Here, There and Everywhere: Mobility Data in the EU (Help Needed: Where Is Privacy?)
Zallone, Raffaele, Santa Clara Computer & High Technology Law Journal
TABLE OF CONTENTS INTRODUCTION I. WHAT PERSONAL DATA ARE MOBILITY DATA? A. A Possible Definition B. The Traditional Notion of Mobility Data C. A New Paradigm for Mobility Data II. MOBILITY DATA AND THE DATA PROTECTION PRINCIPLES III. MOBILITY DATA IN THE EU IV. GEOLOCATION SERVICES OFFERED BY SMARTPHONES A. The WP29 on Geo-Location Services B. A Recent Approach to Smartphones V. From Theory to Practice A. A Glance Into the Future: The Proposed EU Regulation Approach B. Recent Cases on Mobility Data VI. CLOUD COMPUTING CONCLUSIONS
From the very moment of its foundation, the European Union (Eu) has tried in every way to eliminate any obstacles to the free circulation of goods, services and people across borders. In fact, the EU is based on what have been defined as the four basic European freedoms; these basic freedoms are: free circulation of goods, free circulation of capital, free circulation of services, and (last, but certainly not the least important) free circulation of people. (1) The elimination of any kind of barriers and the possibility for people to offer their services and goods regardless of their place of origin has been the driving force of the European Commission from the outset. In essence, mobility is at the very heart of Europe; in order to foster growth and freedom, everyone and everything has to be free to move, work, and live wherever they see fit--people have to be able to move freely, and so do goods, services, etc.
Needless to say that whenever people move, their data move along with them. If a European citizen wants to move and work in any country within the EU, his or her data must follow him or her from the country of origin to the country of destination; therefore, making sure mobility is not restrained has always been a top priority for European legislators.
It is for these reasons that the concept of mobility is clearly present and expressly mentioned in the title of the basic and fundamental law of Europe on data protection (the "Data Protection Directive"), which is set to regulate "the protection of individuals with regard to the processing of personal data and on the free movement of such data" (2)
It is fair to say that even though the mobility of data was conceived as a requisite at the outset of European legislation on data protection, European legislators could not have known how important mobility would become for data protection law, and most of all, how different the concept of data mobility would be from what it was originally foreseen to be in 1995. For the sake of time, I shall not spend time describing the changes, the improvements, and the different progresses of technology that have increased the amount of mobility data available nowadays; we all know the technology, we all use it and we all have it in front of our eyes. I would rather start with examining the different aspects of mobility that are relevant to data protection law and how European legislators have dealt with it.
I. WHAT PERSONAL DATA ARE MOBILITY DATA?
A. A Possible Definition
When addressing the issues raised by mobility data we need to ask ourselves whether there is a definition of mobility data under European Law that we can use as a reference. The answer is no--as of today, European Law (and, to the best of my knowledge, any data protection law of any other country) has no definition of mobility data. The closest one gets is European Directive 2002/58/EC, in which Article 2(c) defines "location data" as "any data processed in an electronic communication network indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications services." (3)
This definition makes no reference to mobility. Eventually location data will turn out to be mobility data (if one knows the location of a data subject in any given moment and assuming in time the data subject has changed his or her location). …