The right to protection of personal data is not an absolute right, but must be balanced against other fundamental rights, in accordance with the principle of proportionality [Tile CO.01]. The right to informational self-determination “must be balanced against the freedom to gather, process and use information for one’s own purposes, including for changing purposes” [BVerfG, Order of 6 November 2019 - 1 BvR 16/13 -, para. 87].

This multidimensionality of fundamental rights is insufficiently recognised by the GDPR as a whole. Among the rights and freedoms of natural persons that the GDPR seeks to protect, the fundamental rights of the controller are hardly explicitly taken into account.

Therefore, the fundamental rights of the Charter of Fundamental Rights must be used directly for the interpretation of the term "rights and freedoms". Art. 16 CFR protects the freedom to conduct a business:

"The freedom to conduct a business in accordance with Union law and national laws and practices is recognised."

Based on Art. 16 CFR, the controller may process personal data if this is necessary for the freedom to conduct a business.

In the absence of provisions in the GDPR that are adequate for fundamental rights, the principle of proportionality (Art. 52 I CFR) must be applied in order to weigh up the rights of the data subject against the controller’s freedom to conduct a business (see Practical Concordance, Tile P.04). Cf. furthermore Art. 1 II GDPR and especially Rec. 4 (2) GDPR:

“The right to the protection of personal data is not an absolute right; it must be […] balanced against other fundamental rights, in accordance with the principle of proportionality.” [see also Tile CO.01].