The right to privacy is a pre-requisite of the EU Directive 95/46/CE ? and not its object. Art. 1 states it loud and clear:
1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.
This means that that calling the data protection-related directive – as well as the upcoming new regulation – “privacy law” or whatever similar is not just a terminology’s mistake but an error with actual (and costly) consequences negatively affecting companies’ budget allocation, legal compliance and marketing capabilities.
Under the EU data protection legal framework, companies are not required to protect “privacy” as such, but only to handle personal data on a “need-to-know” basis provided that fundamental rights are not endangered. This has nothing to do with the “hush-hush” attitude commonly “sold” by “expert” consultants summoning the right to privacy as a threatening devil to haunt a company.
Stop using “privacy” as a substitute for “data protection” and your (corporate) life will keep smiling at you again.