Realizing the Fundamental Right to Data Protection in a Digitized Society Jörn Reinhardt Abstract Article 8 of the EU Charter of Fundamental Rights (CFR) guarantees the protection of personal data and sets forth the main principles of data protection. This chapter explores the implications of this fundamental right for a digitized society. First, it addresses specific problems of the understanding of Article 8 CFR. This includes the concept of data protection as a fundamental right itself: What are the (tangible) harms of data processing? What is the object of protection? Further, it elaborates on its meaning and scope with respect to private parties. According to Article 51 CFR, the provisions of the Charter are addressed to the institutions and bodies of the Union and the Member States when they are implementing Union law. Private parties are not explicitely mentioned. However, fundamental rights standards of data protection apply also to private companies. As a fundamental right, Article 8 CFR produces a “horizontal effect”. Despite several decisions of the Court of Justice of the European Union (CJEU), in particular the Google Spain judgement, the conceptual frame and the scope of the horizontal effect remain unclear. In order to clarify the possible effects of Article 8 CFR between private parties, it is necessary to explicate the doctrinal grounds on which these effects can be construed (direct and indirect horizontal effects, negative and positive obligations). On this basis, the chapter highlights regulatory implications for the data economy. 1 The General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—GDPR), which came into force in May 2018, was certainly a major landmark. However, the process of “modernizing” data protection legislation is ongoing and concerns a variety of projects on the level of secondary EU law. In particular, data protection and e-privacy aspects still need to be coordinated. The reform of the e-privacy directive is not yet completed. J. Reinhardt (B ) University of Bremen, Bremen, Germany e-mail: joern.reinhardt@uni-bremen.de © Springer Nature Switzerland AG 2022 M. Albers and I. W. Sarlet (eds.), Personality and Data Protection Rights on the Internet, Ius Gentium: Comparative Perspectives on Law and Justice 96, https://doi.org/10.1007/978-3-030-90331-2_4 55