Having found myself in the audience of talks on privacy (and surreptitiously trying to cover up my privacy-offending activity tracker), I was delighted to delve further into the world of Data Protection. A new book by Maria Tzanou, entitled The Fundamental Right to Data Protection: Normative Value in the Context of Counter-Terrorism Surveillance, lays out the case for data protection as a fundamental right and explores case studies to test this right.
The book focuses on surveillance, as a key counter-terrorism tool, and introduces the rather disturbing term, ‘dataveillance,’ which is defined as “the systematic monitoring of people’s actions or communications through the application of information technology.” The text discusses the definition of privacy as an important conceptual framework. Part I of the book sets out theoretical aspects and Part II focuses on four case studies of EU counter-terrorism data surveillance. As the author puts it, the book seeks to examine current theories and details three important limitations the fundamental right to data protection faces, “its interconnectivity with privacy, its linking with secondary legislation and the elusiveness of its content.”
I was drawn to a discussion on approaches to data protection, which strongly mirror the approaches to intellectual property. Tzanou classifies these approaches as the economic approach and the fundamental rights approach. Using an economic approach, information is assumed to have economic power. International data flows can therefore be problematic as, Tzanou notes, the OECD has highlighted that data flows could lead to a loss of national sovereignty. However, the OECD’s mandate is to promote economic growth, meaning that the majority of OECD efforts have been devoted to enabling the free flow of information. In contrast, the fundamental rights approach, which is the EU approach, also originally stems from economic concerns (the single market) but adds a recognition of the right to privacy. As a result, data protection is considered a fundamental right, which is covered in the EU by the respect for private and family life, and protection of personal data.
In the empirical chapters, Tzanou looks at metadata surveillance, travel data surveillance, financial data surveillance and internet data surveillance. In travel, Tzanou examines in detail the history and development of airline passenger screening. In the U.S., the screening of airline passengers began in the 1960s and the author takes the reader through the various permutations of the US approach to the current iteration of “Secure Flight.” Unfortunately, the entire process is cloaked in secrecy and there is very little transparency as to how data translate to labeling passengers as cleared to fly, selected for additional screening, or no-fly. Tzanou describes the tensions between the US and EU, which put “EU airlines between a rock and a hard place,” as US transportation security requirements contravene EU data protection – an ongoing saga.
The chapter on internet data surveillance starts off with, naturally, Snowden. Here again sovereignty comes up as security agencies in the US, with UK participation, secretly gather mass communications information held by large US tech companies – circumventing legal processes and borders. Tzanou looks at these issues in relation to Safe Harbour, the Schrems case, Privacy Shield and others. It’s enough to make the average reader want to learn to use Tor.
The Fundamental Right to Data Protection will appeal to the IT and data legal enthusiast. The book is published by Bloomsbury Publishing and is available here.
The original version of this article was posted on the IPKat by Nicola Searle. It has been reproduced under a Creative Commons CC BY 2.0 UK Licence.
The difficulty with data protection is that in order for Google, Amazon and Facebook to be able to give you a better experience they need to collect information about you to do this. Does this mean we should stop using the internet if we don’t want our information to be collect as almost every site these days wants to download a cookie before allowing you to access the information on the page. I am beginning to feel as though I need to create a false identity and have a special device just for the internet so I can surf the net without having my data collected.