Art. 7 CFR reads:
“Everyone has the right to respect for his or her private and family life, home and communications.”
Data protection serves to protect this right to respect for private life. However, the relationship between the fundamental right to data protection (Art. 8 CFR) and the fundamental right to private life (Art. 7 CFR) is controversial. According to the presumably prevailing opinion, data protection law serves various fundamental rights, but first and foremost the right to private life.
In Art. 1 I Data Protection Directive 95/46 (which then was replaced by the GDPR) the protection of privacy was still particularly emphasised:
“In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.”
This emphasis has now been dropped. Only in Rec. 4 (3) GDPR the fundamental right to private life is mentioned as one of several fundamental rights:
“This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications […].”
The ECJ usually quotes Art. 7 and Art. 8 of the Charter of Fundamental Rights together, thus expressing the close interconnection of these two fundamental rights.
The recitals list potential risks and harms that data processing may entail for private life. See in particular:
- Immaterial damage [Tile DS.09]
- Damage to reputation [Tile DS.10]
- Other significant societal disadvantage [Tile DS.11]
- Identity theft or fraud [Tile DS.12]
- Integrity and confidentiality of the data [Tile DS.15]
- Special obligation of confidentiality [Tile B.16]
The list of privacy risks mentioned in the GDPR is certainly not exhaustive. For a comprehensive classification, see Tiles RC.