A BRIEF OVERVIEW OF LEGAL INFORMATICS.

by

SALAMI EMMANUEL AKINTUNDE1

1Salami Emmanuel Akintunde is an LLM candidate at the Institute of

Legal Informatics, University of Hanover, Germany. He wrote this paper
while on exchange at the University of Lapland, Rovaniemi, Finland. (10th
May, 2017).
P.S- All opinions in this paper are of the author only.
i

Electronic copy available at: https://ssrn.com/abstract=2966201

 ABSTRACT.

The digitalization of the world has led to the application of technology to every sphere
of the human life and endeavor with law being no exception. Law and technology have
quite a history embedded in subject areas such legal informatics, legal information,
technology law and other similar nomenclature. The storage/processing of data has
gained so much prominence for a host of reasons prominent among which is the right
to privacy and data protection. Therefore law plays a paramount role in the
processing/storage of data making it inevitable for lawyers to study same. Due to the
dynamic nature of technology with which legal informatics is concerned, it is important
that lawyers keep in tune with both legal and technological advancements to ensure
growth in the field of legal informatics. This writer holds the opinion that
papers/articles/journals on legal informatics are shrouded in abstract and sometimes
not so easily comprehensible language. Therefore, the purport of this paper is to carry
out an overview of legal informatics with the overall objective of reducing the field of
legal informatics into an easily comprehensible short paper.

ii

Electronic copy available at: https://ssrn.com/abstract=2966201

 LIST OF ABBREVIATIONS.
CJEU- Court of Justice of the European Union.

COE- Council of Europe.

DPD- Data Protection Directive (Directive 95/46/EC).

ECHR- European Convention on Human Rights.

ECtHR-European Court of Human Rights.

EU- European Union.

GDPR- General Data Protection Regulation (Regulation (EU) 2016/679).

ICT- Information Communications Technology

ICCP- Information, Computers and Communication Policy Committee.

IM- Information management.

LITE IT

LITE- Legal information through electronics.

OECD- Organization for Economic Co-operation and Development.

Police Directive- (Directive (EU) 2016/680)

STATUS- Statute Search

TFEU- Treaty on the Functioning of the European Union.

TEU- Treaty on the European Union.

iii
 TABLE OF CONTENTS

A. INTRODUCTION- Page 1

B. LEGAL INFORMATICS: LOOKING BACK AT SOME HISTORY- Page 2

C. WHAT IS LEGAL INFORMATICS?- Page 3

D. THE ROLES/CONTRIBUTIONS OF LEGAL INFORMATICS IN OUR

SOCIETY- Page 4

E. SOURCES OF THE LAW ON LEGAL INFORMATICS- Page 5

F. FIELDS OF LEGAL INFORMATICS- Page 7

G. WHAT IS DATA PROTECTION?- Page 8

H. DATA PROTECTION AS AN OFFSHOOT OF LEGAL INFORMATICS- Page

10

I. DATA PROTECTION LAW WITHIN THE EU LEGAL FRAMEWORK- Page

11

J. UNDERLYING PRINCIPLES OF DATA PROTECTION LAW- Page 14

K. CONCLUSION- Page 18

iv
 A. INTRODUCTION.
It is usual for persons interested in the study of a subject area to search for materials in
that area. The writer acknowledges that one of the most difficult challenges such
persons can face is seeking academic materials to enhance one‟s knowledge and not
being able to find same. It would appear as though scholars are much more concerned
about the technical aspects of legal informatics that simple, elementary and
foundational issues of legal informatics are not being given much attention.

From seemingly simple activities such as shopping in a mall and having to pay with a
credit card or shopping online to more complex activities like the advent of connected
cars, legal informatics is becoming an important factor in our daily lives. The study of
legal informatics is of such importance that a time may come in the future when one
may not be able to call himself a lawyer if not possessing the knowledge of legal
informatics. Such is the weight legal informatics has gained as of today!

The most developed offspring of legal informatics is undoubtedly data protection, with
the recent legislations within the EU on data protection being an evidence of such
development. With the revolution being created by technology, with modern forms of
storage capable of storing tons of data, it has become imperative for lawyers and
stakeholders alike to take matters of privacy with utmost seriousness.

The fundamental nature of legal informatics will be further appreciated when one
considers the level of technological advancements in the world today and the kind of
problems that will be created if legal informatics had not arisen to save the day.
Therefore, legal informatics can be described as the proverbial prune with which the
farmer trims his flowers (technology) to prevent them from growing out of shape and to
keep them beautiful. Legal informatics therefore brings sanity and respect for the rule of
law in the application and use of technology in our society.

The writer acknowledges that it is impossible to fully address all issues arising from
legal informatics through this short paper. However, some selected issues which are
necessary for a basic understanding of legal informatics will be discussed in this paper.
After reading this paper, one should be able to get the gist of legal informatics as a field
of legal study.

1
 B. LEGAL INFORMATICS: LOOKING BACK AT SOME HISTORY.

In any area of study, a consideration of the history and/or origin of the subject matter is
necessary for an appreciation of the background, growth and future of the subject area.
The history of legal informatics is however not the easiest to trace. It has been noted2
that legal informatics, is often described as a new science despite its over sixty–year
history as an “internationally robust and modern legal science”.
Just like Jon Bing3, this writer will start this tracing this history of legal informatics with
an apology due to the distorted nature of the history of legal informatics attempted in
this paper. What this writer has tried to do is to arrange selected accounts of the history
of legal informatics as most chronologically possible.

As a starting point, the history of legal informatics is traceable to the foundation of the
relationship between law and computers. In the year 1955, it was reported4 that
Professor John F. Horty had approached the Data Processing and Computer Center for
the creation of a word retrieval system to aid in the amendment of a piece of legislation
in Pennsylvania. This saw to the creation of the first word retrieval system which was
later demonstrated to the American Bar Association in 1960. This technology is credited
as being used to build the LITE system (Legal information through electronics) and also
the bedrock of the internet search engines of today.5

There has also been reference to the “period of the forerunners” which involved
“disparate attempts to discuss computer-related aspects of law such as Lee Loevinger‟s
vision of legal thinking based on quantitative and formal reasoning in 1949 and Norbert
Wiener‟s reflections on cybernetics and law in 1954.”6 These marked the first sojourn
into the research of legal informatics, though under different titles but covering the
same/similar subject matter.

It is also recorded that in the 1960‟s, the first legal databases were started. In the 1970‟s,
there was a use of informatics by the public administration through the use of large
databases for storing information such as population data, fiscal data.7

2 (2016). Society trapped in the network: Does it have a future? Rovaniemi: Lapin yliopisto, by Prof. Ahti
Saarenpää, page 57, paragraph 2.1.
3 Jon Bing, Computers and Law: Some Beginnings, Olav Torvund and Kirsti Pettersen (ed.), (Oslo), Yulex

2006. Also available at:

http://www.jus.uio.no/ifp/om/organisasjon/seri/forskning/publikasjoner/yulex/Yulex_2006.pdf on
23/02/2017 at 12:33pm
4 Ibid. page 10-12.
5 Ibid. page 12
6 Seipel Peter, IT Law in the Framework of Legal Informatics, page 43, paragraph 6.1. Available at:

http://www.scandinavianlaw.se/pdf/47-2.pdf 26/02/2016 at 12:16pm.

7 Legal Informatics and Management of Legislative Documents by Biasiotti & ors. Page 10. Available at:

http://www.ictparliament.org/sites/default/files/WP002_legislativeinformatics.pdf 23/02/2017 at
2:23pm.

2
The years 1966-1967 saw the creation of a database called STATUS (Statute Search) by
Bryan Niblett but he could upload legislations on the said database for political
reasons.8
Another milestone in the history of legal informatics occurred in 1967 when Alan F.
Westin published his book on privacy titled Privacy and Freedom. The book was
published at a time when privacy started becoming an issue in Europe.9
The developments in Europe will be incomplete without mentioning the Council of
Europe which set up a “Committee of experts on the harmonization of the means of
programming a legal data into computers” which swung into action in the year 1969.
The Committee was later renamed the Committee on Legal data Processing in 1974. The
Committee was credited with facilitating discourse on the legal information sources;
teaching about computers and law; facilitation of communication between European
institutions and also the adoption of legal instruments. 10
From an academic perspective, there was the need to improve the quality of legal
research to meet the requirements of a modern welfare state and this was sought to be
achieved in the form of legal information systems. Professors Fiedler, Simitis and Klug
came together for this purpose in 1972, prepared a report and formed a system called
JURIS.11 Various contributions were also made to the field of legal informatics by
various Professors across Europe in countries including Germany, France, and Italy
etc.12
The 1980‟s saw the use of personal computers and the deployment of IT for personal
purposes. Applications were also set up for use with such personal computers.13
The 1990‟s saw the creation and integration of computer applications for use in many
legal organizations such as parliaments, judiciaries etc. The development of the
„infrastructure of information technology‟ is said to have occurred between the years
1990 to 1995, with Tim Bernes Lee credited with developing the World Wide Web in
1990.14 1993 saw the release of the first web browser, Mosaic by Marc Anderssen and a
search engine, Alta Vista, was launched in 1995.15 Also, it was during the years 1990-
1995 that the EU was debating over what is now known as DPD.

Between the end of the 1990‟s and the beginning of the new millennium, legal
informatics has prospered due to the expansion of the internet and the consequent
increased communication between the legal organizations such as parliaments,
judiciaries etc and the public.16

8 Id. Bing, page 12.

9 Id. Bing, page 20-21.
10 Id. Bing, page 17.
11 Id. Bing, page 14.
12 Id. Bing, page 14-15.
13 Id. Biasiotti, page 10.
14 Id. Bing, page 23.
15 Id. Bing, page 24.
16 Id. Biasiotti, page 11.

3
The writer acknowledges that his attempt at stating the history of legal informatics
cannot be complete and all encompassing. However, some part of the history which can
aid an understanding of the journey of legal informatics from inception till more
recently is covered and it is hoped this suffices for the purpose of this paper.

C. WHAT IS LEGAL INFORMATICS?

As a starting point, the term legal informatics is made up of two words: legal and
informatics. It is trite that the term legal is used when the concept being described
pertains to law. Informatics has been defined as the study of information processing;
computer science.17 In my own words, legal informatics entails the application of legal
principles to the processing of data to ensure compliance with the law pertaining to all
rights, duties and obligations arising therefrom especially in respect of the rights to
privacy, data protection and other such rights or duties and obligations that may arise
therefrom.

Legal informatics has been defined as the academic field that concerns itself with the
problematics of computers and law.18 Legal informatics has also been defined as the
theory and practice of computable law, i.e., of cooperation/symbiosis between humans
and machines in legal problem-solving.19

Professor Peter Seipel20 in attempting a definition of legal informatics, approached his

definition by examining the concept in different countries and as named under the
different languages in such countries. Under the English language, Professor Peter
Seipel noted that the most prominent name the field had acquired in the English
language was “Jurimetrics”.21 Professor Peter Seipel quoted the definition of Jurimetrics
as follows: “Jurimetrics is concerned with matters such as the quantitative analysis of
judicial behavior, the application of communication and information theory to legal
expression, the use of mathematical logic in law, the retrieval of legal data by
automated means and the formulation of a calculus of legal predictability”.22 Professor
Peter Seipel however reckons that the definition is too narrow as it does not capture he
legal aspects of computer usage.23

Professor Peter Seipel also makes mention of the concept of legal informatics which in
Germany is called “Rechtsinformatik” and includes legal aspects of computer usage
17
http://www.dictionary.com/browse/informatics
18 Society Trapped in the Network: Does It Have a Future? Rovaniemi: Lapin yliopisto, 2016, page 18.
19 Giovanni Sattor and Enrico Franchesconi, Legal Informatics and Legal Concepts. Available at:

http://eurovoc.europa.eu/drupal/sites/all/files/EuroVocConference_Opening_Speech_by_GSarto.pdf
26/02/2017 at 3:17pm.
20 Seipel, Peter. Computing Law: Perspectives On a New Legal Discipline. 1977, (Stockholm).
21 As formulated by Lee Loevinger.
22 As defined by Lee Loevinger and quoted by Seipel (id) at page 122.
23 Id, Seipel at page 122.

4
labeled as data processing law and information law.24 Seipel also made reference to a
definition of Rechtsinformatik (Legal Informatics), attributed to Herbert Fiedler, which
as a discipline should be conceived of as a theory of structures focusing on data
processing in state and law.25

Erdelez and O‟Hare have been quoted as defining legal informatics as follows:

“The American Library Association defines informatics as „the study of structure and
properties of information, as well as the application of technology to the organization,
storage, retrieval and dissemination of information.‟ Legal informatics therefore,
pertains to the application of informatics within the context of the legal environment
and as such involves law-related organizations (e.g., law offices, courts, and law
schools) and users of information and information technologies within these
organizations.”26

D. THE ROLES/CONTRIBUTIONS OF LEGAL INFORMATICS IN OUR

SOCIETY.
With the digitalization of the world and her affairs, the role/contribution of legal
informatics cuts across various spheres of life. Due to the intertwined nature of IT with
the field of legal informatics, the role/contributions of Legal informatics in the society
encompasses how the law has deployed IT for the benefit of the society and the world
in general. A consideration of some of such roles is the purport of this section of this
paper as this paper will be incomplete without a consideration of the role being played
by legal informatics in the affairs of the society/world as we know it to be today. This
writer acknowledges that due to the wide use of IT today and its numerous
contributions in our world of today, it will be impracticable to fully discuss all roles
(being) played by legal informatics in our society, therefore some of these
roles/contributions will be discussed for the purpose of achieving the aim of this paper.

One of the primary contributions/roles of legal informatics in the society today is in the
area of E-governance. Due to global digitalization and the ease that computerization
brings to all forms of administration, the administration of governments around the
world has turned to digitalization for the purpose of bringing the dividends of their
governance to the society through easily accessible medium and at a cheaper cost. E-
governance has been defined as “the initiatives of government agencies and
departments to use ICT tools and applications, internet and mobile devices to support
good governance, strengthen existing relationships and build new partnerships within

24 Id, Seipel at page 123.

25 Id, Seipel at page 131.
26 A. Paliwala, ed., A History of Legal Informatics, Lefis Series, University of Zaragoza Press, 2010, page 1.

5
civil society.”27 Don Tapscott has also been quoted as defining E-Government as “an
Internet-worked government which links new technology with legal systems internally
and in turn links such government information infrastructure externally with
everything digital and with everybody – the tax payer, suppliers, business customers,
voters and every other institution in the society.”28 Four target groups have been
identified as the recipients of e-governance as follows: citizens, businesses,
governments (other governments and public agencies) and employees.29

The writer wishes to emphasize the fact that one of the key contributions of E-
governance to the society is the cheap nature of delivering services to the society as
costs arising majorly from processing activities are greatly reduced. The example of
such reduced cost was revealed through the activities of the US Inland Revenue Service
whose cost of processing a paper tax form costs $1.60 but only $0.40 to process an
electronic form.30 Other advantages E-government brings to the table include efficiency,
ease of transacting with the government, acceleration of governmental activities to
mention a few. While E-government makes use of technological advancements (IT) for
the purpose of delivering its objectives, legal informatics is the field of law that
regulates the delivery of such services to ensure compliance with applicable rules and
the rights of consumers.

Another contribution/role of legal informatics is in the area of online dispute

resolution. In line with the ease of all sorts of transactions associated with the web, legal
informatics has played a role in online dispute resolution mechanisms. Online dispute
resolution mechanisms involve the use traditional dispute resolution mechanisms like
negotiation, arbitration and (though rarely) litigation for the resolution of disputes
arising majorly from commercial transactions. This may, in some cases, reduce the cost
of such disputes as parties are saved the financial burden of travelling or shuttling
between courts periodically in the name of dispute resolution. In the area online
negotiation, there is automated negotiation (blind bidding) and assisted negotiation.
The former involves the use of online facilities (software) for the regulation of the
negotiation while the latter involves the use of texts, video calls etc to regulate the
negotiation.31 There is also online mediation which involves the traditional mediation
wherein a neutral third party (mediator) is appointed for the online settlement of
disputes. There have also been online filing of cases in Hamburg and the UK with
actual online courts in Asia.32

27 Valentina (Dardha) Ndou: E –government for developing countries: opportunities and challenges,
EJISDC (2004) 18, 1, page 1. Also available at: http://www.yasa.inet-
tr.org.tr/akgul/unpan/UNPAN018634.pdf 28/2/2017 at 4pm.
28 Ibid at page 4.
29 Ibid at page 5.
30 Al-Kibsi et al., 2001 as cited by Ndou. Ibid at page 9.
31 Schultz Thomas: Online Dispute Resolution: an Overview and Selected Issues page 4, paragraph 2.2.

Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=898821 28/02/2017 at 1:45pm

32 Schultz,ibid. page 7, paragraph 2.5.

6
Another area where legal informatics has left a mark is in the area of E-commerce. E-
commerce involves the sale of goods and services online. Legal informatics ensures that
there is a set of rules regulating such transactions. Some of the rules that have evolved
in respect of online transactions involve the use of cookies, storage and dissemination of
customer data, conditions for the sale and return of goods etc.

One of the most notable contributions of legal informatics in our society today is in the
field of privacy/data protection. From the pioneering works of Alan Westin to the
advent of big data and the attendant ease in the processing of data, it has become very
important that privacy/data protection be taken more seriously and legal informatics
has helped to invent the needed privacy/data protection rules. Legal informatics has
created a set of rules which help in the protection of the rights to privacy and data
protection of the data subject.

It would be impossible to completely state all the contributions of legal informatics as

they are quite innumerable. The essence of the contributions cited above is to stimulate
and enhance an appreciation of the contributions of legal informatics to our society.

E. SOURCES OF THE LAW ON LEGAL INFORMATICS.

In every branch of law, there exists sources from which the relevant principles of law
are derived. Such sources can be likened to rivers from which the applicable principles
in each branch of law are fetched. In the course of this research, this writer discovered
that there is no comprehensive text on the sources of IT law. What the writer has done
for the purpose of this paper is to examine the sources of law in legal informatics (based
on EU law) within the confines of the traditional sources of law.

The sources of law can generally be classified into primary and secondary sources.33
The primary sources of law include domestic legislations, international treaties and case
law. Delegated legislations which consist of rules and/or regulations made by
bodies/institutions to whom such powers are assigned by the relevant Parliament are
also covered under this head. The secondary sources of law include guidelines,
recommendations, journals, articles, textbooks etc. The difference between primary and
secondary sources of law lies in the effect of both sources. The former being binding
while the latter only boasts of a persuasive effect.

In the field of legal informatics, the primary sources of law are derived from national
laws, international treaties for instance the international treaties on privacy, data
protection and E-commerce within the EU and decisions of the courts on IT/data

For a general discussion of the sources of law, See: Clinch, Peter. Legal Information: What It Is And
33

Where To Find It. London: Europa Publications, 2000.

7
protection related matters. The secondary sources of the law on legal informatics
include international journals on IT law/legal informatics, textbooks and articles
written by learned and seasoned authors in the field.

Within the EU, the grundnorm/the most basic and primary sources of the law on legal
informatics is the Treaty on the Functioning of the European Union (TFEU) which
provides for the right to data protection and also empowers the EU parliament to make
laws for the protection of the right to data protection.34 It is from this very provision
that the EU parliament derives the powers to make enactments in relation to data
protection/privacy. Other primary sources of the law on legal informatics within the
EU include the various legislations of the EU parliament such as the GDPR which
repeals the DPD, the Police Directive which repeals the Council Framework Decision
2008/978/JHA etc. The enactments of the member states made pursuant to Directives of
the EU parliament also amount to primary sources of the legal informatics framework
though of lesser authority when compared to the EU Regulations. The decisions of the
CJEU are also sources of law for this purpose.

Textbooks, journals and articles written by Scholars such as Professors Peter Seipel, Jon
Bing and Ahti Saarenpää in the field of legal informatics form the secondary source of
law in the field of legal informatics. In some cases, some of these texts are used by the
court to support its decisions while some of these scholars are also invited as amicus
curiae to clarify knotty issues in court(s) when necessary.

F. FIELDS OF LEGAL INFORMATICS.

Legal informatics has some fields which constitute the whole study area and are
essential for a proper understanding of legal informatics. Though there may be an
absence of a consensus on what constitutes the branches of legal informatics, this writer
will stick to the fields of legal informatics as delineated by Professor Ahti Saarenpää.35
Professor Saarenpää divided legal informatics into four fields as follows:
I. Legal Information;
II. Legal Information Processing;
III. Information law;
IV. ICT law.

These fields will briefly be examined below.

I. Legal Information: Since the concept of Legal Information consists of two words,
legal and information, it is possible to approach the definition by examining the
definition of both words separately. Information has been defined as “an

See section 16 (1) and (2) of the TFEU.

34

Saarenpää, Ahti, and Karolina Sztobryn. Lawyers in the Media Society: The Legal Challenges of the
35

Media Society. Rovaniemi: Lapin yliopisto/University of Lapland, 2016, page 13.

8
 umbrella term for knowledge, facts, data, wisdom and any other derivative of
the term (although these terms can also be found contextually, of course). 36 Quite
obviously, legal relates to law. Therefore, legal information can be said to mean
„knowledge, facts and data‟ pertaining to law. The volume of legal information
available on the internet is presently quite huge, however, the quality of such
legal information could sometimes be questionable.37 Arising under legal
information is Information management (IM) with which an individual “plans,
collects, processes, controls, disseminates, uses its information and through
which it ensure that the value of the information is identified and exploited to
the fullest extent.38 Legal information management seeks to ensure, through the
use of technology, the effective and judicious use of the large chunk of
information (available on the internet). All the sources of legal sources of legal
information can be found on the internet with the aid of technology.39 However,
the accessibility of such legal information depends on a plethora of factors which
includes the level of computer literacy of the citizenry, the affordability of the
Computer systems amongst other things.

II. Legal Information Processing: This involves the processing activities carried out
in respect of the legal information in order to reach a certain result. The study of
legal information data processing can be traced back to the publishing of a paper
on jurimetrics and now to the study capture lawyer‟s information processing,
automated (government) decisions, computerized court rooms and other
processing activities like the processing of medical data.

III. Information law: This is the law regulating the generation, deployment,
management, dissemination and protection of information. Information law has
been said to serve two major purposes: “the protection of information that is of
commercial value and the protection of certain sorts of relationships within
which private information is readily disclosed. For example the relationship
between doctors and their patients.”40 The laws in this area have mostly played
the function of data protection all over the world although championed by the
EU.

36 Weller, Toni. 2008. Information history - an introduction: Exploring an emergent field. Oxford
(England): Chandos Publishing, page 18.
37 Howland, Joan. "Management of Legal Information in an International Context: A Conundrum of

Challenges and Opportunities." Frontiers of Law in China 6, no. 2 (2011): 165-179, page 178.
38 Kolawole, Joseph. "Motivation and Information Management as a Tool of Job Satisfaction of Employees

in Nigeria." African Journal of Business Management 9, no. 19 (2015): 680-687.

39 The sources of the law on Legal Informatics has been discussed earlier in this paper.

40 Reed, Chris, and John Angel. Computer Law: The Law and Regulation of Information Technology. 6th
ed. Oxford: Oxford University Press, 2007, page 506.

9
IV. ICT law: This deals with “automation of production, reproduction, processing,
storage and transaction of digital information as well as its protection and
communication via digital networks”.41 ICT law is also studied under legal
information, IT law and ICT regulation and policy.42 This field of law is studied
in many countries as IT law and/or Information law.

G. WHAT IS DATA PROTECTION?

The subject matter of data protection is personal data and with the importance of in our
world today, data protection law has arisen to adequately protect the rights of data
subjects in this regard. Some attempts at defining data protection will be made below in
a bid to enhance the understanding of the subject matter. The subject matter of data
protection which is personal data has been defined as “any information relating to an
identified or identifiable natural person („data subject‟); an identifiable natural person is
one who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online identifier or
to one or more factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person”.43
Data protection law has been defined as “…the legal protection of individuals with
regard to automatic processing of personal information relating to them.”44 Data
protection has also been described as „fairness legislation‟, not requiring a balance
between data users and data subjects, but simply being fair to an individual.45
Alan Westin, known for his pioneering work in the field of data protection defined data
protection as “the claim of individuals, groups or institutions to determine for
themselves when, how and to what extent information about them is communicated”.46
Data protection has also been defined “as a right of informational self-determination,
that is, as the right to have a say in how data relating to one are processed by others”. 47
For data protection to apply to a given set of facts, such data must be regarded as
personal data.48

41 Ramírez Lynch, Christián, and Comi. ICT Law: From International Trade to E-trade : The Issue of Court
Jurisdiction. [Helsinki]: Comi, 2007, page 51-52.
42 ibid, page 52-53.
43 See Article 4 (1) of the GDPR.
44 The UK government‟s explanatory report, appended to the draft of the COE‟s Convention on Data

Protection as cited in Reed, Chris, and John Angel. Computer Law: The Law and Regulation of
Information Technology. 6th ed. Oxford: Oxford University Press, 2007, page 460.
45 CBI Conference, London, 4 March 1988 as cited in Reed, Chris, and John Angel, ibid.

46 Alan F. Westin. New York: Athenum, 1967.

47
Kuner, Christopher. European Data Protection Law: Corporate Compliance and Regulation. 2nd ed.
Oxford: Oxford University Press, 2007, page 3.
48
Lee A. Bygrave, Data Privacy Law, an International Perspective, Oxford University Press, Oxford, 2014,
Page 129-144.

10
 H. DATA PROTECTION AS AN OFFSHOOT OF LEGAL INFORMATICS.

The right to data protection and legal informatics are inextricably linked, the former‟s
creation being inevitable due to the use of the latter. The right to data protection is
derived from the right to privacy as the protection of one‟s personal data is
fundamental to the right to privacy. It must be noted that the right to privacy is a
fundamental human right duly protected under various international conventions.49

The right to data protection can be traced back to Alan Westin who in 1967 through his
book “Privacy and Freedom” addressed the issues relating to privacy. 50 Some of the
factors necessitating the right to privacy in the realm of legal informatics have been
noted as:
 “The general expansion of information-gathering and record keeping;
 The development of personal dossiers by credit companies, the security files of
the department of defence, FBI, Federal Housing Administration etc;
 The acceleration of information gathering by computers;
 New public programs requiring personal data;
 Computer technology facilitating the sharing of data;
 The replacement of cash transactions by automatic processing.”51

The development of data protection continued with the input of the Organization for
Economic Co-operation and Development (OECD) which established the data bank
panel in 1969 and was later converted to the Information, Computers and
Communication Policy Committee (ICCP). 52 Further development was also noticeable
with the adoption of the Fair Credit Reporting Act in the USA and the
„Datenschutzgesetz‟ in the state of Hesse, Germany. 53 The German legislation is
credited with bringing the term data protection into the English language. 54 The
possibility of data hindering sales across borders became an issue in the 1970‟s with Jan
Freese along with Gassman coining the term “transborder data flows”. 55 Two
legislations, the OECD Guidelines on the protection of privacy and transborder flows of
personal data and the Convention for the protection of individuals with regard to
automatic processing of personal data were both adopted in 1980 and 1981
respectively.56 The negotiations57 for the EU DPD began in 1990 with the Directive
finally passed in 1995.58

49 See for example Article 8 of the ECHR.

50 Id, Bing, Page 20.
51 Id, Bing. page 20.
52 Id, Bing. page 21.
53 Id, Bing. page 22.
54 Id, Bing. page 22.
55 Id, Bing. page 22.
56 Id, Bing. page 23.
57 Id, Bing. page 23.
58 See: Directive 95/46/EC

11
A position that has been put forward is that a rationale for the formation of
privacy/data protection laws is found in the fear of developments in the way in which
„personal information is collected, used, stored and disseminated‟.59 Developments such
as “the demand for personal data and information by various types of organizations;
the quantity of personal data and information being collected, stored, used and
disseminated throughout the society; the speed and ease of such collection, usage and
dissemination; and the logical and/or physical integration of separate items of personal
data and information into large scale databanks”60 have made a strict data protection
regime a necessity.

From the attempt at tracing the history of data protection contained above, it is clear
that the right became necessary as a consequence of the challenges raised by technology
and the inevitable data processing that followed. Following the proposition above, the
fears61 that have necessitated the creation and use of data protection rules developed as
a consequence of the risks/possible negative effects of technology.

I. DATA PROTECTION LAW WITHIN THE EU LEGAL FRAMEWORK.

It is arguable that the parliament of the European Union, as of today, has been the most
globally active parliament in respect of the codification of data protection and privacy
rules in the world. Being a paper written in the EU, it only makes sense that this paper
discusses the legal framework for data protection within the EU.

The first point of call when considering the data protection legal framework within the
EU are the provisions of EU laws or laws applicable within the EU on the right to
privacy. Article 8 of the ECHR provides for the protection of the privacy of persons.
Before going any further, it is important to note that the ECHR is part of the body of EU
laws as EU member states are mandated to be parties to the said convention. 62 The
provision of Article 8 of the ECHR is reproduced below:

ARTICLE 8
Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his
correspondence.

2. There shall be no interference by a public authority with the exercise of this right
except such as is in accordance with the law and is necessary in a democratic society in
the interests of national security, public safety or the economic wellbeing of the country,

59 Bing, Jon, and Olav Torvund. 25 Years Anniversary Anthology in Computers and Law. Oslo: Tano,
1995, page 7.
60 ibid. page 7.
61 Which this writer believes is both rational and justifiable.
62 See Article 6(3) of the Treaty on the European Union.

12
for the prevention of disorder or crime, for the protection of health or morals, or for the
protection of the rights and freedoms of others.

The EU charter on Fundamental rights also guarantees the right to private and family
life and the right to protection of personal data in Articles 7 and 8 of the Charter
respectively. Article 16 of the Treaty on the Functioning of the European Union also
provides for the right to data protection. The TFEU also gives the EU parliament the
powers to make laws for the protection of the right to data protection. 63 It has been
posited (and this writer agrees) that the elevation of the right to data protection to the
status of a fundamental right has elevated the perception of the right especially
regarding the enforcement of the right by the Courts.64

It was pursuant to this power that the EU parliament enacted the DPD which has been
repealed by the GDPR and the Council Framework Decision 2008/977/JHA which has
also been repealed by the Police Directive. There is also the E-privacy Directive which is
being amended by the EU parliament as at the time of writing this paper.65

The EU is aspiring towards the harmonization/uniformity of data protection rules

within the EU.66 This is also in line with the intention of the EU to further her
fundamental objectives which includes the free movement of goods and services within
the EU. Therefore, uniform data protection rules prevents the possibility of free trade
among EU member states being obstructed by different data protection rules among the
member states. It is trite that in the EU legal jurisprudence, Regulations are applied on
all Member States without need for transposition but in the case of Directives, Member
States have to transpose the Directive into national laws. However, such transposition
must not derogate from the set down rules of the Directive but the provisions may go
beyond the provisions of the relevant Directive.67

Data protection has received (and continues to receive) elaborate attention in the EU
because of the importance attached to the subject matter by the Union. The attention
given to the right to data protection has ensured an unmeasurable amount of value
added to the body of EU data protection rights. For instance, the right to be forgotten,
data impact assessment, periodic review of the extant data protection regime, privacy
by design among other things are some of the improvements that have been made to
the data protection laws as a result of continuous review of the field.

63 See Article 16(2) of TFEU

64 Lee A. Bygrave, Data id, Page 59.
65 See the Proposal for a regulation of the European parliament of the Council concerning the respect for

private life and the protection of personal data in electronic communications and repealing Directive
2002/58/EC (Regulation on Privacy and Electronic Communications). Available at: http://eur-
lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52017PC0010 retrieved on 13/03/2017 at 10.00am.
66 Recital 10 of Regulation (EU) 2016/679.
67 See the CJEU decision in the ASNEF case cited in Lee A. Bygrave, Id, page 60-61.

13
 J. UNDERLYING PRINCIPLES OF DATA PROTECTION LAW.

Whenever and wherever data protection (or data protection legislations) are mentioned
or being reviewed, there are some generally acceptable and minimum standards which
ought to be met for such legislation to comply fully with a proper protection of one‟s
data. It has been noted that some of these principles are so germane that they have been
incorporated into the body of data protection laws68 all over the world and it has also
been further noted that these principles overlap in some cases.69 It must be noted that
most of the principles exist in the form of duties/conditions owed the data subject by
persons or institutions responsible for processing such data. Some of those principles
are considered below.

I. Fair and Lawful Processing: This is a precondition that underlines the

processing of data in most legal instruments on data protection.70 It has been
stated (and this writer agrees) that the meaning of lawful in this context is quite
clear while fairness has also been said to mean that “data controllers must take
account of the interests and reasonable expectations of data subjects; they cannot
ride rough-shod over the latter”.71 That something is done lawfully implies that
the due process of the law is followed in the execution of the act. Fairness, in the
writer‟s opinion brings to mind the principles of equity and compliance with the
general notion of doing right (in the equitable sense) in the interest of the data
subject. It has also been noted that “ „Lawful‟ relates to the method of obtaining
that specific data. It is going to be evident that where data has been stolen, or
obtained by duress, bribes or inducements, then this is going to have been
collected in an unlawful manner.”72 Fairness on the other hand has been
explained thus: “„Fair‟ relates to how that data is processed once it has been
obtained. For example a customer will provide personal data to purchase service,
then this is a lawful collection of data, however, if that data is then used to send
unsolicited spam mail, this will not be a fair processing.”73 From this point of
view, the consent of the data subject, which must be voluntarily obtained, 74 is
very essential in attaining a lawful and fair processing. „Consent‟ of the data
subject has been defined as “any freely given, specific, informed and
unambiguous indication of the data subject's wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the processing

68 See Article 5 of the GDPR.

69 Lee A. Bygrave, id, page 145.
70 See for example, Article 6 (1) (a) of the DPD.
71 Lee A. Bygrave, id, page 146.
72 http://www.ironmongercurtis.com/knowledge-bank/employment-law/fair-and-lawful-processing-

of-personal-data/ retrieved on 4/03/2017 at 2pm.

73 ibid.
74 ibid.

14
 of personal data relating to him or her”.75 In the absence of consent of this
standard/nature, there cannot be said to have being a lawful and fair processing.

The writer opines that for the twin requirements under this head to be complied
with, the processing officer must act in accordance with the stipulations of a
given law and must also carry out his functions within the confines of the
privacy rights of the data subject. The fair and lawful processing principle is one
of the principles that has enjoyed some level of codification especially in the EU.
The GDPR gives us an insight into what the EU parliament means when it makes
reference to lawful processing. Some of the listed conditions for determining the
lawfulness of processing include consent of the data subject; use of the data for
only the purposes it was obtained for; processing is necessary for performing a
contract to which the data subject is a party; processing is necessary to protect
the vital interests of the data subject or for carrying out a legal obligation etc.76
The writer suggests that the conditions listed above can also serve as pointers to
what the EU parliament means by fairness (as in this context).

II. Proportionality: This principle, it has been said,77 has crept into the field of data
protection majorly through the decisions of the court. In a bid to shed some light
on the proportionality principle, the Working Party78 examined the said principle
in the context of the right to privacy79 as provided for in Article 8 of the ECHR
and adjudicated upon by the ECtHR.80 The proportionality principle “as set out
by the ECtHR, essentially requires that a measure which interferes with an
ECHR right should go no further than needed to fulfil the legitimate aim being
pursued”. The working party after a consideration of some cases decided by the
ECtHR, listed some factors which may be necessary for determining
proportionality as follows:
 The first factor is that a proposed action in data processing to be
considered as proportionate must be necessary in the sense that there
must be no other existing effective measure for the processing the
information. In the event that the proposed action is not considered
necessary, then the legitimate aim the proposed action seeks to achieve as
well as the identified social need must be weighed and balanced in the
light of the data subject‟s right to privacy.81

75 See Article 4(11) of the GDPR.

76 See Article 6(1) of the GDPR.
77 Lee A. Bygrave, id, page 147-149.
78 The working party is an independent body set up pursuant to Article 29 of DPD with the function of

advising/making recommendations in respect of the DPD.

79 This is possible because of the close relationship between privacy and the right to data protection.
80 Opinion 01/2014 on the application of necessity and proportionality concepts and data protection

within the law enforcement sector. Retrieved from http://ec.europa.eu/justice/data-protection/article-

29/documentation/opinion-recommendation/files/2014/wp211_en.pdf retrieved on 5/03/2017 at 1pm.
81 ibid, page 9-10

15
  The amount of data collected, the number of people that will be affected
and the period of retention of the information is another relevant factor.
 Safeguards must be put in place to protect the fundamental rights of data
subjects.
 The nature/sensitivity of the action/data sought to be processed is
another relevant consideration.
 The severity of the social need and the possible effect on the public if not
properly tackled is another consideration under this head. The higher the
severity of the issue, the more the right of a data subject can be interfered
with.82
The working party also made reference to the CJEU‟s interpretation of the
proportionality principle in the Schwarz case.83 The Working party quoted the
CJEU‟s interpretation of the proportionality principle as being that the action
“must establish whether the limitations placed on those rights are proportionate
to the aims” and “to the objectives” (of the relevant legislation). “It must
therefore be ascertained whether the measures implemented are appropriate for
attaining those aims and do not go beyond what is necessary to achieve them
(see par. 40 of the judgment)”.
Suitability, necessity and non-excessiveness of the action have been identified as
the three prongs of the proportionality principle under EU law.84
From the above, the principle of proportionality conveys the literal meaning that
the word proportionality carries. Therefore, for a data processing action not to be
in contravention of the proportionality principle, such an action must be
proportionate for the purpose it is meant to serve taking the rights of the data
subject into consideration.

III. Minimality: This principle means that only information needed for processing
and no more can be obtained for the purpose of data processing. The feature in
legislations stipulating that data that is no longer required be dispensed with
falls under this head.85 Therefore, provisions mandating data processors to only
obtain relevant information needed for processing, identify the data subject only
when necessary86 and the right to be forgotten87 are examples of data protection
rules having their origin in the proportionality principle.

IV. Purpose Limitation: This principle stipulates that upon the collection of data, the
data must only be used for such purposes for which it is collected and no more.

82 ibid, page 11.

83 Schwarz vs. Stadt Bochum, ECJ, C-291/12 cited by the working party, ibid.
84 Lee A. Bygrave, id, page 148.
85 Lee A. Bygrave, id, page 151.
86 Article 11 of the GDPR.
87 Article 17 of the GDPR.

16
 This principle is also referred to as the „finality‟ and „purpose specification‟.88 The
purpose of this principle, it has been said, is to ensure that “personal data is
collected for specified, legitimate purposes and not used in ways that are
incompatible with those purposes”.89 The reasoning behind the principle lies in
“the concern for ensuring foreseeability in data-processing outcomes”.90 This
principle ensures that there is a high level of predictability in data processing
and outcomes of data processing can easily be predicted by both data subjects
and processors.

V. Data Subject Influence: This principle embodies the fact that data subjects ought
to be given a right to be heard in the processing of their personal data. Data
subjects ought to be made aware of the data processing activities being done in
respect of them and ought to be allowed to make a protest and/or complaint
where appropriate. This principle has been divided into two heads: Under the
first subhead, “are the rules making people aware of data processing activities
generally and under the second head, are the rules aimed at making persons
aware of the processing of data on themselves”.91 This principle is well reflected
in various data protection legislations especially in the EU.92

VI. Data Quality: This principle “stipulates that personal data should be valid with
respect to what it is intended to describe, and relevant and complete with respect
to the purposes for which it is intended to be processed”.93 Words such as the
accuracy of the personal data, relevancy of the personal data are used to denote
this principle under legal instruments such as the DPD.94

VII. Data Security: This principle “holds that personal data should be protected
against the unauthorized attempts to disclose, delete, change or exploit it”. The
rationale behind this principle, it would appear, is to ensure that personal data is
only used for the purpose for which it is obtained. An attempt, for instance to sell
the personal data of data subjects for commercial gains will be in clear violation
of this principle. Article 17 of the DPD is an example of a legal provision
embodying this principle.95

VIII. Sensitivity: This principle carries with it the meaning that certain types of data
be given should be handled more carefully to prevent a breach as a result of the
delicate nature of such data. The GDPR incorporates this principle by prohibiting

88 Lee A. Bygrave, id, page 151.

89 Lee A. Bygrave, id, page 153.
90 Lee A. Bygrave, id, page 153.
91 Lee A. Bygrave, id, page 158.
92 See for instance, Article 12-22 of the GDPR.
93 Lee A. Bygrave, id, page 163.
94 Lee A. Bygrave, id, page 163.
95 See Lee A. Bygrave, id, page 164.

17
 the processing of some kinds of information and permits their processing only
upon the fulfilment of certain conditions.96

K. CONCLUSION.

This paper has (hopefully) covered the basic issues in legal informatics and a law
student/any enthusiast new to legal informatics after reading this paper should
possess, in the least, a basic knowledge of legal informatics. As reflected above, the
study of technology and its effects on the society as well as the attempts of law to
regulate same is so voluminous that a short paper of this nature cannot fully address it.
It is however hoped that this paper serves the purpose intended by the author.

BIBLIOGRAPHY.

BOOKS/JOURNALS/ARTICLES.

1. Society Trapped in the Network: Does It Have a Future? Rovaniemi: Lapin

yliopisto, 2016.
2. Jon Bing, Computers and Law: Some Beginnings, Olav Torvund and Kirsti
Pettersen (ed.), (Oslo), Yulex 2006. Also available at:
http://www.jus.uio.no/ifp/om/organisasjon/seri/forskning/publikasjoner/yu
lex/Yulex_2006.pdf
3. Seipel Peter, IT Law in the Framework of Legal Informatics, page 43, paragraph
6.1. Available at: http://www.scandinavianlaw.se/pdf/47-2.pdf
4. Legal Informatics and Management of Legislative Documents by Biasiotti & ors.
Page 10. Available at:
http://www.ictparliament.org/sites/default/files/WP002_legislativeinformatic
s.pdf 23/02/2017
5. Giovanni Sattor and Enrico Franchesconi, Legal Informatics and Legal Concepts.
Available at:
http://eurovoc.europa.eu/drupal/sites/all/files/EuroVocConference_Opening
_Speech_by_GSarto.pdf
6. Seipel, Peter. Computing Law: Perspectives On a New Legal Discipline. 1977,
(Stockholm).
7. A. Paliwala, ed., A History of Legal Informatics, Lefis Series, University of
Zaragoza Press, 2010.
8. Valentina (Dardha) Ndou: E –government for developing countries:
opportunities and challenges, EJISDC (2004) 18, 1. Also available at:
http://www.yasa.inet-tr.org.tr/akgul/unpan/UNPAN018634.pdf

96 See Article 11 of the GDPR.

18
9. Schultz Thomas: Online Dispute Resolution: an Overview and Selected Issues
page 4, paragraph 2.2. Available at:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=898821
10. Clinch, Peter. Legal Information: What It Is And Where To Find It. London:
Europa Publications, 2000.
11. Saarenpää, Ahti, and Karolina Sztobryn. Lawyers in the Media Society: The Legal
Challenges of the Media Society. Rovaniemi: Lapin yliopisto/University of
Lapland, 2016.
12. Weller, Toni. 2008. Information history - an introduction: Exploring an emergent
field. Oxford (England): Chandos Publishing.
13. Howland, Joan. "Management of Legal Information in an International Context:
A Conundrum of Challenges and Opportunities." Frontiers of Law in China 6,
no. 2 (2011): 165-179.
14. Kolawole, Joseph. "Motivation and Information Management as a Tool of Job
Satisfaction of Employees in Nigeria." African Journal of Business Management
9, no. 19 (2015): 680-687.
15. Reed, Chris, and John Angel. Computer Law: The Law and Regulation of
Information Technology. 6th ed. Oxford: Oxford University Press, 2007.
16. Ramírez Lynch, Christián, and Comi. ICT Law: From International Trade to E-
trade : The Issue of Court Jurisdiction. [Helsinki]: Comi, 2007.
17. Reed, Chris, and John Angel. Computer Law: The Law and Regulation of
Information Technology. 6th ed. Oxford: Oxford University Press, 200.
18. Alan F. Westin. New York: Athenum, 1967.
19. Bing, Jon, and Olav Torvund. 25 Years Anniversary Anthology in Computers
and Law. Oslo: Tano, 1995.
20. Lee A. Bygrave, Data Privacy Law, an International Perspective, Oxford
University Press, Oxford, 2014.
21. http://www.ironmongercurtis.com/knowledge-bank/employment-law/fair-
and-lawful-processing-of-personal-data/
22. Opinion 01/2014 on the application of necessity and proportionality concepts
and data protection within the law enforcement sector. Retrieved from
http://ec.europa.eu/justice/data-protection/article-
29/documentation/opinion-recommendation/files/2014/wp211_en.pdf

TREATIES.
23. Regulation (EU) 2016/679.
24. The European Convention on Human Rights.
25. The EU Charter on Human Rights.
26. Directive 95/46/EC.
27. Treaty on the European Union.
28. The Treaty on the Functioning of the European Union.
29. The Council Framework Decision 2008/977/JHA.

19