The Surveillance Triangle: Authorities, Data subjects and Means
By Francesca Galli, Vigjilenca Abazi, and Maja Brkan
The conference did not aim to address only the classic privacy-security dilemma regarding data subjects, but sought to take a broader perspective on surveillance issues, encompassing also challenges that authorities face and legal questions relating to means of surveillance. Thus, the legal question at the forefront of the discussion was: Is it possible to create legal regimes where security is optimally safeguarded and, on the other hand, the fundamental rights to privacy and data protection are respected in a proportionate manner? While this might seem a rhetorical question, the conference approached the issue from the innovative perspective of how surveillance affects and is perceived from three main stakeholders involved in the process of surveillance: surveillance authorities, data subjects and companies. The academic conference was aimed to tackle precisely this issue and brought together the perspective of those stakeholders as well as provide informative insights from academics and researchers on how these issues interplay in varied contexts.
Speakers raised a multitude of issues. For example, Dr. Christiane Hoehn identified several challenges with regard to privacy and surveillance, such as problems of technology used to protect privacy (encryption, restricted data retention, biometric measures and privacy-enhancing technology), issues of border security and internet-based evidence as an element of successful surveillance. Furthermore, Ike Kamphof from FASoS gave an interesting presentation on activity monitoring, that is, motion sensors that stores data of people’s behaviours that are used in homecare to watch over elderly clients. While this data might be useful to provide help to elderly people, it could also be very sensitive as it gives the insight into these peoples’ habits and behaviours. Annika Richterich raised a thought-provoking issue of ‘sousveillance’, leading to the possibility of surveilling the surveillers. Xavier Tracol addressed, among other relevant issues, also the question of competence of the EU Member States in the field of ‘national security’ which is, in principle, reserved to the Member States, as opposed to ‘public security’ where the EU can act. Gloria Gonzalez Fuster delivered an interesting presentation on who should be considered to be a data subject, notably within the framework of a representative action filed by Schrems against Facebook. Federico Fabbrini addressed the controversial issue of privacy and surveillance after Brexit. Anna Dimitrova and Maja Brkan presented on differences in courts’ and policy makers’ responses on the two sides of the Atlantic to the Snowden’s revelations. Other speakers – Elif Erdemoglu, Elspeth Guild, Lorna Woods and Rocco Bellanova – raised further thought-provoking questions related to surveillance. In a vigorous discussion, a commentator added that sometimes discussions on surveillance are only ‘good enough for jazz’, but the convenors of this conference dare to conclude that the discussions during the conference were undoubtedly apt for a ‘classical concert’.
The conference led to the following salient conclusions. Firstly, surveillance is not enough to guarantee security. A high level of security necessitates other means as well, such as interoperability of databases and access to these databases by different authorities, which will ensure a higher level of security and, at the same time, better cooperation between enforcement authorities. Other means that should be used to enhance security are encryption, border security and cooperation between law enforcement authorities and private companies/controllers that are in a possession of a vast amount of data. Secondly, in order to balance security and privacy, technology needs to be explored to a greater extent. Mechanisms such as pseudonymisation, anonymization, machine learning algorithms, privacy by design and technologies of compliance are still not used enough to protect privacy of people who are subjected to surveillance. Thirdly, a more effective scrutiny is needed of authorities that exercise surveillance, linked to the question ‘Qui custodies custodies?’. Supervision cannot rely on privacy activists such as Max Schrems or hacking of surveillance by private actors; rather, an effective administrative and judicial control is needed.
The conveners warmheartedly thank all of the sponsors that made this event possible, in particular the Centre for European Research in Maastricht, as well as other sponsors: SWOL, UACES (The academic association for contemporary European Studies) and Centre for European Policy Studies (CEPS).