History of personal data protection

Apply for SearchInform DLP TRY NOW

The concept of personal data as information related to the private life of a person, allowing him to unconditionally identify, and the dissemination of which may cause damage to their carrier, has been formed and entered into legal practice recently. Its formation took place on the basis of such concepts as privacy and information human rights. Subsequently, the task of detailed regulation of standards and procedures for automated data processing and transmission was solved at the level of the European Union. The Russian history of personal data protection is quite young, although it has its roots back in the nineteenth century.

General concept of human rights protection

Personal data protection as a general humanitarian concept dates back to the period of the Great French Revolution. She was the first to proclaim this concept, which distinguishes an individual and denotes the priority of her interests over the interests of an unrestricted state. Later, an understanding of the right to privacy was formed, one of the components of which was the right to protection of personal information. This inalienable right of the individual is protected from illegal encroachments both by the state and by third parties. In its development on the way to the formation of the concept of personal data, the concept has passed a period of existence in the form of personal human rights. They are understood as rights:

  • to receive information regarding the interests of the individual;
  • to protect data related to privacy.

American prehistory

The history of personal data as a concept and its protection began in the United States at the end of the 19th century. It was then that the legal category of privacy and the foundations of its legal protection were formed. Privacy generally refers to privacy. In 1890, two American lawyers - Samuel Warren and Louis Brandyce - defined this concept as "the right to be left alone." They tried to prove that the development of business and the emergence of new methods of doing business creates the possibility of an attack on inalienable human rights. The progress of information technology has only increased the extent of this danger.

The theoretical concept quickly found support in law enforcement practice. In the activities of courts that make decisions on the basis of the Anglo-Saxon system of customary law, by the 60s of the twentieth century, it was possible to derive the right of privacy as the next of the first five amendments to the American constitution. The adjudicating judge acknowledged that the right to privacy, and thus to the protection of personal data, is older than the Bill of Rights.

It was the American concept of privacy, including in relation to the protection of personal data, that formed the basis of the 12th article of the Universal Declaration of Human Rights, approved by the UN in 1948. The article determined that no one, except by a legal decision of a court or authorized bodies, can infringe on the privacy of a person's personal life and correspondence.

European Union and its concepts

After in the 1960s and 70s, personal computers used to process various arrays of information, including confidential information, which included personal data, actively entered the practice of business and government bodies, the question arose about the legal regulation of their status. It was also necessary to take care of establishing generally accepted rules governing the processes of their processing and transmission through telecommunication channels. The European Union and the European Commission quickly realized the seriousness of the problem and moved on to developing their own directives directly regulating the field of personal data protection.

The first significant document was the Convention adopted by the Council of Europe, dedicated to the protection of the rights and freedoms of citizens during the automatic processing of their personal data. The document was adopted in 1981. It identifies data protection as an essential part of the right to privacy in the American sense. His protection was to be carried out in line with the protection of human rights. But this document was of a framework nature, defining the main areas of work in terms of the adoption of regulations, considering the issues of direct regulation of the process of protecting personal data, up to the used methods of hardware processing and applied technical means. As part of this public inquiry, Directive 95 / 46EC was adopted in 1995, which was developed by both the parliament and the government of a united Europe. It was devoted to the processing of personal data and their free movement, including cross-border.

This document was actively adopted by the national legislation of the countries - members of the European Union, but, in addition, in the future, it became the basis for the laws of other countries that are not members of this organization. It is safe to say that the standards developed by European parliamentarians were accepted by the whole world, they offered such a detailed and clear regulation of the issue of personal data protection. Subsequently, in 2000, a Charter of Fundamental Rights was adopted in Europe. This is where personal data and the right to its protection were proclaimed as a fundamental value.

After the formation of fundamental normative acts approving general concepts and standards, the period of publication of normative acts of individual subjects of national law began, not only countries, but also smaller units of administrative-territorial division. The first chronologically in this area of regulation was the law on the protection of personal data of the German province - the state of Hesse, adopted back in 1970. After the first practice of its application began to be created, about 20 more laws of the countries and provinces of Europe were adopted in a short time. These documents introduced real practical mechanisms for protecting the personal rights of a citizen. The development of technical documents on the protection of personal data at this time went in parallel with the development of general regulatory concepts, trying to keep pace with the speed of technological progress.

The 1990s and the rapid automation of information processing increased the level of requests from the European and American society for the approval of standards for the secure processing of personal data, excluding their leakage, illegal distribution or use.

Personal data protection in Russia and the CIS

In Russia, the concept of the right to privacy and confidentiality of correspondence has a long history. The Postal Charter, adopted in 1857 during the reign of Alexander II, and which came into force a little later, in 1876, the Telegraph Charter proclaimed the secrecy of correspondence. She defended herself at the level of criminal law, for violation of the confidentiality of sent messages, punishment was provided for in the Criminal Code. Interestingly, on the basis of the Code of 1903, even officials could be prosecuted if, in the performance of their duties related to the administration of justice, they interfered with the personal lives of subjects of the Russian Empire.

But this concept of legal regulation of privacy has exhausted itself after the 1917 revolution, which repealed all previously adopted laws, including those related to the protection of personal data of citizens and the secrets of their private life and correspondence. The 1918 Constitution contained a section on human rights, but for that war and revolutionary period one can speak of its declarative nature. The document did not accept most of the achievements of European democracy in terms of human rights, proclaiming only such of them as:

  • for protection from exploiters;
  • to participate in management;
  • for free land use.

There could be no talk of privacy during this period, the principle of War Communism excluded any individualism. The USSR Constitution of 1924 also did not pay attention to the private life of a person. Protection of personal data, information about private life, the right to correspondence at that time could not become some reason for deviating from the ideology of communism. But history does not stand still, and soon attention was paid to this aspect of human interests. In the so-called Stalinist Constitution of 1936, a section has already appeared completely devoted to the rights and freedoms of a citizen. The inviolability of the person, the inviolability of the home and the secrecy of correspondence appeared in it. Article 127-128 of the document spoke about this. In terms of the development of the theoretical concept, the adoption of the Constitution in this form was a serious achievement of Russian legal science, but from the point of view of law enforcement practice, most of these norms, including those in the field of personal data protection, turned out to be a formality. Thus, the right to secrecy of telephone conversations was completely ruled out by the adoption of one of the orders of the NKVD, obliging to record all telephone conversations without exception of employees of embassies and international organizations. In addition, mandatory censorship of all correspondence was introduced if the addressee was in another country. In the 1940s, in a military situation, the problem of protecting privacy and the secrecy of correspondence was completely removed from the agenda.

1950-60s in the USSR became a period of thaw. The country began to actively accept international humanitarian values. After the 1966 Pact on Civil and Political Rights was ratified, taking into account its provisions, a new Constitution was developed, which already fully reflected in its articles the emerging practice of protecting information rights, including the right to protect personal data. Respect for the individual has been hailed as an important responsibility for government bodies and officials. Citizens were granted the right to immunity:

  • personality;
  • dwellings;
  • secrets of correspondence, telephone conversations and telegraph messages.

Privacy as an independent value, which includes the right to the protection of personal data, first entered the Russian regulatory field after perestroika, in 1991. The Supreme Soviet of the RSFSR adopted the Declaration containing it literally a few days before the creation of a new Russia. She completely prohibited the collection, storage, use, dissemination of data about a person, if his consent was not obtained. It is in this format that this norm appeared in the current Russian Constitution, adopted in 1993. Further, the Law "On Informatization and Information" was developed and adopted. This happened already in 1995. The regulation classified personal data as legally protected confidential information.

In 1999, at the level of the Assembly of CIS countries, a model law on the protection of personal data was adopted, which gave the participating countries the basic terms and rules for regulating the sphere. It was supposed to form the basis of national legislation. In practice, in Russia, the European concept was adopted to a greater extent, which became the basis for the creation of the law "On Personal Data". In terms of protecting the rights of company personnel, the relevant norms of the Labor Code were borrowed from the recommendations of the International Labor Organization (ILO).

The current Federal Law "On Personal Data" has almost completely adopted the European concept of their protection, with one exception. If in Europe the right to data protection is inseparable from the protection of individuals and their privacy, the Russian legislator considers data as an independent object of law. Responsibilities for its protection are assigned to legal entities - operators, and supervision remains with the state. The requirements imposed are sometimes not economically justified, creating additional administrative barriers for companies to operate.

The history of legal protection of personal data shows how the concepts that exist at the level of the social contract were reflected in the legislation. The way of excessive regulation of personal data protection adopted in Russia at the expense of operating companies has already begun to be revised towards a greater balance of interests of business and individuals - subjects of personal data.