Currently—despite the differences between, for instance, the British, the Dutch, and the Spanish data protection acts—the consensus concerning sensitive data cannot be ignored. All the acts give sensitive data a special status. Thus in October 1995, when the EU adopted the Data Protection Directive, most member states had already subjected sensitive data to special rules, in many cases influenced by the Council of Europe. Not surprisingly, the directive confirmed that countries must handle sensitive data in a clearly distinct way. Countries like Austria and Germany, which had consistently rejected all abstract categorizations of personal data, for the first time expressly recognized the existence of sensitive data.

Paradoxically, the longer the list of laws governing sensitive data, the more questions are raised regarding the precise range of sensitivity and the credibility of a pointedly prohibitive approach. The situation seems to be clear when requesting restrictions on data covered by countries’ constitutions, such as people’s racial origins, political opinions, or religious beliefs, or dealt with in specific regulations, such as the state of people’s health. The data protection laws simply uphold popular demand and, at the same time, underscore citizens’ expectations that others’ use of all such data will be prohibited. However, once the intent has to be transformed into concrete directions for the various processing operations, abstract references to sensitive data quickly prove untenable.

To remain credible and transparent, regulations must resist the temptation to declare that any processing of sensitive data is prohibited. All they can ask for is adequate protection. Lists of what is considered sensitive must be phrased unambiguously and in a way that they can be added to or replaced.

Furthermore, current lists of exceptions should be reduced to a few exhaustively enumerated and precisely defined cases. The seemingly incontestable exception heading every list, that is, the consent of the individual or data subject, is anything but convincing. Consent is, contrary to still widespread views, not a master key that opens all doors to any data that someone else might want to access. Employment relationships are only one of many examples that demonstrate how consent can be coerced. The chances of interfering with and influencing the processing depend essentially on the circumstances under which data subjects are asked to agree. Hence, both national laws and international documents, such as the International Labour Organisation’s Code of Practice on the Protection of Workers’ Personal Data, deliberately exclude consent whenever employers intend to use data regarding criminal convictions or genetic information, for example.

Probably the most critical items on the exception lists are clauses that legitimize access for public interest reasons or to combat criminal activities and to safeguard public security. Terms like public interest or public security are in reality a carte blanche that permits bypassing all restrictions. The references to both are, therefore, usually followed by a statement specifying that the conditions of access have to be regulated by law. However, all such provisions address merely the form, but not the substance, of the prospective rules. Therefore public interest and public security remain an inexhaustible source of interventions that adapt the processing of sensitive data to government policies.

Thus the crisis facing traditional social security systems has steadily intensified efforts to obtain ever more health data, not only to establish a solid database for the urgently needed reduction of increasing health care costs, but also to devise measures meant to persuade individuals to buy fewer medications and to reduce the number of visits to doctors.

To sum up, provisions governing individuals’ sensitive data that contain no more than a few general terms mean a risk of access to citizens’ personal data. Moreover, they openly contradict legislators’ stated intent to restrict the processing of sensitive data. The concept of sensitivity is reduced to an ornamental function, whereby access can readily be broadened. While exceptions cannot be avoided, however justified they may appear to be, they cannot be permitted as long as their wording is imprecise, their purposes and consequences are not clearly defined, and the data asked for are not confined to information that is clearly necessary and its use limited to unmistakably defined users.