Title: .A.2. THE OBLIGATION TO INFORM

The right to be informed about data collection will be discussed in the section on the rights of the data subject. However, as it is not literally included in the articles of the directive this right is more or less inferred from the obligations of the data controller to give information to the data subject (article 10 and 11 of D95/46 EU). It can also not be deduced from the right to give consent (see infra), because the individual’s explicit consent must not be obtained in all circumstances. Consent is for example not needed when the collection is necessary to protect the vital interests of the data subject (article7.d.) or when the processing is necessary for the performance of a contract to which the data subject is party (article8.7.b.).

Section IV of the directive implicitly refers to a right to be informed by indicating the kind of “information to be given to the data subject” in case of data collection. This would imply that data subjects have to be informed every time their data are collected. This raises interesting issues in the context of AmI, as in a networked environment envisioned by the AmI vision, data are collected continuously and everywhere. Does it mean that the data subject must be informed constantly? If so, law could be a difficult partner for AmI in a vision that presumes an environment that automatically adapts to the inferred user’s preferences.  

As a solution, one could argue that data subjects should reasonably expect that their personal data will be collected and processed in certain circumstances, e.g. with camera surveillance in public places. Still the right to be informed remains important in sensor networks (a kind of Ami environment), as it relates to informational self-determination. A subject should have the right to know whether services offered, are the product or consequence of profiling practices. If this right does not exist, we cannot detect what motivates our service providers, and - in the end - we cannot check to what extent they profile us to adapt to our preferences and to what extent they adapt us to their preferences.

This problem could maybe be tackled by attributing a right to anonymity: the data subject should always have the right (and therefore the technological possibility) to be anonymous and to not to be subject to personal data collection, for example by switching off his online communication device in order to remain in his private offline sphere. However, the right to anonymity does not solve the problem completely because the collection of identified characteristics from anonymous people may still lead to a loss of self-determination.

One way to increase legal certainty would be to legislate that when the data subject’s online communicator (a mobile phone, an interactive television set, a car, …) is switched on, data procession can take place without notification. This would render explicit and define the reasonable expectation of data processing in data protection legislation.  

This last solution only applies to communications between personal digital devices and AmI environments. It does not stop AmI environments from collecting data by means of sensors, as such data flows cannot be switched off by the data subject. Consequently, subjects may also want to have the right to pull the plug out of the AmI environment(s) itself. This is however not possible in public AmI environments.