D7.4: Implications of profiling practices on democracy

Title: WHAT SHOULD DATA PROTECTION REGULATIONS PROTECT?

Introduction: who is made transparent?

Data Protection is a tool of transparency and at the same time a tool for opacity. The most important observation here is who is made transparent. As long as the default position of data protection legislation is access to information, it seems that it legalises practices that make the European citizen transparent. To a limited extent data protection also creates rights and obligations that allow some measure of transparency of the processing of data. We should, however, not be too optimistic about the effectiveness of such obligations and rights in terms of the transparency they can provide.

In terms of the protection of the delicate balance of negative and positive freedom discussed in section it should be obvious that the transparency that is made possible by means of profiling technologies and the knowledge they produce, could seriously affect this balance. If we were talking about simple collection and aggregation of rather insignificant personal data, this would not be a problem. First, the insignificance would prevent data users from storing such data on a large scale and, second, any massive storage of such data would soon render them inaccessible or unsearchable. However, this is not the case in relation to profiling. To the contrary, profiling technologies are used to make large databases accessible and searchable and, in addition, they do not just search for the data themselves but rather for the patterns and correlations that emerge between them, thus building up a new type of knowledge.

This gives rise to the question whether data protection is in fact an adequate tool for the protection of the special mix of positive and negative freedom, that is the hallmark of democracy and the rule of law. Quite apart from the protection of privacy the question comes up if data protection legislation is an adequate tool for the protection of other objectives, like autonomy, security and equality of European citizens. We will briefly look into each of these issues hereunder, explaining what is at stake in connection with profiling.  

Autonomy

In a liberal perspective – traditionally inspired by some form of voluntarism – liberty is often defined by freedom from constraints in the exercise of choice; it regards the question whether we are in control. Thomas Nagel thus claims: 

‘The boundary between what we reveal and what we do not, and some control over that boundary, are among the most important attributes of our humanity.’

In a less voluntaristic perspective one could claim that constraints are a necessary precondition for freedom. This implies an important difference between liberty and freedom. Liberty has its focus on negative freedom, or absence of constraints. Freedom is more than that, because it presumes the constraints that facilitate both negative and positive freedom and thus recognises that we cannot ‘have’ freedom without constraints. The pertinent question is always about which constraints enhance our freedom and which destroy it, and this question cannot be answered out of context; it does not have one simple answer. Autonomy, which derives from auto (self) and nomos (law), means that I am capable of ruling my own life and participating in the life of others within the parameters that I have set for myself. Thus autonomy is related to the integrity and the identity of the person: am I acting as the kind of person I want to be? This means that I must have some control over the constraints that regulate my interaction with others, especially if they concern boundary negotiations. In that case one may still agree with Nagel, to the extent that what becomes important is which constraints establish our freedom and which destroy it.

Profiling has always been every day’s business. Taking in information and intuitively or reflectively deciding on prototypes (profiles) that facilitate smooth reactions to similar situations is the business of all living organisms. This, however, does not mean that automated profiling technologies do not contain new elements, compared to the ‘old’ ways of profiling. The production of automated profiles, the knowledge they represent and the status of this knowledge will affect our autonomy as it will be used to provide us with risks and opportunities, thus constraining our interactions, while most of the time we shall not be aware of this.

Security

Increasing worries about identity theft and identity fraud may lead to an increased use of profiling technologies. The reason is that while attributed identification, like name, date and place of birth, can be assumed fraudulently, it is very difficult to fake a biographical identification that builds on a dynamic profile, that has been collected and correlated over a longer period of time. This may increase the use of profiling technologies as a means of identification. Security issues may thus lead to enhanced dependence on these technologies.  

At the same time, personalised profiling will cause security problems, in the sense that a personalised profile is a rich source of information and knowledge about a specific individual. It may disclose habits, preferences and opinions that allow the data controller to manipulate the data subject to an extent previously unknown: especially as her profiles may contain insights about her self that she is not aware of (besides not being aware that and who have her profiles). While this impacts the autonomy of the data subject and her privacy, it may also affect her security, especially in the case of unauthorised use. Art. 17 of D95/46 EC stipulates, data controllers and data processors have certain obligations to ensure the security of the personal data they hold and process.

Privacy

The impact of profiling technologies on privacy has been extensively discussed in section , indicating the effects on the balance of negative and positive freedom that is constitutive for our democracy and the rule of law. Privacy relates to identity: the legal person is an artificial construction to shield the person of flesh and bones from undesired intrusions, while at the same time the legal person enables one to hold people accountable for their actions (liability and criminal guilt). Privacy is protected by a variety of individual rights – for example, D95/46 EC, art. 12, which grants a series of rights to access data; by a variety of obligations and prohibitions for the data controller – for instance D95/46 EC, art. 8, 10, 11; and by means of remedies, liabilities and sanctions in case of infringement of relevant provisions – D95/46 EC, art. 22, 23, 24.  

Equality and fairness

Perhaps the most pervasive effect of profiling will be that autonomy, privacy and security become privileges, depending on a refined and dynamic categorisation of citizens. As Lawrence Lessig writes: 

All social hierarchies require information before they can make discriminations of rank. Having enough information about people required, historically, fairly stable social orders. Making fine class distinctions (…) required knowledge of local fashions, accents, customs, and manners. Only where there was relatively little mobility could these systems of hierarchy be imposed. 

As mobility increased, then, these hierarchical systems were challenged. Beyond the extremes of the very rich and very poor, the ability to make subtle distinctions of rank disappeared as the mobility and fluidity of society made them too difficult to track.  

Profiling changes all this. An efficient and effective system for monitoring makes it possible once again to make these subtle distinctions of rank. Collecting data cheaply and efficiently will take us back to the past.

Some of us may be confronted with enhanced opportunities to take charge of one’s own life (autonomy), while others will be left behind without an adequate understanding what is going on and/or without the tools to resist the categorisations they may not even be aware of. Constitutional democracy builds on citizens that can exercise their positive and negative freedom in an equal way. Such equality promotes the kind of fairness inscribed in the architecture of constitutional democracy: it aims to provide ‘equal bargaining power’ or ‘equality of arms’. Profiling may lead to a situation where the space to negotiate the borders between self and other (privacy) depends on categorisations produced by sophisticated profiling techniques. Also, as far as security is concerned, profiling may lead to attribution of certain risks to certain categories of people, rather than to others, or it may lead to discrimination of certain categories of people because of the risks they are supposed to run. In short, profiling may enable those that profile to destabilise the equal distribution of public goods that are constitutive for our democracies: autonomy, privacy and security.