Although GDPR is, arguably, one of the most important regulations to come into effect in the area of personal data privacy for over 20 years, it sits within a wider national, EU and international human rights privacy framework.
Article 40.3 Personal Rights
The Irish Constitution does not have an express right to privacy. However, privacy is recognised by Irish courts as an unemumerated personal right under Article 40.3.
Charter of Fundamental Rights of the European Union
Articles 7 and 8 of the European Union's Charter of Fundamental Rights provide for express rights to privacy of the individual, their home and communications as well as their personal data.
Article 7 Respect for private and family life
"Everyone has the right to respect for his or her private and family life, home and communications."
Article 8 Protection of personal data
"1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority."
Treaty of the Functioning of the European Union (TFEU)
The TFEU is one of two primary treaties of the European Union which forms the basis of European law.
Article 16(1) of the TFEU provides that:
"Everyone has the right to the protection of personal data concerning them"
Universal Declaration of Human Rights
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Not an absolute right
The right to privacy is not an absolute right.
It is balanced against other fundamental human rights, the common good in accordance with the law and the principles of necessity and proportionality.
This guidance has been prepared by the HRB to help researchers in the health domain comply with GDPR requirements.
It is intended to be general guidance for educational and informational purposes only.
It is not legal advice.