by Rita de Sousa Costa, law student at UMinho and Tiago Sérgio Cabral, law student at UMinho
Most people do not have any idea of how much the processing of their personal data affects their daily life. In today’s world, our e-mail has the ability to distinguish between important and unimportant e-mails based on our previous communications. When we want to read the news our phones and tablets are able to predict the events and sources that we would be interested in. Facebook knows more about our friends than we do. If you want to watch a movie, Netflix has a broad selection and may give you some tips based on your previously watched list, same with Youtube. If we have a favorite supermarket chain it probably knows what we like to buy through our customer cards. Our keyboards are able to predict the very words we will type[i].
We would find a rather different scenario if we looked to the world in 1995. Twenty years ago, the Internet was still in its early stages of development and was rather different from what we know and use today[ii]. E-mail and instant messaging were unknown to the general population. Google (and search engines as we know them today) did not exist. Social networking and smartphones did, but only in science fiction movies. With this in mind, it is rather astonishing that the EU legal framework regarding the protection of personal data managed to stay, more or less, unchanged for more than twenty years. In these twenty years, the Directive 95/46/CE ensured the protection of personal data for EU citizens fulfilling the required by the Article 16 of the TFUE and the Article 8 of the EUCFR[iii]/[iv].