Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- D7.2: Descriptive analysis and inventory of profiling practices.
- D7.3: Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence.
- D7.4: Implications of profiling practices on democracy.
- D7.6 Workshop on AmI, Profiling and RFID.
- D7.7: RFID, Profiling, and AmI.
- D7.8: Workshop on Ambient Law.
- D7.9: A Vision of Ambient Law.
- D7.10: Multidisciplinary literature selection, with Wiki discussion forum on Profiling, AmI, RFID, Biometrics and Identity.
- D7.11: Kick-off Workshop on biometric behavioural profiling and Transparency Enhancing Technologies.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D7.4: Implications of profiling practices on democracy
The default positions: privacy as an opacity tool and data protection as a transparency tool
The illustration of the difference between transparency and opacity tools by the comparison of Articles 7 and 8 of the Charter shows that we have a good reasons to dig deeper into the distinction between privacy protection as an opacity tool, and data protection as a transparency tool.
Privacy as an opacity tool. Default position: prohibitive protection of autonomy against (excessive) steering
Privacy legally translates the political endeavour to ensure non-interference (or opacity) in individual matters. It is embedded in the contemporary democratic constitutional state, the values of individualism and the constitutional separation between state and church. It is also intimately linked with the idea that individuals are entitled to unshackle themselves from tradition, social conventions or religion and dissociate themselves, up to a point, from their roots and upbringing. Privacy, negatively stated, protects individuals against interference in their autonomy by governments and by private actors. It is a fundamental notion for a society that wants to limit power relationships.
But privacy also functions positively. Being the legal concept that embodies individual autonomy, it plays a quintessential role in a democratic constitutional state based upon the idea that its legitimacy can only result from a maximal respect of each person’s individual liberty. Privacy protects the fundamental political value of a democratic constitutional state as it guarantees individuals their freedom of self-determination, their right to be different and their autonomy to engage in relationships, their freedom of choice, their autonomy as regards - for example - their sexuality, health, personality building, social appearance and behaviour, and so on. It guarantees each person’s uniqueness, including alternative behaviour and the resistance to power at a time when it clashes with other interests or with the public interest.
In literature the close bond between the negative and positive functions of the right to privacy and its necessity for political life has been rightly stressed. Within Arendt’s and Habermas’s construction of the public sphere, a space for individuals is provided to develop their own identity and ideas in order to engage in public life. The ideal of a ‘public’ government necessarily entails its opposite: a ‘private’ sphere, protected from public intervention. This significant role of privacy, instrumental to the building of the citizen, should also be understood in the light of Michel Foucault’s argument that all power relationships presuppose a tension between the power and the individual resistance it appeals to. Power as a behavioural conduit - une conduite des conduites - always implies a moment of resistance, namely the moment when individuals consider behavioural alternatives. Foucault sees power as the relation between individuals, when one steers the behaviour of the other, even though the other has the freedom to act differently. Power in this sense is a strategic situation that leads individuals to behave in ways to which they would not spontaneously commit themselves. Resistance, Foucault writes, is always at the heart of the balance of power. And it is precisely at this elementary level that privacy comes in, since personal freedom embodies behavioural alternatives other than those induced by the power relation. In other words, privacy is the legal recognition of the resistance to or reticence towards behaviour steered or induced by power. From this point of view, privacy in a constitutional democratic state represents a legal weapon against the development of absolute balances of powers, again proving privacy’s essential role in such a state.
Before going any further it is necessary to recall that affirming the essential role of privacy does not at all imply that privacy and the freedom it protects are absolute or inviolable values. On the contrary, notwithstanding privacy’s core importance it is clear that it is a relatively weak fundamental right. Actually, not a single aspect of privacy takes absolute precedence over other rights and interests. That includes confidentiality of the mail, physical integrity and control over personal information. Never does an individual have absolute control over an aspect of his/her privacy. If individuals do have the freedom to organise life as they please, this will only remain self-evident up to the point that it causes social or inter-subjective friction. At that stage, the rights, freedoms and interests of others, as well as the prerogatives of the authorities, come into play. The friction, tension areas and conflicts create the need for a careful balancing of the rights and interests that give privacy its meaning and relevance. This shows clearly that privacy is a relational, contextual and per se social notion which only acquires substance when it clashes with other private or public interests. It is not an absolute value and it can be restricted when balanced against other interests (rights of others, law enforcement, public health, …) and under a number of conditions (such as e.g. legality of the restriction, which indeed points in the direction of a concern for transparency).
Data protection as a transparency tool. Default position: regulation of the processing of personal data
‘Data protection’ is a catch all term for a series of principles with regard to the processing of personal data. Through the application of these principles governments try to reconcile fundamental but conflicting values such as privacy, free flow of information, governmental need for surveillance and taxation, etc. The basic principles of data protection are spelled out in the international legal data protection texts produced by institutions such as the Organisation for Economic Cooperation and Development (OECD), the Council of Europe and the European Union. Each of these organisations produced what has become a classic basic data protection instrument, respectively the OECD Guidelines, Treaty 108 and the Data Protection Directive. As we have said, the EU has included the right to data protection in the European Charter of Fundamental Rights and the Draft Constitution (supra).
Generally speaking, data protection provides for a series of rights for individuals such as the right to receive certain information whenever data are collected, the right of access to the data, and, if necessary, the right to have the data corrected, and the right to object to certain types of data processing. Also, these laws generally demand good data management practices on the part of the data controllers and include a series of obligations: the obligation to use personal data for specified, explicit and legitimate purposes, the obligation to guarantee the security of the data against accidental or unauthorised access or manipulation, and in some cases the obligation to notify a specific independent supervisory body before carrying out certain types of data processing operations. These laws normally provide specific safeguards or special procedures to be applied in case of transfers of data abroad.
In principle, data protection is not prohibitive. On the contrary, in the public sphere, it is almost a natural presumption that public authorities can process personal data as this is necessary for the performance of their statutory duties, since, in principle, public authorities in democratic societies act on behalf of the citizens. The main aims of data protection consist in providing various specific procedural safeguards to protect individuals and promoting accountability by government and private record-holders. Data protection laws were not enacted for prohibitive purposes, but to channel power, to promote meaningful public accountability, and to provide data subjects with an opportunity to contest inaccurate or abusive record holding practices. The rationale behind data protection in the public sector is the knowledge that authorities can easily infringe privacy and that in all administrative systems there is an urge to collect, store and use data, an urge which must be curtailed by legal regulation. A similar rationale explains the European option to regulate processing done in the private sector.
Data protection regulations thus mainly belong to category of transparency tools, as opposed to the protection of privacy that pertain to the tools of opacity. The wording of the data protection principles (the fairness principle, the openness principle and the accountability principle, the individual participation principle, …) already suggest heavy reliance on notions of procedural justice rather than normative (or substantive) justice. The data protection regulations created a legal framework based upon the assumption that the processing of personal data is in principle allowed and legal.
Nevertheless, a number of exceptions exist. For instance, a prohibitive rule applies to ‘sensitive data’ (data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual preference). The underlying motive is that the processing of such sensitive data bears a supplementary risk of discrimination. The prohibition is nonetheless never absolute but derogations are (in principle) only possible in strictly defined circumstances, for example for reasons of national security. Another example can be found in Article 15 of the Data Protection Directive. This article proscribes decision making affecting persons solely on the basis of profiles. But again, both prohibitive features are accompanied by numerous exceptions that do not set strong and clear-cut limits to the targeted actions.
Denis Royer | 6 / 45 |