The household exemption: Is “personal” processing of “personal data” possible?

LinkedIn article, published on 21 Oct 2018

 

The household exemption dominates Article 2 of the GDPR, the automated/non-automated distinction being by now outdated: The GDPR does not apply whenever processing of personal data is done “by a natural person in the course of a purely personal or household activity”. In the age of digital homes, social networks and the gig economy, one cannot but wonder how can this be: Is there still a clear line between the public and the private?

The household exemption is heritage from the 1995 EU Data Protection Directive that the GDPR replaced. While examining heritage provisions one should always keep in mind when the Directive was written: During the early nineties, when there was, practically, no internet at all – certainly not for the masses, at least.

The idea itself of separating private from public life for the same individual (“personal” as opposed to “public” activities) is peculiar at best. It has not been with us for ever, because Greek and Roman societies were not aware of it. Particularly Greeks frowned upon individuals who chose a private, in the sense of not participating in the city politics, over a public life. Romans did produce a line of philosophy advocating exactly that, however I think that both societies would be baffled to see that our society thinks that any given individual can walk in and out of a “private” and a “public” life at will, many times within a single day.

The distinction between the two, and indeed the idea that a private life was socially acceptable, was mostly later-European. It may have originated from the empowerment of the individual, essentially to read and understand the Bible alone. At any event, before the digital emerged it served mainly to protect celebrities of any type: After all, one should not forget that the famous “right to be let alone” was proclaimed by a celebrity of the time that got infuriated at the unauthorised publication of journalistic reports from a socialite wedding.

The idea itself that a “celebrity” or a “public person” should be allowed a private life is also peculiar. If anybody by choice or birth becomes a public person, how is it possible that for certain hours within his or her day he or she should be out of the public sphere? Even if that idea became somehow acceptable, as it seems to be the case in modern societies, who decides the when and the how much for the creation of this private space? Who is to tell if, and why, kings, politicians, high court judges or clergymen are to be given less such space than footballers or singers?

A long series of court cases over these issues are evidence that they are far from resolved. They deal not only with the law but also with the ethics of each society this problem is applied to. Data protection became an additional legal tool in the kit.

The digital served to democratise this problem. The distinction between personal and public activities now became critical for each one of us.

When exactly are we engaged in “personal” and when in “public” activities? Posting to Facebook should at all times be considered “personal” and posting to LinkedIn “public”? Compiling an address list is “personal” but when we make recommendations on professionals on an online platform, and even get benefits from the platform for it, our processing becomes “public”? Could keeping an online blog ever be considered as purely “personal”? Transmitting usage data from our smart home appliances is to be considered “personal” for all members of our family or even our block of flats?

The GDPR seems to think that a clear line can be drawn, however I think that this is highly questionable. Humans, being social animals, were in fact never intended to have two types of lives, a public and a private one. Expedience and historical developments may have brought forward this idea, which over the centuries became so much embedded in our lives as to consider it a self-evident truth – and to design our laws accordingly. However, the digitisation of billions of human lives will inevitably make the limitations of this approach obvious – and I think that the GDPR has much to lose if it persists on this basic misunderstanding of human life.

 

Tagged with: ,