The Scope of data protection law
As discussed the EU and Ireland now have a variety of data protection laws, each of which has a different scope. The right to data protection provided by the EU Charter of Fundamental Rights only applies to EU law itself and implementations of those laws by Member States.
The scope of the Data Protection Directive is set out in Article 3, which states:
“1. This Directive shall apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system.
- “This Directive shall not apply to the processing of personal data:
– “in the course of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union and in any case to processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law,
– “by a natural person in the course of a purely personal or household activity”
The last of these exceptions, for personal or household data processing, was considered by the CJEU in Ryneš in which the Court held that it:
“…must be interpreted as meaning that the operation of a camera system, as a result of which a video recording of people is stored on a continuous recording device such as a hard disk drive, installed by an individual on his family home for the purposes of protecting the property, health and life of the home owners, but which also monitors a public space, does not amount to the processing of data in the course of a purely personal or household activity, for the purposes of that provision”
The scope of Irish data protection law is set out in section 1 of the DPA. It is fully discussed in Chapter 7 of Privacy and Data protection Law in Ireland