We have entered a new phase of debate about privacy – about its sociological definition and ethical value vis-à-vis contemporary communications technologies and the behavioural changes connected to them; about the political value of privacy as a civil right, in the light of secret-service surveillance of the Internet and the securitization of the public sphere; about privacy as a consumer right, given Internet companies’ customer profiling and the marketization of personal data; and accompanying all of these, about the legal definition of privacy, how it should be protected by laws and how those laws should be enforced.
Clearly, privacy understood in classical liberal terms as a right of withdrawal from the public sphere or “right to be let alone” by the state is no longer adequate to the diversity of fields of social activity opened up by the Internet. If the right to privacy and personal autonomy exists, so to does a right to free participation in social life, which today entails using digital media. The injury to democratic society brought by a collective loss of privacy cannot be resolved through insistence on separate spheres of state and society, public and private.
On the other hand, as the NSA leaks in 2013 brought home, liberal rights retain a core validity. As William E. Scheuermann writes in his article, Edward Snowden was able to his establish credibility for his actions as a case of civil disobedience by referring to constitutional protections of individual freedom against state tyranny. According to Scheuermann, Snowden’s current predicament makes clear that the jurisdiction of individual civil rights must be extended from the national to the global level.
It is not information technologies per se that endanger privacy, but the disparities of social power that emerge from the concentration of knowledge they facilitate. That much was already recognized forty years ago, when electronic data processing became ubiquitous in government to meet the planning challenges of modern, socially complex welfare states. The concept of “data protection” was developed in response to the threat of data misuse by the public authorities, particularly the de-anonymization statistical data – a threat that was by no means new, but that was magnified immeasurably by the processing and aggregating capacities of the new computer technology.
In his seminal work Privacy and Freedom (1967), the US constitutional lawyer Alan Westin defined the right of privacy in the computer age as “the claim of individuals […] to determine for themselves when, how and to what extent information about them is communicated to others”. In Europe, Westin’s concept was taken up and developed by a generation of politicized jurists and information scientists, particularly in West Germany. The innovation of data protection was to move the definition of privacy away from notions of “retreat” and “refuge” towards those of “action”, “participation” and “communication”. Made equivalent to data autonomy, or “informational self determination”, privacy became a prerequisite for social and political freedom and thus of democratic functioning.
However, several key developments in connection with the rise of the world wide web have caused the concept of data autonomy to become a limited instrument with which to confront range of new threats to privacy. In a digital public sphere whose infrastructure is under private ownership, “classical” state surveillance combines with new forms of commercial data profiling and traffic filtering. To meet the civil rights threats posed by this new constellation of power, concepts of entitlement need to be developed and deployed that combine rights of privacy with those of communication and freedom of information. The principle of net neutrality has emerged as precisely such a composite “digital rights” concept. In his article, Joe McNamee, the director of the European Digital Rights initiative, explains the political and structural developments that have prompted the call for net neutrality.
Another development brought by the explosion of data-volumes held online is the issue of data security, in other words the protection of data against unauthorized, illegal or criminal use. Here the issue is not whether a right of privacy can be legally claimed, so much as how that right can be enforced given the inherent vulnerabilities of web-based data. Informational privacy becomes dependent on the encryption of communications; until now introduced at user-end, encryption is increasingly becoming a default technology or aspect of “privacy by design” (built-in privacy protections). Nevertheless, a coalition of interests in the private and public sectors also creates hostility to encryption: as Joe McNamee writes, encryption presents a hindrance to the marketization of data, something that states are happy to allow, since they also benefit from the identifiability of data. The danger is then that data security becomes a marketable commodity; that online privacy ceases to be a basic standard of the open web but is sold to users as a “special service”.
In terms of implications for privacy, the marketization of personal data is probably the single most significant development brought by the web. It is the social networks that are the major exploiters of the economic potential of mass social data, although access providers are catching up. In his article on social networks and the science of Big Data analysis, the media scientist Ramón Reichert describes Facebook as “a company-controlled social media platform with a primary interest in a user-generated data flow”. Today’s social media, he argues, represent the most important source of knowledge for control and governance. Not only do social media act as an indicator of “good government”; government itself adapts to the “moods” divined by the data analysts at the “back-end” of social networks. The meta-knowledge derived from Big Data analysis creates a digital divide not only between users and programmers, but also between “industry” and public-interest science. In this context, the value at stake is less the privacy of the individual web-user, so much as transparency and the equal distribution of knowledge derived from aggregated personal data.
This shift of focus away from individual rights of privacy to structural inequalities facilitated by Big Data analysis responds to the fact that, in the case of social networks, personal data are voluntarily released. Reichert uses the term “participatory surveillance” to describe the co-opting of individual consent in processes of governance and social control. As the biometric and sensor-technology connected to mobile devices enable the personal and physical self to be tracked with ever greater proximity, this monitoring of the social becomes all the more pervasive, so that the term “bio-surveillance” is apt. The question becomes not so much how to protect individual privacy from individuals themselves, with the paternalist associations that brings, as what participatory surveillance means for the constitution and preservation of social and economic power.
Elmar Altvater‘s political-anthropological perspective on the implications of NSA leaks steps outside the usual parameters of the privacy debate. For him, the worldwide spying operation is about more than security and counter-terrorism; rather, it forms part of a geo-engineering strategy aimed at controlling the global flow of information on issues that will determine the global future. Attempting to reign in the US security services by appeals to reason ignores that human rights law has failed to restrain these over the last fifty years. Opposition to secret service surveillance must therefore combine historical experience with a grasp of the significance of the planetary data theft for the “geological” future.
Unquestionably, privacy is a global issue: developing a privacy framework in keeping with technological development in societies such as China or India will be a major challenge of the future. In the global campaign for data protection and digital rights, European standards can serve as a point of reference. Nevertheless, privacy law is far from being a shoe-in in Europe: as a number of recent developments show, it is among the most controversial policy areas there are. These developments include:
1) The ongoing process within the EU to agree on the Data Protection Regulation, which would replace, update and in key respects strengthen the current 1995 Directive. Most significant is its creation of a centralized European data protection authority, which would prevent international companies exploiting weaker jurisdictions. The political importance of this piece of legislation is demonstrated by the fact that the members of the parliamentary Committee for Civil Liberties, Justice and Home Affairs responsible for drafting the bill have been subject to an unprecedented degree of lobbying, overwhelmingly from the private sector and MEPs acting in its interests. A “strong” draft agreed by the European Parliament before the end of the legislative period in 2014 is currently held up in the Council of Ministers. The form the Regulation finally takes will determine European data protection arrangements for the private sector for the foreseeable future.
2) The decision of the European Court of Justice in April 2014 that overruled the EU’s 2006 Data Retention Directive. Preparations are now underway for a new data retention directive. It remains to be seen how pressure from member states in favour of greater state surveillance powers – such as the UK, which in September 2014 flouted the ECJ ruling in order to pass its own “emergency” Data Retention and Investigatory Powers Bill – makes itself felt in the new directive. As opposed to the debate on the Data Protection Regulation, opposition to which comes from industry, this issue is essentially one of national sovereignty on security policy.
3) The ECJ’s recognition of a “Right to be Forgotten” in May 2014. Many have claimed the RTBF clashes with freedom of speech and information, ranging from the liberal press and Wikipedia, to major aggregators such as Google with huge lobbying resources at their disposal. In practice, however, the RTBF has so far been brought to bear primarily on social media sites rather than media outlets with a clear public interest role. Nevertheless, concerns that the Internet companies are poorly suited to adjudicating on RTBF claims are well-founded. The draft Data Protection Regulation also contains guarantees of a right to be forgotten; that the RTBF develops in conformity with other informational rights will be crucial.
4) The Transatlantic Trade and Investment Partnership (TTIP) negotiations between the EU and the US and the multilateral negotiations on the Trade in Services Agreement (TiSA) that would replace the GATS agreement. As Ralf Bendrath, senior advisor to MEP Jan-Philipp Albrecht, explains in his article, the EU has seen heavy pressure on Europe to relax its restrictions on data sharing with non-EU countries. Here, EU data protection arrangements have been criticized as illegal trade barriers, an argument that, were it to prevail, would mean the subordination of fundamental rights to economic interest.
As the title of this focus suggests, to claim a right of privacy is to insist on a European value. This is not to say that privacy pertains to Europe alone, of course. Undoubtedly, rights of privacy are inseparable from a certain liberal tradition in Europe: one that has been hard fought and is by no means assured. Yet privacy is not a cultural given. Rather, it is an argument that needs to be put to power. If privacy standards can be legally established and defended in Europe, then those standards can be invoked worldwide.