The right to privacy and digital surveillance

THE RIGHT TO PRIVACY AND DIGITAL SURVEILLANCE

Article by Maria Paola Lucca

First published in the Harvard Law Review in December 1890, the paper “The Right to Privacy” represents the cornerstone on which the modern legal institution of privacy rests, considered nowadays as the fundamental right on which individual freedom is based.

If – on one hand – the technological progress has ensured a praiseworthy efficiency on many sides, on the other hand every user has to cope with possibly intrusive devices and systems, with a special reference to the digital identity systems.

1. The legal response to the need of privacy

Ancora 1

Samuel Warren and Louis Brandeis, the two young American lawyers who authored the above-mentioned essay, were the first ones to define privacy as "the right to be let alone": that is the right to enjoy one's own private life.

This leading perspective was progressively broadened by normative and non-normative responses, which tried to provide the most suitable instruments in order to grant the right to privacy itself, originally perceived as a subjective extension of the Lockian right to private property.

Nowadays, International human rights laws provide a clear and universal framework for the promotion and protection of the right to privacy. Specifically, we can mention:

Universal Declaration on Human Rights, art. 12:

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

European Convention for the Protection of Human Rights and Fundamental Freedoms, art. 8:

“(1) Everyone has the right to respect for his private and family life, his home and his correspondence.

(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”

To enhance the individuals’ protection against abuses which may accompany the collection and processing of personal data, the Council of Europe adopted the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, depicted as the first binding international instrument whose aim is also to regulate the transfrontier flow of personal data.

Ancora 2

2. A critical trade–off: privacy v. efficiency

The full implications of the overgoing technological development are now emerging as governments are implementing the digitalization of their services. This initiative is due to a sum of reasons and needs as the one to reduce costs, to increase efficiency in service delivery, and most importantly, to reduce welfare fraud.

Clearly, the different ID systems that we use every day provide an astonishing rapidness, simplification and efficiency in the IT processes. Technically speaking, the legal ID systems provide the proof of a person’s legal identity: an ID system can be considered legal to the extent that it enables an individual to prove who he/she is, using credentials recognized by law as proof of legal identity.

Historically, governments have operated a variety of ID systems to serve different purposes. These can be grouped in two categories:

Fundational Identity Systems: they are designed to manage identity information for the general public, and to provide identity proof for a wide variety of public and private services (i.e. population registries);
Functional Identity Systems: they are designed to meet the need of an individual sector (i.e. The National Health Service in the UK has its own digital Identity System to identify patients and keep records of their treatment).

The direct implication of this efficiency is the risk that users and citizens run, that is to see all their personal datas being lost or stolen because of data breaches that are almost impossible both to prevent and to control without a proper knowledge and sophisticated technological tools.

3. Digital surveillance systems

Ancora 3

Among the ID systems that governments use to provide efficiency, a crucial role is played by the digital surveillance instruments, so the digital and technological systems used by a nation to control its citizens and the life within and out of its borders.

Since in the digital surveillance systems the most common technique is the biometric one, the ERNCIP (European Reference Network for Critical Infrastructure Protection), as a joint research centre of the European Commission, has analyzed the matter of “Biometrics, surveillance and privacy” addressing its research to the European Commission.

As we read in the report, “Biometrics and identity management are becoming increasingly important in securing European society. This is due to the strong growth of mobility accelerated by globalisation and geopolitical changes, such as immigration and the digital economy”.

Biometric technology and biometric information derive from the discriminative characteristics of a person’s body and behaviour.

The operational format of biometric information is the digitised template which “import” a physical representation of a person into an otherwise fully digital environment. The discriminative properties of this representation may depend on the kind of physical characteristics that have been measured (i.e. in certain situations, an iris may contain more discriminative information than a fingerprint, and so it may be more useful for the identification purposes).

Besides, biometric information can be used in different modalities (i.e. facial recognition and keystroke dynamics): whatever it is, governments, law enforcement, forensic and intelligence agencies are using a mix of private and public sources in order to establish identities or to follow people’s traces.

Conclusions

Since we have to deal everyday with biometric technologies which have become essential to perform every simple activity, as unlocking our phone, it has become crucial to make conscious decision, with the awareness that all the data collected can identify the user uniquely and univocally, also from a legal point of view.