INTERCONNECTIVITY AND DIFFERENCES OF THE ( INFORMATION ) PRIVACY RIGHT AND PERSONAL DATA PROTECTION RIGHT IN THE EUROPEAN UNION *

Right to (information) privacy and right to personal data protection have many common contact points. However, the very act of developing data protection, as a younger right into the sui generis right shows that these two rights are not the same and that there are differences between them, huge enough to make them separate legal rights. The main trigger for noticing their different nature, purpose and background and for development of the data protection into the separate right was the revolution in the information technology solutions. This IT progress, for the first time, enabled massive and relatively cheap operations with the personal data and brought not only concern about the security of the personal data, but also unbelievable business possibilities. It was the turning point for the codification of the data protection right which started from 1970ies, aiming to create separate rules and legislation which will understand the importance of not only of protecting personal data but of their regulated and lawful usage. Despite all what was said, there is still certain confusion regarding these two rights, mainly because in the initial phase of the massive usage of the new IT solutions, when the data protection legislation still wasn’t developed, information privacy right served as the only legal protection of the data protection right and the relationship between these two rights is complex even today and deserves to be further researched.


FOREWORD
Right to privacy and right to personal data protection are in many ways related personal rights.Nevertheless, their common ground and certain extent of overlap is noticeable.However, each of these two rights has its own broader coverage and meaning that goes beyond their common scope.Interrelation between these two rights is still not deeply researched and one of the reasons behind is the fact that personal data protection right represents relatively new legal right with the codification that started as late as in 1970ies 1 with the permanent further developments caused by the development of the information technology and appearance of the new IT solutions.That is why in this article, connection between these two rights has been further researched and elaborated with the focus on the effects that these two rights have on each other.
Furthermore, this article deals with their interrelation measured through their common prism (overlapping part), whereby the broader scope of each of these rights goes beyond the common area remained intact.According to mentioned topic, first of all there was a need of defining the scopes of each of these two rights and then, elaborating on their interconnection and impacts on one another in the theoretical area and in jurisprudence.

PRIVACY RIGHT
Privacy right is the basic human right recognized in the international law, EU law and legislations of the number of countries.This right provides protection to the individual against excessive interference by the state government, public and other individuals in the information, physical, spatial and communication sphere (aspects of the privacy right) of this particular individual 2 .Right to privacy is much "older" right than right to the "personal data protection".Namely, first mentioning of the right of privacy was even in the Bible and Hebrew culture where there are many references to the right of privacy.Also, in Classical Greece and Rome and ancient China, right to privacy was known, mainly as a right to be separated from one another.First law on privacy protection was drafted as early as in 1361 in England etc. 3 .The most important codification of the privacy right in relation to data protection was based on the Warren and Brandeis4 article from 1890 when privacy right (right to be let alone) was enlarged to the protection of data related to the particular person.
Despite its long history, privacy right, its meaning and scope is still hard to define in the unique way.The reason for that is subjective understanding of the concept of privacy as well as breaking someone else's privacy, which is based on our social and cultural environment, history, heritage, religion etc.This is the reason for the lack of one universal definition of the privacy itself.
The main focus of this paper is on the information privacy, as one of the privacy aspects which is related to the data protection as such.Information privacy assumes protection of the person in terms of its personal data, namely, "right of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others"5 .
Besides the importance of the information privacy for the context of this paper, this particular aspect of the privacy right is nowadays generally important, according to huge pressure on the privacy of the individual in the era of the high technology development.
Considering a long history of the privacy right and its legal sources, it is worth to see that even information privacy aspect was recognized rather early in the number of the legal sources.For instance, Universal Declaration of Human Rights from 1948, in its Article 12 states that "no one shall be subjected to arbitrary interference with his privacy, family, home or 3 Pedic, Z., op.cit (1), p. 9. correspondence or to attacks upon his honor and reputation.Everyone has the right to the protection of the law against such interference or attacks".Also, European Convention on Human Rights from 1950 in its Article 8 states that "everyone has the right to respect for his private and family life, his home and his correspondence".
However, personal data protection that was guaranteed through the protection of the information privacy was not comprehensive since it took into account only the privacy angle, and further creation and development of the data protection right as a separate legal right, brought broader perspective and meaning of the personal data protection right itself.

PERSONAL DATA PROTECTION RIGHT
Unlike privacy right, personal data protection right is pretty recent and its codification started as late as in 1970s triggered by the development in the IT sphere which enabled faster and (what is also important) much cheaper manipulation and operations with the personal data.At that time, it was realized that such operations represent potentially important social threat, especially automated processing of information and that rapid and inexpensive processing of information, together with the increased availability of data could bring some dangers, especially to privacy6 .That is why primary goal of the personal data protection is protection of the physical person, through the protection of its personal data or data that relate to this particular person.And according to the most important legal source dealing with the data protection issues in the last 20 years, namely, Directive 95/46/EC, Article 2, 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.Similar definition is present in all other relevant legislation dealing with the personal data protection issues.
However, besides the awareness of the possible treat that usage of the personal data can do to the privacy of the data subject, there was also huge awareness of the importance of the personal data for the business possibilities, for the possible progress in many type of services and their massive usage in making our daily life much easier.This is why logic behind the personal data protection right is, to ensure protection to all personal data, not only to these data which usage can cause privacy issues, but also, not to ban their usage, but to enable it according to the defined rules and principles.In this way, data protection right serves to both purposes, on the one hand, to protect personal data of their unlawful usage, but on the other, it defines rules and criteria for their lawful usage.
Defining rules and criteria for their usage assumes that personal data protection completely excludes subjective approach (i.e., Directive 95/46/ EC, in its Article 7 introduces criteria for making data processing legitimate).All of the above means that data protection right guarantees protection of the personal data always when there is a miscarrying of the personal data (breaching criteria and principles related to dealing with the personal data), no matter of the possible violation of the person's privacy seen exclusively as an intimacy.
Getting back to the historical development of the personal data protection, as it was said above, this right became separate legal right after 1970es when progress in technology caused much bigger pressure to ensure protection.This progress enabled almost daily new solutions and products which impact on our daily life.So, nowadays, it is almost impossible to imagine the life without the bank account, credit cards, internet, e-transactions etc.
Information is today something business cannot function without and it is even the primary source of many businesses' competitive advantages, and physical loss of key information or the loss of confidentiality of sensitive information could have a severe negative impact not only on person but also on business as such 7 .Consequences of the progress are much more jeopardized personal data (and privacy) than before although technology changes and progress are primarily seen as a positive development and only secondary as a possible treat and danger for the personal data.As a result of all these processes and understanding of the IT progress and its impact on the personal data matters, data protection right began its development.In 1973 and 1974, Council of Europe adopted 2 Resolutions 8 with the goal of defining basic principles of the data protection.on Human rights from 1950, by its article 8 (right to respect private and family life) in the absence of the specific data protection legislation, indirectly ensured partial protection of the personal data.European Court of Human Rights used this Article 8 as a ground for ensuring personal data protection in the concrete court cases and extended privacy protection to the protection of the individual with regard to the processing of personal data related to its personal life (i.e.Malone v.The United Kingdom, ECHR judgment from August 2 nd , 1984).From such the examples it is visible that at the beginning, privacy right served as a guarantee of the data protection right in absence of the sufficient legal sources for the protection of personal data itself.Court explicitly states that aspects of the right to private life include the physical and psychological integrity of a person, sex life and gender, personal data, reputation, names and photos.Jurisprudence of the European Court of Human Rights confirmed aforementioned.
For instance, in its judgment Leander v. Sweden, judgment from 1987 and later in the judgment Rotaru v. Romania in 2000, European Court of Human Rights states that collecting, storing of information related to an individual's private life in a register and then releasing of such information is within the scope of Article 8 of the European Convention on Human Right.Also in the case S. and Marper v. United Kingdom from 2008, European Court of Human Rights confirmed that retention of finger prints, cellular samples and DNA profiles (personal data) represents an interference with the applicants' right to respect for their private lives, within the meaning of Article 8, para 1 of the Convention.
When deciding on the possible violation of the Article 8, para 1 in the context of the data protection, European Court of Human Rights tested two main conditions: whether there has been an interference with the private life of the data subject, and whether that interference is justified (i.e. in accordance with the law, pursues a legitimate aim, and is necessary in a democratic society, meaning that is relevant and sufficient and proportionate to the legitimate aims pursued).In this way, European Court of Human Rights applied its test of proportionality and sought for the fair balance between competing public and private interests 10 .However, mentioned way of protecting personal data was only limited, considering the fact that European Court of Human Rights decides in the context of the human rights violation and, in this case, checks the impact on the private life of the related individual and in this way limits its scope to information privacy without providing coverage of the right of the personal data protection as it is later defined by the EU legislation in this area, meaning, according to principles and rules for the legitimate operations with data.
After the development of the data protection legislation in the European Union, starting with the Directive 95/46/EC, data protection right and its judicial protection got an additional perspective.Cases before European Court of Justice, although taking into account privacy perspective, as it is clearly stated in the Article 1 of the Directive (In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons and in particular their right to privacy with respect to the processing of personal data), extended focus of the personal data protection to its proper usage, according to the principles defined by the Directive, and according to the criteria for making data processing legitimate.Examples of such cases are of the European Court in this particular area, are Rechnungshof v. Osterreichischer Rundfunk, Lidquist, Promusicae etc.
Further development of the data protection right and its respective legislation, including introduction of this right as sui generis right into the fundamental human rights within the European Union Charter of Fundamental Rights etc., confirms that considering data protection right only as a part of the privacy right would be wrong 11 .In this regard, although previously argued, today it is very rarely said that data protection right represents part of the right of (information) privacy.Development of the personal data protection right proved that its scope goes beyond information privacy (considered from the aspect of intimacy).Right to personal data protection provides protection to all personal data, regardless of their relationship with privacy or lack of such a relationship "since the personal data protection focuses on data itself " 12 .So, despite certain overlap between these two rights, both of them go beyond their common area.The right to personal data protection gives protection to all personal data including those which processing and usage do not necessarily impact on the privacy of respected individual.Such broad protection was mainly introduced according to fast development in the IT area and uncertain future in terms of the possibilities that IT sector can bring in terms of the processing of the personal data.Other logic behind the personal data protection vs privacy is in the fact that the goal of the personal data protection is not banning the use of the personal data as such, but rather introducing control over its usage.It means that in the era of globalization and fast growing IT possibilities, economic goal of the personal data protection is to enable their usage but under defined rules.In this way, economic purpose of the personal data as a very valuable resource in the globalized world is not ruined, and on the other hand, personal data has guaranteed respectable protection.
Getting back to the European Charter of Fundamental Rights, (which became legally binding after entering into force Lisbon Treaty in 2009), by this Charter, data protection right actually got protection of its "human right dimension" within the EU legislation and in the European Court.Indeed, a different theoretical rationale behind the European Court (striving for further EU harmonization) and European Court of Human Rights (providing minimum human rights standards protection) persists 13 .
Data protection is a fast-moving area, and after many years of preparation, European Union conducted the reform, aiming to further improve the legislative base and, as it was said above, in 2016, EU enacted the new legislative package, in force from the May 2016.In order to ensure a consistent and high level of protection of natural persons and to remove the obstacles to flows of personal data within the European Union, Regulation (EU) 2016/679 will replace the data protection Directive 95/46/EC with a date of application on 25 of May 2018.Beside the fact that is it not possible to predict what future development will bring in the context of the interrelation between the data protection right and information privacy, the technology shows the trend towards even more complex situation in the future.
It is also worth mentioning that not only data protection right has its broader scope than information privacy, but also, when we speak of the privacy right, information privacy is only one of its aspects.Besides the information privacy, privacy right includes privacy of beliefs, home and family life, privacy of the person and possession etc.
In any case, interrelation between data protection right and information privacy represents complex area of many similarities and many differences.

CONCLUSION
All mentioned in the previous chapters implies that privacy right has in its focus potential violation of one's intimacy while data protection right doesn't imply this precondition but provides protection to all personal data while at the same time, enables their usage according to the prescribed rules.It means that right to data protection excludes subjective aspect of judging on the violation but includes objective criteria based on which decision is made.
Considering growing importance of the personal data protection right, development of the legal sources regulating this issue on the European level, recent reforms, recognition of this right among the population, in this Article, interrelationship between privacy and data protection right has been elaborated.
In any case, both sides of this complicated relationship between the right to (information) privacy and right to protection of the personal data should be carefully considered and possible unintended consequences can be noticed through some real case examples.For instance, possible absurd situations illustrates the European Court of Human Rights case of K.U. vs. Finland from 2008, when personal data protection caused protection of privacy of the unknown person who placed an advertisement on a dating site on the Internet in the name of the applicant who was 12 years old at that time, without his knowledge and service provider refused to divulge the identity and Finish court refused to oblige service provider to do so, because of the lack of explicit legal provision asking to disclose telecommunications identification data in breach of professional secrecy.Finally, European Court of Human Rights found violation of the Article 8. in this particular case.This is just one example which highlights importance of the consideration of the totality of each situation and importance of weighing when deciding upon privacy and data protection.
According to its growing practice caused by the growing technologies and IT possibilities and practices; and bigger focus on the data protection right visible in growing number of cases; one cannot deny that data protection, because of this bigger focus, became guarantee of the information privacy right since data protection "has much more breadth and depth and since failure to appreciate the full dimension of the data protection challenge can lead to poor data protection management and costly resource allocation issues as well as exposure to risk created by ineffective data protection" 14 .In any case, this paper confirmed complex relationship between these two rights, their complementarity and interconnectivity, but also their different meaning and purpose.

1
Pedic, Z., The Right to Personal Data Protection vs.The Right of Access to Information in The European Union, Doctoral Thesis, University of Zagreb, Faculty of Law, Zagreb, 2014. 2 Dragicevic, D. Privacy in the virtual world, Zbornik PFZ, 51 (3-4), 2001, and see note 3: Pedic, Z, op.cit.
Furthermore, in 1980, OECD published its Guidelines on the Protection of Privacy and Trans-border Flows of Personal data, and in the same year, Council of Europe adopted Convention No 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data.Process was continued by adopting Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data in 1995 and introducing data protection right into the Charter of Fundamental Rights of the European Union in 2009.This process continues until today and relevant bodies of the European Union in 2016 adopted the Regulation 2016/679 on the protection of natural person with regard to the processing of personal data and on the free movement of such data which repealed Directive 95/46/EC and the new Directive 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties and on the free movement of such data which repealed Council Framework Decision 2008/977/ JHA.Both documents entered into force in May 2016.4.INTERCONNECTION AND DIFFERENCESPersonal data protection right, since its introduction into the legislation in 1970s was officially ascribed to the objective of serving "privacy" 9 .Furthermore, personal data protection was even long time considered as a part of the privacy right, primarily because the European Convention 8 Council of Europe Resolution (73)22 on the protection of the privacy of individuals vis-à-vis electronic data banks in the private sector (Adopted by the Committee of Ministers on 26 September 1973) and Resolution 74(29) on the protection of the privacy of individuals vis-à-vis electronic data banks in the public sector (Adopted by the Committee of Ministers on 20 September 1974).