Title: CORRELATABLE HUMANS, PROFILING AND DATA PROTECTION.

Correlatable humans, profiling and data protection.

Both the FIDIS deliverables 7.2 and 7.3, and Mireille Hildebrandt’s next chapter of this deliverable (7.4.) describe that over recent decades, individual and group profiling capacities have exponentially grown as a result of both the huge advances in technology and the increasing availability of readily processable data and traces. Today, an individual -consciously and unconsciously, voluntarily and involuntarily- leaves a vast amount of processable and thus correlatable electronic traces in his wake. The use of Internet, mobile telephones, electronic financial systems, biometric identification systems, radio frequency tags, smart cards, ubiquitous computing, ambient intelligence techniques and so forth, all participate in the spontaneous and automatic generation of correlatable data. Add to this the use of still more pervasive and powerful data mining and tracking systems and the ‘correlative potential’ increases again. Such a ‘correlative potential’ can spawn an unlimited amount of profiles which in principle enable a permanent real-time analysis of the conduct of individuals and the affirmation of evaluations of and predictions about their behaviour, sensibilities, preferences, identity, choices, etc. ad infinitum. Such profiles can be used both by private (marketing, insurances, employment, private security) and public actors (crime and terrorism fighting, preparation of decisions, elaboration of tailor-made services, CAPPS II, …). We believe that these evolutions represent more than mere quantitative changes: they induce a significant qualitative shift that we have chosen to describe with the notions of ‘correlatable human’ and/or ‘traceable or detectable human’. This requires some explanation.

The scientific and statistical approaches of the 19th century were prestructured or stratified in the sense that human scientists and policy makers were searching for explicative etiological schemes: they choose to investigate the populations from the perspective of certain parameters which they believed to be relevant and pertinent. In other words, the correlations established were the result of an oriented questioning; they were measurements meant to be meaningful and unravelling. Research parameters were preliminarily stratified in function of their presupposed pertinence. Lombroso researched the skulls of detainees, Quetelêt their social backgrounds, because they each believed that this parameter could provide an aetiology of criminal behaviour. In other words: the correlations established by 19th century scientists were the result of an oriented questioning: the chosen parameters or variables were presupposed to explain the problem at hand. Today, however, such preceding questions (and the structuration/stratification of parameters they imply) are no longer needed to organise the search for correlations. On the contrary, it seems that the emergence of a correlation as such has become the pertinent or interesting information, which in its turn will launch questions, suppositions and hypotheses. Things are going the other way around now: the upsurge of a correlation is the information, in scientific practice to begin with, but of course also in a growing number of practices in economic, social and cultural life.

In this context Isabelle Stengers evoked the image of the bubble chamber: a bubble chamber is a container full of saturated vapour such that if you have an energetic particle travelling through it, its many successive encounters with a gas molecule will produce a small local liquefaction: quantum mechanics tell us that we cannot define the path of a particle but, because of the bubble chamber, we can ‘see’ its ‘profile’. According to this metaphor there is an unlimited number of detectors and detections surrounding us, as we act and live. Hence, we leave traces and ‘profiles’ which allow others to ‘see’ us. Compared to the 19th Century ‘average human’, this is the new point: the human is no longer identified and grasped in terms of meaningful, stratified categories only: (s)he is detectable and retraceable, and thus ‘correlatable’. The fundamental difference is that detections are much wider than measurements responding to addressed questions: independently, detections are a-signifiantes; they do not (yet) have a specific meaning, but they can acquire a meaning as a result of the questions and concerns of the one who uses them. Detections may correspond to measures, but first of all they are indeterminate.

To us, the advent of data protection law is related to an intuitive understanding of this shift by legislators because it organises the protection of all data related to a person without any distinction as to such a thing as their inherent level of ‘privacy-sensitivity’. Data protection law is indifferent to this parameter as it only applies to personal data, even if these are (still) a-signifiantes. It is enough that the data relate to an identifiable person. Data protection thus applies because the legislator sensed that the existence and availability of so many correlatable traces surrounding individuals are in themselves a substantial threat to things we do care about and, more precisely, for the negative freedom which is at the core of the democratic constitutional state. But the legislator did not, in a principled way, prohibit the detections and the collection of traces, because that would have been far to radical and incompatible with existing practices. On the contrary, the legislator did not prohibit these activities, but submitted them to the transparency rules of data protection (cf. supra). We contend that the invention of data protection is not only contemporaneous with the birth of the potential for the automated detection of individual traces, but also that it formulates a legal response to the problems caused by these developments.

The data protection law elaborated in the 1970s thus provided a legal response to the questions raised by the pervasive collection and processing of the clouds of indeterminate data left by actors. This attests a redistribution of the legal approaches to these issues: prohibitive opacity rules within data protection still apply to determinate personal data which do answer stratifications or prestructured questionings. Think of data concerning race, religion and political affiliation. Indeed, these data additionally bear an immediate danger of discrimination. On the other hand, the transparency rules of data protection apply to the indeterminate detections that have not yet effectively been used and mobilised, but which bear a strong virtual potential for discrimination and stigmatisation of individuals and customisation of their conduct.  

Data protection rules apply on profiling techniques (at least in principle). The collection and processing of traces surrounding the individual must be considered as ‘processing of personal data’ in the sense embodied in existing data protection legislation. Both individual and group profiling are indeed dependent on such collection and processing of data generated by the activities of individuals. Without collecting and correlating such personal data, no profiling is thinkable. And that is precisely why, in legal terms, no profiling is thinkable outside data protection.