Main Categories | Law | GDPRSchutzgüter:Controllers & Others

CO.32 Personal or Household Activity

 

The so-called household exemption excludes personal and family data processing from the scope of the GDPR. Therefore Art. 2 II c GDPR reads:

 

The GDPR does not apply to the processing of personal data “by by a natural person in the course of a purely personal or household activity”.

 

The household exemption exists because the comprehensive and bureaucratic regulatory model of the GDPR would be unsuitable for the private sphere. In the private sphere compliance with the requirements of the GDPR would hardly be possible and would hardly be controllable.

 

However, the household exemption is above all also required by fundamental rights. It protects the right to private and family life [Tile CO.06and the “natural freedom of the individual to process data” (von Lewinski) [Tile CO.33] against excessive regulation. This does not mean that the “controller’s” claim to autonomy would be regarded as fundamentally more worthy of protection than that of the “data subject”. Rather, the private and family sphere should not be “disturbed” by the application of data protection law.

 

The household exemption thereby serves both the “controller” and the “data subject”, because the roles change constantly in the private sphere. In bilateral, equal communication, sometimes one is the “controller”, sometimes the other; sometimes one is the "data subject", sometimes the other.

 

Of course, the rights of the “data subject” can also be affected by purely personal activities of the “controller”. In fact, the most emotional and dramatic conflicts arise in social proximity relationships. However, these are characterised by a “complex fundamental rights interplay of various protective positions” (Kühling/Raab). Accordingly, jurisprudence also recognises a “protection-free” or “insult-free” space.

 

According to the legislator's assessment, data protection law is not the appropriate instrument to regulate this network of relationships. The legislator leaves this area more than other areas to the self-regulation of private individuals. Nevertheless, there is no gap in protection here. The “data subject” is not deprived of protection by the non-applicability of the GDPR. It is merely that the numerous preventive obligations of the GDPR do not apply. The protective provisions of civil and criminal law apply. The lower intensity of regulation is an expression of the principle of proportionality (cf. Art. 52 I CFR).

 

See also Rec. 18 GDPR.

Authors
Winfried Veil
Social Media
Last update: 2021-05-22 12:43:38
By: Winfried Veil
Created at: 2021-05-12 12:40:40