INTRODUCTION

The system of personal data protection is mostly built on the premise of prevention The law affects any natural or legal person who works with personal data, which means a person who processes such data The term ‘personal data’ and its exact meaning is therefore the cornerstone of the whole system Once anyone processes this special kind of data, which the law sees as personal, they fall within the framework of Directive 95/46/EC and are bound to perform all the duties of a data controller, unless one of a small number of exceptions applies to them Directive 95/46/EC is a preventive tool It protects privacy by preventing abuse of personal data It is based on the idea that processing personal data in accordance with the rules minimises the risk of harm to privacy This idea was also acknowledged by the Court of Justice of the European Union (CJEU) in several recent cases, e.g the Google Spain case and the Rynes case, where the Court stated that a high level of protection of the right to privacy, with respect to processing of personal data, must be ensured.

This chapter examines how the core concepts of ‘personal data’ and ‘personal data processing’ evolved over the years when the Directive has been applicable, and aims to test the system's stability The hypothesis is that the definitions of these concepts are too broad Thus, the data protection law regulates such kinds of data that the system cannot actually handle Therefore, the only way to maintain the system is not to enforce the rules.

DEFINITION OF PERSONAL DATA

For testing the hypothesis, it is necessary to start from the very basic concepts European Directive 95/46/EC (hereinaft er referred to as ‘the Directive’) defines the term ‘personal data’ quite broadly as ‘any information relating to an identified or identifiable natural person’ The person whose data are processed is called ‘data subject’ and Art also states that an identifiable person is a natural person ‘who can be identified, directly or indirectly’