Dead Ringers? Legal Persons and the Deceased in European Data Protection Law
34 Pages Posted: 18 May 2020 Last revised: 19 May 2020
Date Written: May 13, 2020
Abstract
Notwithstanding suggestions that the treatment of legal and deceased person data during European data protection’s development has been broadly comparable, this paper finds that stark divergences are in fact apparent. Despite early fusion, legal persons have been increasingly seen to have lesser and, more importantly, qualitatively different information entitlements compared to natural persons, thereby leaving European data protection with a very limited and indirect role here. In contrast, natural persons and the deceased have not been conceived as normatively dichotomous and since the 1990s there has been growing interest both in establishing sui generis direct protection for deceased data and also indirect inclusion through a link with living natural persons. Whilst the case for some indirect inclusion is overwhelming, a broad approach to the inter-relational nature of data risks further destabilizing the personal data concept. Nevertheless, given that jurisdictions representing almost half of the EEA’s population now provide some direct protection and the challenges of managing digital data on death continue to grow, the time may be ripe for a ‘soft’ recommendation on direct protection in this area. Drawing on existing law and scholarship, such a recommendation could seek to specify the role of both specific control rights and diffuse confidentiality obligations, the criteria for time-limits in each case and the need for a balance with other rights and interests which recognises the significantly decreasing interest in protection over time.
Keywords: companies, data protection, confidentiality, personal data, privacy, sole traders, testamentary interests, reputation
Suggested Citation: Suggested Citation