There may be no other fundamental right of the European Charter of Fundamental Rights (ECFR) that raises more questions on the precise object and concept of protection than the right to data protection in Article 8 ECFR. The ambiguous object and concept of protection of Article 8 ECFR leads to several significant problems on both the level of fundamental rights and ordinary law, such as the EU General Data Protection Regulation (GDPR). A prominent example is the principle of purpose limitation. While this principle is seen as a cornerstone of data protection law it has been frequently and passionately attacked and defeated. However, only a few authors make a serious attempt to clarify what this principle exactly means and wants in the context of having a consistent concept of data protection in mind. This superficial debate is emblematic for most data protection law debates. Against this background, the author of this contribution proposes in three consecutive articles to refine the object and concept of the fundamental right to data protection in Article 8 ECFR from the angle of regulating risks of personal data processing against the other fundamental rights. This first part pinpoints the various fundamental problems both on the conceptual level of fundamental rights and on the level of ordinary law (especially of the GDPR) and sheds light on how a re-connection of data protection law to concepts of risk regulation may help clarify the ambiguous object and concept of protection.
