2004) 18, 1, page 1. Also available at: http://www.yasa.inet-
tr.org.tr/akgul/unpan/UNPAN018634.pdf 28/2/2017 at 4pm.
28 Ibid at page 4.
29 Ibid at page 5.
30 Al-Kibsi et al., 2001 as cited by Ndou. Ibid at page 9.
31 Schultz Thomas: Online Dispute Resolution: an Overview and Selected Issues page 4, paragraph 2.2.
6
Another area where legal informatics has left a mark is in the area of E-commerce. E-
commerce involves the sale of goods and services online. Legal informatics ensures that
there is a set of rules regulating such transactions. Some of the rules that have evolved
in respect of online transactions involve the use of cookies, storage and dissemination of
customer data, conditions for the sale and return of goods etc.
One of the most notable contributions of legal informatics in our society today is in the
field of privacy/data protection. From the pioneering works of Alan Westin to the
advent of big data and the attendant ease in the processing of data, it has become very
important that privacy/data protection be taken more seriously and legal informatics
has helped to invent the needed privacy/data protection rules. Legal informatics has
created a set of rules which help in the protection of the rights to privacy and data
protection of the data subject.
In every branch of law, there exists sources from which the relevant principles of law
are derived. Such sources can be likened to rivers from which the applicable principles
in each branch of law are fetched. In the course of this research, this writer discovered
that there is no comprehensive text on the sources of IT law. What the writer has done
for the purpose of this paper is to examine the sources of law in legal informatics (based
on EU law) within the confines of the traditional sources of law.
The sources of law can generally be classified into primary and secondary sources.33
The primary sources of law include domestic legislations, international treaties and case
law. Delegated legislations which consist of rules and/or regulations made by
bodies/institutions to whom such powers are assigned by the relevant Parliament are
also covered under this head. The secondary sources of law include guidelines,
recommendations, journals, articles, textbooks etc. The difference between primary and
secondary sources of law lies in the effect of both sources. The former being binding
while the latter only boasts of a persuasive effect.
In the field of legal informatics, the primary sources of law are derived from national
laws, international treaties for instance the international treaties on privacy, data
protection and E-commerce within the EU and decisions of the courts on IT/data
For a general discussion of the sources of law, See: Clinch, Peter. Legal Information: What It Is And
33
7
protection related matters. The secondary sources of the law on legal informatics
include international journals on IT law/legal informatics, textbooks and articles
written by learned and seasoned authors in the field.
Within the EU, the grundnorm/the most basic and primary sources of the law on legal
informatics is the Treaty on the Functioning of the European Union (TFEU) which
provides for the right to data protection and also empowers the EU parliament to make
laws for the protection of the right to data protection.34 It is from this very provision
that the EU parliament derives the powers to make enactments in relation to data
protection/privacy. Other primary sources of the law on legal informatics within the
EU include the various legislations of the EU parliament such as the GDPR which
repeals the DPD, the Police Directive which repeals the Council Framework Decision
2008/978/JHA etc. The enactments of the member states made pursuant to Directives of
the EU parliament also amount to primary sources of the legal informatics framework
though of lesser authority when compared to the EU Regulations. The decisions of the
CJEU are also sources of law for this purpose.
Textbooks, journals and articles written by Scholars such as Professors Peter Seipel, Jon
Bing and Ahti Saarenpää in the field of legal informatics form the secondary source of
law in the field of legal informatics. In some cases, some of these texts are used by the
court to support its decisions while some of these scholars are also invited as amicus
curiae to clarify knotty issues in court(s) when necessary.
Legal informatics has some fields which constitute the whole study area and are
essential for a proper understanding of legal informatics. Though there may be an
absence of a consensus on what constitutes the branches of legal informatics, this writer
will stick to the fields of legal informatics as delineated by Professor Ahti Saarenpää.35
Professor Saarenpää divided legal informatics into four fields as follows:
I. Legal Information;
II. Legal Information Processing;
III. Information law;
IV. ICT law.
I. Legal Information: Since the concept of Legal Information consists of two words,
legal and information, it is possible to approach the definition by examining the
definition of both words separately. Information has been defined as “an
Saarenpää, Ahti, and Karolina Sztobryn. Lawyers in the Media Society: The Legal Challenges of the
35
8
umbrella term for knowledge, facts, data, wisdom and any other derivative of
the term (although these terms can also be found contextually, of course). 36 Quite
obviously, legal relates to law. Therefore, legal information can be said to mean
„knowledge, facts and data‟ pertaining to law. The volume of legal information
available on the internet is presently quite huge, however, the quality of such
legal information could sometimes be questionable.37 Arising under legal
information is Information management (IM) with which an individual “plans,
collects, processes, controls, disseminates, uses its information and through
which it ensure that the value of the information is identified and exploited to
the fullest extent.38 Legal information management seeks to ensure, through the
use of technology, the effective and judicious use of the large chunk of
information (available on the internet). All the sources of legal sources of legal
information can be found on the internet with the aid of technology.39 However,
the accessibility of such legal information depends on a plethora of factors which
includes the level of computer literacy of the citizenry, the affordability of the
Computer systems amongst other things.
II. Legal Information Processing: This involves the processing activities carried out
in respect of the legal information in order to reach a certain result. The study of
legal information data processing can be traced back to the publishing of a paper
on jurimetrics and now to the study capture lawyer‟s information processing,
automated (government) decisions, computerized court rooms and other
processing activities like the processing of medical data.
III. Information law: This is the law regulating the generation, deployment,
management, dissemination and protection of information. Information law has
been said to serve two major purposes: “the protection of information that is of
commercial value and the protection of certain sorts of relationships within
which private information is readily disclosed. For example the relationship
between doctors and their patients.”40 The laws in this area have mostly played
the function of data protection all over the world although championed by the
EU.
36 Weller, Toni. 2008. Information history - an introduction: Exploring an emergent field. Oxford
(England): Chandos Publishing, page 18.
37 Howland, Joan. "Management of Legal Information in an International Context: A Conundrum of
Challenges and Opportunities." Frontiers of Law in China 6, no. 2 (2011): 165-179, page 178.
38 Kolawole, Joseph. "Motivation and Information Management as a Tool of Job Satisfaction of Employees
40 Reed, Chris, and John Angel. Computer Law: The Law and Regulation of Information Technology. 6th
ed. Oxford: Oxford University Press, 2007, page 506.
9
IV. ICT law: This deals with “automation of production, reproduction, processing,
storage and transaction of digital information as well as its protection and
communication via digital networks”.41 ICT law is also studied under legal
information, IT law and ICT regulation and policy.42 This field of law is studied
in many countries as IT law and/or Information law.
The subject matter of data protection is personal data and with the importance of in our
world today, data protection law has arisen to adequately protect the rights of data
subjects in this regard. Some attempts at defining data protection will be made below in
a bid to enhance the understanding of the subject matter. The subject matter of data
protection which is personal data has been defined as “any information relating to an
identified or identifiable natural person („data subject‟); an identifiable natural person is
one who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online identifier or
to one or more factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person”.43
Data protection law has been defined as “…the legal protection of individuals with
regard to automatic processing of personal information relating to them.”44 Data
protection has also been described as „fairness legislation‟, not requiring a balance
between data users and data subjects, but simply being fair to an individual.45
Alan Westin, known for his pioneering work in the field of data protection defined data
protection as “the claim of individuals, groups or institutions to determine for
themselves when, how and to what extent information about them is communicated”.46
Data protection has also been defined “as a right of informational self-determination,
that is, as the right to have a say in how data relating to one are processed by others”. 47
For data protection to apply to a given set of facts, such data must be regarded as
personal data.48
41 Ramírez Lynch, Christián, and Comi. ICT Law: From International Trade to E-trade : The Issue of Court
Jurisdiction. [Helsinki]: Comi, 2007, page 51-52.
42 ibid, page 52-53.
43 See Article 4 (1) of the GDPR.
44 The UK government‟s explanatory report, appended to the draft of the COE‟s Convention on Data
Protection as cited in Reed, Chris, and John Angel. Computer Law: The Law and Regulation of
Information Technology. 6th ed. Oxford: Oxford University Press, 2007, page 460.
45 CBI Conference, London, 4 March 1988 as cited in Reed, Chris, and John Angel, ibid.
10
H. DATA PROTECTION AS AN OFFSHOOT OF LEGAL INFORMATICS.
The right to data protection and legal informatics are inextricably linked, the former‟s
creation being inevitable due to the use of the latter. The right to data protection is
derived from the right to privacy as the protection of one‟s personal data is
fundamental to the right to privacy. It must be noted that the right to privacy is a
fundamental human right duly protected under various international conventions.49
The right to data protection can be traced back to Alan Westin who in 1967 through his
book “Privacy and Freedom” addressed the issues relating to privacy. 50 Some of the
factors necessitating the right to privacy in the realm of legal informatics have been
noted as:
“The general expansion of information-gathering and record keeping;
The development of personal dossiers by credit companies, the security files of
the department of defence, FBI, Federal Housing Administration etc;
The acceleration of information gathering by computers;
New public programs requiring personal data;
Computer technology facilitating the sharing of data;
The replacement of cash transactions by automatic processing.”51
The development of data protection continued with the input of the Organization for
Economic Co-operation and Development (OECD) which established the data bank
panel in 1969 and was later converted to the Information, Computers and
Communication Policy Committee (ICCP). 52 Further development was also noticeable
with the adoption of the Fair Credit Reporting Act in the USA and the
„Datenschutzgesetz‟ in the state of Hesse, Germany. 53 The German legislation is
credited with bringing the term data protection into the English language. 54 The
possibility of data hindering sales across borders became an issue in the 1970‟s with Jan
Freese along with Gassman coining the term “transborder data flows”. 55 Two
legislations, the OECD Guidelines on the protection of privacy and transborder flows of
personal data and the Convention for the protection of individuals with regard to
automatic processing of personal data were both adopted in 1980 and 1981
respectively.56 The negotiations57 for the EU DPD began in 1990 with the Directive
finally passed in 1995.58
11
A position that has been put forward is that a rationale for the formation of
privacy/data protection laws is found in the fear of developments in the way in which
„personal information is collected, used, stored and disseminated‟.59 Developments such
as “the demand for personal data and information by various types of organizations;
the quantity of personal data and information being collected, stored, used and
disseminated throughout the society; the speed and ease of such collection, usage and
dissemination; and the logical and/or physical integration of separate items of personal
data and information into large scale databanks”60 have made a strict data protection
regime a necessity.
From the attempt at tracing the history of data protection contained above, it is clear
that the right became necessary as a consequence of the challenges raised by technology
and the inevitable data processing that followed. Following the proposition above, the
fears61 that have necessitated the creation and use of data protection rules developed as
a consequence of the risks/possible negative effects of technology.
It is arguable that the parliament of the European Union, as of today, has been the most
globally active parliament in respect of the codification of data protection and privacy
rules in the world. Being a paper written in the EU, it only makes sense that this paper
discusses the legal framework for data protection within the EU.
The first point of call when considering the data protection legal framework within the
EU are the provisions of EU laws or laws applicable within the EU on the right to
privacy. Article 8 of the ECHR provides for the protection of the privacy of persons.
Before going any further, it is important to note that the ECHR is part of the body of EU
laws as EU member states are mandated to be parties to the said convention. 62 The
provision of Article 8 of the ECHR is reproduced below:
ARTICLE 8
Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his
correspondence.
2. There shall be no interference by a public authority with the exercise of this right
except such as is in accordance with the law and is necessary in a democratic society in
the interests of national security, public safety or the economic wellbeing of the country,
59 Bing, Jon, and Olav Torvund. 25 Years Anniversary Anthology in Computers and Law. Oslo: Tano,
1995, page 7.
60 ibid. page 7.
61 Which this writer believes is both rational and justifiable.
62 See Article 6(3) of the Treaty on the European Union.
12
for the prevention of disorder or crime, for the protection of health or morals, or for the
protection of the rights and freedoms of others.
The EU charter on Fundamental rights also guarantees the right to private and family
life and the right to protection of personal data in Articles 7 and 8 of the Charter
respectively. Article 16 of the Treaty on the Functioning of the European Union also
provides for the right to data protection. The TFEU also gives the EU parliament the
powers to make laws for the protection of the right to data protection. 63 It has been
posited (and this writer agrees) that the elevation of the right to data protection to the
status of a fundamental right has elevated the perception of the right especially
regarding the enforcement of the right by the Courts.64
It was pursuant to this power that the EU parliament enacted the DPD which has been
repealed by the GDPR and the Council Framework Decision 2008/977/JHA which has
also been repealed by the Police Directive. There is also the E-privacy Directive which is
being amended by the EU parliament as at the time of writing this paper.65
Data protection has received (and continues to receive) elaborate attention in the EU
because of the importance attached to the subject matter by the Union. The attention
given to the right to data protection has ensured an unmeasurable amount of value
added to the body of EU data protection rights. For instance, the right to be forgotten,
data impact assessment, periodic review of the extant data protection regime, privacy
by design among other things are some of the improvements that have been made to
the data protection laws as a result of continuous review of the field.
private life and the protection of personal data in electronic communications and repealing Directive
2002/58/EC (Regulation on Privacy and Electronic Communications). Available at: http://eur-
lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52017PC0010 retrieved on 13/03/2017 at 10.00am.
66 Recital 10 of Regulation (EU) 2016/679.
67 See the CJEU decision in the ASNEF case cited in Lee A. Bygrave, Id, page 60-61.
13
J. UNDERLYING PRINCIPLES OF DATA PROTECTION LAW.
Whenever and wherever data protection (or data protection legislations) are mentioned
or being reviewed, there are some generally acceptable and minimum standards which
ought to be met for such legislation to comply fully with a proper protection of one‟s
data. It has been noted that some of these principles are so germane that they have been
incorporated into the body of data protection laws68 all over the world and it has also
been further noted that these principles overlap in some cases.69 It must be noted that
most of the principles exist in the form of duties/conditions owed the data subject by
persons or institutions responsible for processing such data. Some of those principles
are considered below.
14
of personal data relating to him or her”.75 In the absence of consent of this
standard/nature, there cannot be said to have being a lawful and fair processing.
The writer opines that for the twin requirements under this head to be complied
with, the processing officer must act in accordance with the stipulations of a
given law and must also carry out his functions within the confines of the
privacy rights of the data subject. The fair and lawful processing principle is one
of the principles that has enjoyed some level of codification especially in the EU.
The GDPR gives us an insight into what the EU parliament means when it makes
reference to lawful processing. Some of the listed conditions for determining the
lawfulness of processing include consent of the data subject; use of the data for
only the purposes it was obtained for; processing is necessary for performing a
contract to which the data subject is a party; processing is necessary to protect
the vital interests of the data subject or for carrying out a legal obligation etc.76
The writer suggests that the conditions listed above can also serve as pointers to
what the EU parliament means by fairness (as in this context).
II. Proportionality: This principle, it has been said,77 has crept into the field of data
protection majorly through the decisions of the court. In a bid to shed some light
on the proportionality principle, the Working Party78 examined the said principle
in the context of the right to privacy79 as provided for in Article 8 of the ECHR
and adjudicated upon by the ECtHR.80 The proportionality principle “as set out
by the ECtHR, essentially requires that a measure which interferes with an
ECHR right should go no further than needed to fulfil the legitimate aim being
pursued”. The working party after a consideration of some cases decided by the
ECtHR, listed some factors which may be necessary for determining
proportionality as follows:
The first factor is that a proposed action in data processing to be
considered as proportionate must be necessary in the sense that there
must be no other existing effective measure for the processing the
information. In the event that the proposed action is not considered
necessary, then the legitimate aim the proposed action seeks to achieve as
well as the identified social need must be weighed and balanced in the
light of the data subject‟s right to privacy.81
15
The amount of data collected, the number of people that will be affected
and the period of retention of the information is another relevant factor.
Safeguards must be put in place to protect the fundamental rights of data
subjects.
The nature/sensitivity of the action/data sought to be processed is
another relevant consideration.
The severity of the social need and the possible effect on the public if not
properly tackled is another consideration under this head. The higher the
severity of the issue, the more the right of a data subject can be interfered
with.82
The working party also made reference to the CJEU‟s interpretation of the
proportionality principle in the Schwarz case.83 The Working party quoted the
CJEU‟s interpretation of the proportionality principle as being that the action
“must establish whether the limitations placed on those rights are proportionate
to the aims” and “to the objectives” (of the relevant legislation). “It must
therefore be ascertained whether the measures implemented are appropriate for
attaining those aims and do not go beyond what is necessary to achieve them
(see par. 40 of the judgment)”.
Suitability, necessity and non-excessiveness of the action have been identified as
the three prongs of the proportionality principle under EU law.84
From the above, the principle of proportionality conveys the literal meaning that
the word proportionality carries. Therefore, for a data processing action not to be
in contravention of the proportionality principle, such an action must be
proportionate for the purpose it is meant to serve taking the rights of the data
subject into consideration.
III. Minimality: This principle means that only information needed for processing
and no more can be obtained for the purpose of data processing. The feature in
legislations stipulating that data that is no longer required be dispensed with
falls under this head.85 Therefore, provisions mandating data processors to only
obtain relevant information needed for processing, identify the data subject only
when necessary86 and the right to be forgotten87 are examples of data protection
rules having their origin in the proportionality principle.
IV. Purpose Limitation: This principle stipulates that upon the collection of data, the
data must only be used for such purposes for which it is collected and no more.
16
This principle is also referred to as the „finality‟ and „purpose specification‟.88 The
purpose of this principle, it has been said, is to ensure that “personal data is
collected for specified, legitimate purposes and not used in ways that are
incompatible with those purposes”.89 The reasoning behind the principle lies in
“the concern for ensuring foreseeability in data-processing outcomes”.90 This
principle ensures that there is a high level of predictability in data processing
and outcomes of data processing can easily be predicted by both data subjects
and processors.
V. Data Subject Influence: This principle embodies the fact that data subjects ought
to be given a right to be heard in the processing of their personal data. Data
subjects ought to be made aware of the data processing activities being done in
respect of them and ought to be allowed to make a protest and/or complaint
where appropriate. This principle has been divided into two heads: Under the
first subhead, “are the rules making people aware of data processing activities
generally and under the second head, are the rules aimed at making persons
aware of the processing of data on themselves”.91 This principle is well reflected
in various data protection legislations especially in the EU.92
VI. Data Quality: This principle “stipulates that personal data should be valid with
respect to what it is intended to describe, and relevant and complete with respect
to the purposes for which it is intended to be processed”.93 Words such as the
accuracy of the personal data, relevancy of the personal data are used to denote
this principle under legal instruments such as the DPD.94
VII. Data Security: This principle “holds that personal data should be protected
against the unauthorized attempts to disclose, delete, change or exploit it”. The
rationale behind this principle, it would appear, is to ensure that personal data is
only used for the purpose for which it is obtained. An attempt, for instance to sell
the personal data of data subjects for commercial gains will be in clear violation
of this principle. Article 17 of the DPD is an example of a legal provision
embodying this principle.95
VIII. Sensitivity: This principle carries with it the meaning that certain types of data
be given should be handled more carefully to prevent a breach as a result of the
delicate nature of such data. The GDPR incorporates this principle by prohibiting
17
the processing of some kinds of information and permits their processing only
upon the fulfilment of certain conditions.96
K. CONCLUSION.
This paper has (hopefully) covered the basic issues in legal informatics and a law
student/any enthusiast new to legal informatics after reading this paper should
possess, in the least, a basic knowledge of legal informatics. As reflected above, the
study of technology and its effects on the society as well as the attempts of law to
regulate same is so voluminous that a short paper of this nature cannot fully address it.
It is however hoped that this paper serves the purpose intended by the author.
BIBLIOGRAPHY.
BOOKS/JOURNALS/ARTICLES.
18
9. Schultz Thomas: Online Dispute Resolution: an Overview and Selected Issues
page 4, paragraph 2.2. Available at:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=898821
10. Clinch, Peter. Legal Information: What It Is And Where To Find It. London:
Europa Publications, 2000.
11. Saarenpää, Ahti, and Karolina Sztobryn. Lawyers in the Media Society: The Legal
Challenges of the Media Society. Rovaniemi: Lapin yliopisto/University of
Lapland, 2016.
12. Weller, Toni. 2008. Information history - an introduction: Exploring an emergent
field. Oxford (England): Chandos Publishing.
13. Howland, Joan. "Management of Legal Information in an International Context:
A Conundrum of Challenges and Opportunities." Frontiers of Law in China 6,
no. 2 (2011): 165-179.
14. Kolawole, Joseph. "Motivation and Information Management as a Tool of Job
Satisfaction of Employees in Nigeria." African Journal of Business Management
9, no. 19 (2015): 680-687.
15. Reed, Chris, and John Angel. Computer Law: The Law and Regulation of
Information Technology. 6th ed. Oxford: Oxford University Press, 2007.
16. Ramírez Lynch, Christián, and Comi. ICT Law: From International Trade to E-
trade : The Issue of Court Jurisdiction. [Helsinki]: Comi, 2007.
17. Reed, Chris, and John Angel. Computer Law: The Law and Regulation of
Information Technology. 6th ed. Oxford: Oxford University Press, 200.
18. Alan F. Westin. New York: Athenum, 1967.
19. Bing, Jon, and Olav Torvund. 25 Years Anniversary Anthology in Computers
and Law. Oslo: Tano, 1995.
20. Lee A. Bygrave, Data Privacy Law, an International Perspective, Oxford
University Press, Oxford, 2014.
21. http://www.ironmongercurtis.com/knowledge-bank/employment-law/fair-
and-lawful-processing-of-personal-data/
22. Opinion 01/2014 on the application of necessity and proportionality concepts
and data protection within the law enforcement sector. Retrieved from
http://ec.europa.eu/justice/data-protection/article-
29/documentation/opinion-recommendation/files/2014/wp211_en.pdf
TREATIES.
23. Regulation (EU) 2016/679.
24. The European Convention on Human Rights.
25. The EU Charter on Human Rights.
26. Directive 95/46/EC.
27. Treaty on the European Union.
28. The Treaty on the Functioning of the European Union.
29. The Council Framework Decision 2008/977/JHA.
19