(a) Comply with legally established safeguards, including legislation on data protection, to ensure confidentiality and respect for the privacy of persons with disabilities

Federico FERRETTI Article 31(1)(a) Statistics and data collection

1. States Parties undertake to collect appropriate information, including statistical and research data, to enable them to formulate and implement policies to give effect to the present Convention. The process of collecting and maintaining this information shall:

(a) Comply with legally established safeguards, including legislation on data protection, to ensure confidentiality and respect for the privacy of persons with disabilities

Introduction

Article 31 CRPD is procedural in nature and concerns the collection and use of data on disability for statistical and research purposes. It is a measure functional to the substantive rights that the CRPD recognises. Acting in response to an historical unavailability of data regarding persons with disabilities, article 31 CRPD provides for the collection of data, statistics and research for the twofold purposes of (i) monitoring the implementation of the substantive rights recognised in the CRPD and the duties imposed on states parties, and (ii) facilitating the implementation of the CRPD by supporting the formulation of policies to give effect to obligations encompassed therein.

To the extent that the data to be collected and used by states parties include personal data that are necessary for the realisation of each CRPD right, there were evident concerns during the travaux concerning the possible misuse or abuse of such data in relation to the right to privacy and dignity of persons with disabilities.

This was particularly the case because data collection requires consistent and comparable disaggregated data across states and on all areas of society, including sensitive characteristics such as gender, age, types of disability, health features, education, employment, ethnicity, urban or rural geographical settings, and other relevant categories.

In order to counter the risks associated with any operation or set of operations undertaken with respect to personal data (e.g. collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or blocking, erasure or

1 See Report of the Third Session of the Ad Hoc Committee on a Comprehensive and Integral International Convention on the Protection and Promotion of the Rights and Dignity of Persons with Disabilities (24 May to 4 June 2004), where a number of delegations “expressed a concern for the respect of the right to privacy and the risk of misusing the information, and considered that such an article did not belong in a human rights treaty.

They considered that statistics were not useful as a policy tool, and that resources spent in data collection should be used instead in programmes for persons with disabilities. There should be a mainstreaming of surveys and not just surveys for persons with disabilities” (note 23). On an earlier scholarly account of the possible abuses of statistical data see also Kingsley R Browne, “The Use and Abuse of Statistical Evidence in Discrimination Cases”, in Titia Loenen and Paulo R Rodrigues (eds.), Non‐Discrimination Law: comparative perspectives (Brill, 1999), 411‐423.

2 Committee on the Rights of Persons with Disabilities, Guidelines on treaty-specific document to be submitted

by State Parties under Article 35, paragraph 1, of the Convention on the Rights of Persons with Disabilities,

CRPD/c/2/3 (18 November 2009).

destruction

), article 31(1)(a) includes a general reference to legally established safeguards on how to process such data, and a particular reference to the applicable data protection law. These are instrumental legal tools to protect the substantive rights of confidentiality and privacy of disabled people. A comparative analysis of data protection laws is beyond the scope of this analysis, particularly since in their vast majority data protection laws do not offer any particular treatment to disabled persons. The following analysis will be predicated almost entirely on EU data protection laws and principles on the ground that these are the standard-setters globally.

Legally established safeguards

The concept of ‘legally established safeguards’ refers to national or regional laws (e.g. EU law) that may govern the collection and use of disability data for statistical activities. These may be re-conducted to local regulatory frameworks binding the state parties and they should not be confused with the internationally accepted standards or ethical principles to be employed in the collection and use of statistics. The latter in fact, are separately accounted for in article 31(1)(b) CRPD and they are typically encompassed in international instruments such as the UN Fundamental Principles of Official Statistics

or the UN Principles Governing International Statistical Activities

or the UN Disability Statistics database.

As far as the European Union (‘EU’) is concerned, the organisation of statistics is established via the European Statistical System (‘ESS’), which is represented by the network cooperation between ‘Eurostat’ and the equivalent national organisations in the member states. The legal basis of the European statistical functions may be found in article 338 of the Treaty on the Functioning of the European Union (‘TFEU’), which lays down the essential traits for the elaboration of statistics that - among other features - shall conform to statistical confidentiality. In order to give effect to article 338 TFEU, Council Regulation 322/97

explicitly recognises the importance of protecting the confidential information collected by national and EU authorities for the production of EU statistics, with a view to achieving and maintaining the confidence of the parties responsible for providing this information.

At the same time, it ensures that the confidentiality of statistical information satisfies the same set of principles in all member states. For this purpose, it deems necessary to establish a common

3 See the combined definitions of ‘data processing’ under Directive 95/46/EC, infra note 17 and the GDPR (n 18).

4 UNGA Res 68/261 (29 January 2014), Annex, ‘Fundamental Principles of Official Statistics’.

5 Committee for the Coordination of Statistical Activities, Principles Governing International Statistical

Activities (3 March 2014), available at:

<https://unstats.un.org/unsd/methods/statorg/Principles_stat_activities/principles_stat_activities.pdf>.

6 Council Regulation (EC) No 322/97 of 17 February 1997 on Community Statistics, OL 052, 22/02/1997 P.

0001-0007.

7 Recital 13 of Regulation 322/97.

concept of ‘confidential data’ to be used in relation to the production of EU statistics. This concept must take into account the fact that data taken from sources available to the public are considered confidential under certain national laws.

The definition of 'statistical confidentiality` focuses on the protection of data related to single statistical units that are obtained directly for statistical purposes or indirectly from administrative or other sources against any breach of the right to confidentiality. At the same time, it implicitly prevents the non-statistical utilization of the data obtained and their unlawful disclosure.

Accordingly, data is considered confidential when it allows identification directly or indirectly, thereby disclosing individual information. For the purpose of identifiability, account needs to be taken of all the means that might reasonably be used by a third party to identify the data. By derogation, data in the public domain cannot be considered confidential.

The transmission between statistical authorities of confidential data that does not lend itself to direct identification may take place to the extent that this transmission is necessary for the production of specific EU statistics. Any further transmission must be explicitly authorized by the national authority that collected the data.

Confidential data obtained for the production of statistics can only be used by the relevant authorities exclusively for such purposes, unless the respondents have unambiguously given their consent to the use for any other purposes.

Importantly, the EU and its member states must take all necessary regulatory, administrative, technical and organizational measures to ensure data security - i.e.

the physical and logical protection of confidential data - and to ensure that no unlawful disclosure and non-statistical uses occur when the statistics are disseminated.

This is where specific national law that may exist on data collection by national authorities becomes relevant. At EU level, Decision 97/281/CE implements Regulation 322/97 as regards the role and functioning of Eurostat.

Likewise, the ESS has adopted a European Statistics Code of

8 Recitals 14 and 15 of Regulation 322/97.

9 Art 10 of Regulation 322/97.

10 Art 13 of Regulation 322/97.

11 Art 14 of Regulation 322/97.

12 Art 15 of Regulation 322/97.

13 Art 18 of Regulation 322/97.

14 Commission Decision of 21 April 1997 on the Role of Eurostat as Regards the Production of Community

Statistics (97/281 /EC), OJ L 112/56. Of particular relevance for the confidentiality of the data see Art 9

according to which “Data considered confidential pursuant to Article 13 of the (…) Regulation shall be made

accessible within the Commission, according to the Articles in Chapter V of the (…) Regulation, only to

officials of Eurostat, other staff of Eurostat and other natural persons working on the premises of Eurostat under

contract, and shall be used by them only for the purposes defined in the framework of the (…) Regulation”.

Practice as a self-regulatory instrument containing standards for the independence of national and EU statistical authorities.

The concept of statistical confidentiality has close links with the rights conferred under data protection law where it exists, as also explicated in article 31(1)(a) CRPD.

Data Protection

Under the tenets of article 31(1)(a) CRPD data protection remains anchored to the protection of the confidentiality and the privacy of individuals. Clearly, this reflects the conceptualisation that was generally accepted by the states parties at the time of the drafting of the CRPD – a view that still remains common in many jurisdictions outside the EU.

However, to a significant extent, this connotation reflects an outdated understanding of the modern notion of data protection as developed under EU law.

Personal data protection is a distinctive European innovation in law that over the years has been gaining a mixed fortune outside the EU as well. Its genesis and vicissitudes over time explain why for long it was – and to a large extent outside the EU still is- understood as privacy protection. The horrors of twentieth century European history and the subsequent international conventions

played an important role in the development of data protection laws across the Old Continent and, ultimately, in the adoption of the Data Protection Directive 95/46/EC,

which has now shaped the General Data Protection Regulation (‘GDPR’)

that will enter into force in May 2018. Two factors proved decisive for their enactment under the remit of the EU: (i) the progressive development in information technologies transcending national borders; and (ii) the need for the free movement of personal data within the EU to enable trade and prevent conflicts arising from separate national regimes.

Indeed, the underlying aims and scope of Directive 95/46/EC were both

15 Promulgated in Communication from the Commission to the European Parliament and to the Council on the independence, integrity and accountability of the national and Community statistical authorities

/COM/2005/0217 final. The Code of Practice sets out 15 key principles and standards for developing, producing and disseminating European statistics. It builds upon a common ESS definition of quality in statistics and targets all relevant areas from the institutional environment, the statistical production processes to the European official statistics. It is available at http://ec.europa.eu/eurostat/web/products-manuals-and-guidelines/-/KS-32-11-955.

The Code is inspired by the UN statistical principles cfr. (nn 4 and 5).

16 See Council of Europe, Convention for the Protection of Human Rights and Fundamental Freedoms, ETS No. 5 of 4/11/1950; Council of Europe, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ETS No.108 of 28/01/1981.

17 OJ 1995 L 281, p 0031-0050.

18 Regulation (EU) 2016/679, OJ 2016 L 119, p. 1–88.

19 Recitals 1-11 of Directive 95/46/EC.

the protection of fundamental rights and freedoms of European citizens, as well as the achievement of the internal market. Both objectives were equally important, even though the jurisdiction of the EU on this subject rested on internal market grounds, having its legal basis in article 100a of the EC Treaty (now article 114 TFEU). All the same, the EU legislator consistently took a rigorous ‘fundamental human rights’ approach.

Data protection has become a complex and multifaceted concept both from a societal and a legal point of view. Traditionally, its primary objective has been identified with the protection of personal privacy within the context of processing operations involving personal data. Scholarly debates have helped to largely accept that in general terms privacy protection is a legal way of drawing a line at how far society or other entities (physical or legal) may intrude into a person's personal or private affairs. It entails that all persons should be entitled to conduct their personal (legitimate) affairs relatively free from unauthorised or unwanted intrusions.

The considerable body of literature and many debates on privacy exemplify the

20 Dorothee Heisenberg, Negotiating Privacy (Lynne Rienner, 2005); Viktor Mayer-Schonberger,

“Generational Development of Data Protection in Europe”, in Philip E Agre and Marc Rotenberg (eds.), Technology and Privacy: The New Landscape (The MIT Press, 1997), 219-241; Spiros Simitis, “From the Market to the Polis: the EU Directive on the Protection of Personal Data”, 80 Iowa Law Review (1995), 445- 469; contra, on the utilitarian approach of the UK, see Andrew T Kenyon and Megan Richardson, “New Dimensions in privacy: Communications technologies, media practices and law”, in Andrew T Kenyon and Megan Richardson (eds.), New Dimensions in Privacy Law (Cambridge University Press, 2006), 1-10.

21 See e.g. Samuel Warren and Louis Brandeis, “The Right to Privacy”, 4 Harvard Law Review (1890), 193–

220; Edward J Bloustein, “Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser”, 39 New York University Law Review (1964), 962–1007; Stig Stromholm, Right of Privacy and Rights of the Personality (Norstedt, 1967); J Roland Pennock and John W Chapman (eds.), Privacy (NOMOS XIII, 1971); Jeffrey Paul et al. (eds.), The Right of Privacy (Cambridge University Press, 2000); James Rachels, “Why Privacy is Important”

4 Philosophy and Public Affairs (1975), 323–33. Other narrower views of privacy see it as self-determination, intimacy, or a meaningful aspect of interpersonal relationships, personal expression, and choice. See, e.g.

William A Parent, “Privacy, Morality and the Law”, 12 Philosophy and Public Affairs (1983), 269–88. Robert S Gerstein, “Intimacy and Privacy” 89 Ethics (1978), 76–81; Alan F Westin, Privacy and Freedom (Atheneum, 1967); Julie C Inness, Privacy, Intimacy, and Isolation (Oxford University Press, 1992); Charles Fried, An Anatomy of Values (Harvard University Press, 1970); Ruth E Gavison, “Privacy and the Limits of the Law”, 89 Yale Law Journal (1980), 421–71; Adam D Moore, “Intangible Property: Privacy, Power, and Information Control”, 35 American Philosophical Quarterly (1998), 365–78; Ferdinand D Schoeman (ed.), Philosophical Dimensions of Privacy: An Anthology (Cambridge University Press, 1984); Judith W DeCew, In Pursuit of Privacy: Law, Ethics, and the Rise of Technology (Cornell University Press, 1997). Such an individualistic approach to privacy has been criticized by scholarship arguing that greater recognition should be given to the broader social importance of privacy: other than a common value in which individuals enjoy some degree of it, privacy is seen as a public and collective value vis-a`-vis technological developments and market forces, requiring minimal levels of privacy for all. Priscilla M Regan, Legislating Privacy (University of North Carolina Press, 1995). There exists a number of works critical of privacy, too. The so-called ‘reductionist approach’, e.g.

takes the view that the right to privacy is derivative, meaning that it can be explained in the context of other rights without deserving any separate attention. As such, it can be protected through other rights without any explicit protection on its own. Any privacy violation would be better understood as the violation of other more basic rights: ultimately, the right to privacy would merely be a cluster of rights, where these rights are always overlapped by property rights or rights over the person such as bodily security. Judith J Thomson, “The Right to Privacy” 4 Philosophy and Public Affairs (1975), 295–314. For another strong critique of privacy see also Robert H Bork, The Tempting of America: The Political Seduction of the Law (Simon & Schuster, 1990). These

‘reductionist approaches’ have been criticized by a number of commentators: see Thomas Scanlon, “Thomson

on Privacy”, 4 Philosophy and Public Affairs (1975), 323–33; Jeffery L Johnson, “Constitutional Privacy”, 13

Law and Philosophy (1994), 161–93. Another well-known contribution to the ‘reductionist approach’ is that of

difficulty in delineating what remains a broad and at times ambiguous concept, but they also help to set the basis for distinguishing ‘data protection’ from ‘privacy’. At least under EU law – the foreparent and internationally recognised frontrunner of modern data protection legislation worldwide - the two have transformed into distinct, yet complementary, fundamental rights which derive their normative force from values that, although at times overlapping and interacting in many ways, are nevertheless conceptualised independently.

Normatively, this position is explicit in article 16 TFEU which elevates data protection to a

‘provision of general application’ under Title II alongside other fundamental principles of the EU. Equally, with the Treaty of Lisbon, the Charter of Fundamental Rights of the EU has become binding, and in its article 8 it recognises the protection of personal data as an autonomous right distinguished from that of ‘privacy’ in article 7.

Data protection refers to the protection through regulation of personal information pertaining to an identified or identifiable individual (‘data subject’). Individuals do not own information about themselves. Information does not pre-exist to its expression or disclosure but it is always to some extent constructed or created by more than one agent.

Normatively, no proprietary rights exist on personal information. It pertains to an individual but it does not belong to him/her in a proprietary sense. Those who process personal data (‘data controllers’) have the right to do so as long as such processing is in compliance with procedural rules set by law. The objective of data protection law is to protect individuals not against data processing per se, but against unjustified collection, storage, use, and dissemination of the data pertaining to them.

As persuasively shown by Paul De Hert and Serge Gutwirth, data protection cannot be reduced to a late privacy spin-off echoing a privacy right with regard to personal data, but it formulates the conditions under which information processing is

Richard Posner who took an economic, cost-benefit analysis of privacy. He argues that the types of interests protected under privacy are not distinctive. Most of all, nevertheless, the central proposition is that privacy protection is economically inefficient. Protection of individual privacy would be difficult to defend because it does not maximise wealth. On this line of argument, Posner defends organizational or corporate privacy as more valuable than personal privacy, the reason being that the former is likely to improve economic efficiency.

Richard A Posner, The Economics of Justice (Harvard University Press, 1981).

22 Under the Charter of Fundamental Rights of the EU Article 7 provides for the “Respect for private and family life - Everyone has the right to respect for his or her private and family life, home and communications”;

Article 8, instead, deals with the “Protection of personal data - 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3.

Compliance with these rules shall be subject to control by an independent authority”.

23 Antoinette Rouvroy and Yves Poullet, “The Right to Informational Self-Determination and the Value of Self- Development: Reassessing the Importance of Privacy for Democracy”, in Serge Gutwirth S et al (eds.),

Reinventing Data Protection? (Springer, 2009), 45-76.

24 On discussions about individuals not owning information about themselves see Jerry Kang and Benedikt

Bunter, “Privacy in Atlantis”, 18 Harvard Journal of Law and Technology (2004), 230-267; Rouvroy and

Poullet (n 23) 45.

legitimate. While privacy laws derive their normative force from the need to protect the legitimate opacity of the individual through prohibitive measures, data protection forces the transparency of the processing of personal data, enabling its full control by the data subjects where the processing is not authorised by the law itself as necessary for societal reasons.

In short, data protection law focuses on the activities of the processors and it enforces their accountability, thus regulating this accepted exercise of power.

Like privacy, therefore, data protection finds its roots in the idea that democratic societies should not be transformed into systems of power resting on control, surveillance, actual or predictive profiling, classification, social sorting and discrimination. Data protection is not only a matter of individual liberty, intimacy, and dignity of individuals but a wider personality right aimed at developing social identity as citizens and consumers alike. Hence, this author is in agreement with the idea that, although “data protection principles might seem less substantive and more procedural compared to other rights (…) they are in reality closely tied to substantial values and protect a broad scale of fundamental values”

that on many occasions overlap or intersect, but remain separate from those of privacy. For this reason, it also has important connotations for society as a whole and constitutes an important legislative tool to protect collective social goods and fundamental values of a modern democratic order where citizens freely develop their personality and autonomy. Therefore, both privacy and data protection regimes (i.e. seclusion and legitimate opacity on the one side and inclusion and participation on the other) represent a bundle of entitlements and tools to pursue the common goal of a free and democratic society where citizens develop their own personality freely and autonomously through individual reflexive self-determination and for collective deliberative decision-making regarding the rules of social cooperation.

From this perspective, granting to individuals control over their personal information is not only a tool to allow them control over the persona they project in society, it is also a fundamental human right allowing the development of one’s personality in order to fully participate in society without conforming to the dictates of the majority or other commercial interests.

In this

25 Paul De Hert and Serge Gutwirth, “Data Protection in the Case Law of Strasbourg and Luxembourg:

Constitutionalisation in Action”, in Serge Gutwirth et al. (eds.), Reinventing Data Protection? (Springer, 2009), 3-44.

26 On a critical view that data protection acts are seldom privacy laws but rather information laws, protecting data before people, see Simon G Davis, “Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity”, in Philip E Agre and Marc Rotenberg M (eds.), Technology and Privacy: The New Landscape (The MIT Press, 1997), 143-165.

27 De Hert and Gutwirth, (n 25) 44 28 Rouvroy and Poullet, n (23).

29 Ibid.

sense, the rights conferred by data protection legislation are participatory rights of informational self-determination, where the requirement of individual consent for the processing of data becomes a cornerstone unless the processing is necessary, subject to a notice to data subjects,

such as: for the performance of a contract to which the data subject is party; for compliance with a legal obligation of the data controller; in order to protect a vital interest of the data subject him/herself; for a public interest; or in respect of overriding rights of the data controller or third parties.

The concepts of ‘privacy’ and ‘confidentiality’ of disabled persons should be construed in accordance with the previous discussion, alongside more particular rights and obligations conferred by law. The law permits the collection of both sensitive and non- sensitive data for specific, explicit and legitimate purposes, as long as safeguards are observed and the data are adequate, accurate, kept no longer than necessary for the purpose, and secure.

One should note, however, that there is no mention of disability in Directive 95/46 /EC or disability as a condition qualifying the data and their processing under the GDPR. Therefore, the general rules apply.

In synthesis, EU member states shall provide that data subjects are informed of the data processing

and, in perspective, such a notice must be provided “in a concise, transparent, intelligible and easily accessible form, using clear and plain language”.

However, there is an exception where data was not obtained directly from the data subject:

the norm does not apply in respect of statistical, historic or scientific research in circumstances where the provision of the notice would have been impossible or involve a disproportionate effort, or if recording or disclosure is expressly laid down by law. In these cases member states shall provide appropriate safeguards.

Directive 95/46/EC and the GDPR similarly set out the requirements for legitimate data processing of personal data considered as non-sensitive.. A data controller must be able to provide a valid basis for the processing activity only if it can claim that the processing relies on one of the criteria established by law. The set of criteria is exhaustive, so that if a data controller is unable to rely on one of these the processing is unlawful. These are laid down in article 7 of Directive 95/46/EC and reproduced with slight changes in article 6 GDPR:

30 See Art 10 and 11 of Directive 95/46/EC and Art. 13 and 14 GDPR.

31 See Art 7 of Directive 95/46/EC and Art. 6 GDPR.

32 Art 6 of Directive 95/46/EC and Article 5 GDPR.

33 Arts 10 and 11 of Directive 95/46/EC and Articles 13 and 14 GDPR.

34 Art 12 GDPR.

35 Art 11(2) of Directive 95/46/EC and Article 14(5) GDPR.

(a) The data subject has unambiguously given his/her consent.

(b) The data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

(c) The data processing is necessary for compliance with a legal obligation to which the data controller is subject.

(d) The data processing is necessary in order to protect the vital interests of the data subject.

(e) The data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed.

(f) The data processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject, in particular their right to privacy.

Data that reveal the racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life are classified as ‘special categories’ - or ‘sensitive’ data - and follow a tighter discipline. For disabled persons, the relevant category of such data is limited to health data (possibly, with the addition of genetic data by the GDPR).

Within the context of data collection for the purpose of the CRPD, the processing of sensitive data of disabled persons is generally prohibited, unless the data subject has given his/her explicit consent, save where the laws of a member state provides that the prohibition may not be lifted by the data subject's consent (e.g. laws regarding the ability to discern or the validity of freely given consent). However, subject to the existence of suitable safeguards, member states may, for reasons of substantial public interest, lay down exemptions either by national law or by decision of national data protection supervisory authorities – as in the case of data collection for statistical or research purposes.

The GDPR further specifies that the processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health, including disability without the consent of the data subject.

In any event, the GDPR facilitates the collection of sensitive data for statistical

36 Art 8 of Directive 95/46/EC and Article 9 GDPR. Disability is now explicated in the health data by Recital 35 GDPR.

37 Art 8 of Directive 95/46/EC.

38 Recital 54 GDPR.

purposes or research without consent when such processing is necessary

and provided that technical and organisational measures - in particular pseudonymisation - are in place to ensure respect for the principle of data minimisation.

All in all, therefore, it can be maintained that on the one hand data protection law seems to offer safeguards for the collection of disability data, even if the collection of data seems to become easier under the new rules of the GDPR. On the other hand, however, factors such as the limits of a definition of disability in EU law, as well as the lack of legislation or case law resolving real or presumed conflicts between disable people’s data collection and data protection duties, make the safeguarding contours provided by the law blurred.

In order to consider the appropriate safeguards of data protection law it becomes critical to establish what type of data are necessary for the purpose. Without such an exercise the principles of data necessity and minimisation cannot be properly employed. Likewise, the distinction between sensitive and non-sensitive data determines the normative standards for data processing. The problem may be that a common understanding of disability and the data that qualify it are absent. The only definition of disability under EU law was provided in Chacón Navas,

where the Court of Justice of the EU (‘CJEU’) delineated it the context of employment discrimination as “a limitation which results in particular from physical, mental or psychological impairments and which hinders the participation of the person concerned in professional life”.

For any limitation to be regarded as disability, it must be probable that it will last for a long time.

The CJEU further affirmed that its definition of disability is

“autonomous and uniform”.

It is clear that such a definition is based on a medical or individual model of disability, where the cause of the ‘limitation’ is the ‘impairment’ of the individual, and the ‘impairment’ obstructs his/her participation in professional life. However, other views of disability exist, in particular when the medical model is contrasted with a social model of disability based on the failure of the social environment to adjust to the needs and aspirations of people with ‘impairments’ rather than from the inability of people with impairments to adapt to the environment.

39 Art 9 GDPR.

40 Art 89 GDPR.

41 Case C-13/05 Sonia Chacón Navas v Eurest Colectividades SA, ECLI:EU:C:2006:456.

42 Ibid, para 43.

43 Ibid, para 45.

44 Ibid, paras 40 and 42.

45 See e.g. Communication of the Commission on Equality of Opportunity for People with Disabilities of 30

July 1996, COM (96) 406 final, and the Equal opportunities for people with disabilities: a European Action

Plan, COM (2003) 650 final, 4. See also Resolution of the Council and of the Representatives of the

This construction is at odds with the CRPD, requiring the collection of data in accordance with the changes from the medical to the social model, which signal a shift towards the existence or else of barriers in society that could deter the disabled person’s full and effective participation in society on a non-discriminatory basis.

The limits of disability as a nominative pathology under EU law become also apparent if one embraces a genetic model of disability where particular genotypes or DNA information reveal likely future gene mutation that causes or increases the risk of a disorder.

The questions of who is protected by disability laws or laws prohibiting genetic discrimination are problematic and already dominate debates in a number of jurisdictions regarding the approach that regulation should take.

Also, with the increase in medical or technological capabilities of changing or fixing the genetic or non-genetic compositions of human beings, there are questions relating to someone’s categorisation as ‘disable’ under the law – with all the implication that this may also have on their or parents’ choices over cures.

By analogy, therefore, it is argued that the safeguards offered by data protection legislation risk of being compromised in a likely manner.

Moreover, to the extent that there is abundant evidence that people with physical and mental impairments are stigmatised, the stigma of disability demands a critical examination of societies’ beliefs about disability, normality and diversity. The different approaches of the medical and social models of disability may make a decisive difference in protecting disabled persons from stigma. The medical model today dominates excluding other useful approaches to disability. Stigma originating from the social model of disability or other alternative models of disability (e.g. ‘genetic models’) - not all of which protected by legislation - remain a risk to people with disabilities.

In the end, therefore, the minimal conception of disability adopted under EU law arguably appears misaligned with the collection of data required under the CRPD, generating a degree of uncertainty as regards the appropriate safeguards to be employed under data protection legislation.

Governments of the Member States meeting within the Council of 20 December 1996 on equality of opportunity for people with disabilities, OJ C 12 (13 January 1997), 1.

46 See e.g. CRPD Committee, Concluding Observations on the Initial Report of Peru CRPD/C/PER/CO/1 (20 April 2012)

47 Sonia Le Bris, “Give me your DNA, andI’ll tell who you are… or who you will become: questions surrounding the use of genetic information in Europe”, 2(3) Isuma: Canadian Journal of Policy Research (2001), 90-101.

48 Gregor Wolbring, “A disability right approach to genetic discrimination”, in Judit Sandor (ed.), Society and Genetic Information (Central European University Press, 2003), 161-186.

49 E.g. see Jackie Leach Scully, “Disability: stigma and discrimination”, in: David N Cooper (ed.)

Encyclopaedia of the Human Genome (Nature Publishing Group, 2012).