< Terug naar vorige pagina


From the Principle of Accountability to System Responsibility – Key Concepts in Data Protection Law and Human Rights Law Discussions

Boekbijdrage - Hoofdstuk

The principle of accountability is one of the features of current reform proposals of the EU Data
Protection Regime. In this contribution I will fi rst look at a possible defi nition of the principle,
then turn to its application in the area of data protection law, and fi nally turn to European human
rights law.
The paper wants to broaden the discussion about the reform of the Data Protection Directive by
turning to human rights law and borrowing insights from a 2008 United Nations Report Protect,
Respect, Remedy proposed by John Ruggie, Special Representative to the Secretary-General on
Business and Human Rights. The report identifi es three building blocks to respond to governance
gaps in human rights protection caused by international corporations in weaker developing states.
Although the report does not advocate accountability or enhanced responsibility for these global
corporations, it contains a broader sketch of areas of legal attention to avoid governance gaps: the
area of ex ante law making and ex ante and ex post enforcement (protection), the area of corporate
responsibility (respect) and the area of access to remedies when violations have occurred
(remedy (ex post)).
From a European human rights perspective, governments have to show that they are active in
all three areas. The doctrine of positive human rights duties developed by the European Court
of Human Rights is fundamental in this. This doctrine, as it is used by the Court, forces member
states to take up their duties with regard to the Internet and other modern media.2 It is not only
about non-interference, but about the full package: to protect, create respect and to remedy. More
specifi cally, governments must protect their citizens against human rights abuses by companies and
against abuses by other users on the Internet (fi rst building block); ensure that companies respect
their human rights obligations (second building block); and provide easily accessible remedies or
remedial action (third building block).
Hence my thesis that not only corporations or data controllers have to give account. On a broader
level, governments have to give 'accounts' with regard to the three building-blocks. The idea of
system responsibility nicely catches this broader responsibility.
Boek: International Data Protection Conference 2011
Pagina's: 88-120
Aantal pagina's: 33
Jaar van publicatie:2011
Trefwoorden:law & technology
  • ORCID: /0000-0003-4084-6898/work/61424188