CYIL vol. 11 (2020)

ONDREJ HAMUĽÁK – HOVSEP KOCHARYAN – TANEL KERIKMÄE CYIL 11 (2020) praxi Soudního dvora EU a Evropského soudu pro lidská práva. Autoři si kladou za cíl najít odůvodněné odpovědi na výše uvedené otázky a navrhnout řešení existujících problémů v dané oblasti práva. Key words: post-mortem, data protection, privacy, dignity, reputation. About the authors: Ondrej Hamuľák is a Senior Lecturer at the Faculty of Law, Palacký University Olomouc (Czech Republic) and Adjunct Professor in EU Strategic Legal Affairs, TelTech Law School (Estonia). He participated in the work on this paper on behalf of Jean Monnet Network Project 611293-EPP-1-2019-1-CZ-EPPJMO-NETWORK “European Union and the Challenges of Modern Society”. Email: ondrej.hamulak@upol.cz. Hovsep Kocharyan is a doctoral student at the Department of International and European Law, Faculty of Law, Palacký University Olomouc (Czech Republic). He participated in the work on this paper on behalf of the Project of specific research no. IGA_PF_2020_003 “Fostering the Right to be Forgotten as the Elementary E-right – Analyses of the Judicial Approach, Contemporary Developments and Challenges”. Email: hovsep.kocharyan01@upol.cz. Tanel Kerikmäe is a professor at TelTech Law School (Estonia) and Senior Researcher at the Faculty of Law, Palacký University Olomouc (Czech Republic). He participated in the work on this paper on behalf of project no. 20-27227S “The Advent, Pitfalls and Limits of Digital Sovereignty of the European Union” funded by the Czech Science Foundation(GAČR). Email: tanel.kerikmae@taltech.ee. 1. Introduction The issue of processing and protecting personal data in the EU remains one of the most controversial issues in both theoretical and practical terms. New EU legislative changes in the field of data protection law (the entering into force of the GDPR) like the previous Data Protection Directive 95/46/EC (the DPD) have left the issue of post-mortem personal data protection without due attention. However, the EU lawmaker does not seem to follow these risks and decided to take a different position on this issue. Thus, according to Recital 27 of the GDPR: “This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons.” 2 , thereby leaving the issue of post-mortem personal data protection to the discretion of the EU Member States. Moreover, the GDPR does not oblige the EU Member States to provide in their legislation special rules for the processing and protecting of the personal data of the deceased at their discretion, but only provides them with unlimited discretion. This EU policy has led to the fact that some of the EU Member States (such as Germany, Ireland, Cyprus and so on) have not provided any special rules for processing and protecting personal data of the deceased in their legislation, but others (such as Sweden 3 ) directly exclude this protection. In our opinion, serious attention should be paid to this issue by the EU lawmakers. They should not forget that the personal data of the deceased, freely available on the Internet, 2 See Recital 27 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). 3 Section 3, Sweden, Personal Data Protection Act (1998:204), available in English at: http://www.sweden.gov.se/ content/1/c6/01/55/42/b451922d.pdf.

226