Security and privacy: the eternal dilemma
“Security and privacy. The eternal dilemma “. Sometimes it is so. Sometimes not. From a relative and business perspective, privacy is one of the fundamental aspects of security, meaning that a bug in the privacy system will involve considerable damage to the company and its customers.
In the enterprise field, and in almost the whole world, the issue of privacy is recognized as one of the fundamental ones, which may imply – in the larger companies, the separation of the post of privacy “officer” or “consultant” from the most generic post of “security manager”. But from an absolute point of view, privacy and security are two titans destined for confrontation. What and how you oppose? Undoubtedly in Europe there is a double need: on one hand making Europe citizens grow and progress in terms of human rights and individual rights, and perhaps privacy, at first glance it would seem one of the most important individual rights almost to rise, nowadays, in the category of natural rights.
From another point of view, it is necessary that national and European institutions literally invade the privacy of residents and foreigners who apply to reside in the old continent. This, of course, for clear reasons of public order and security, in order to counteract the sad phenomenon whom every day we hear and read: from illegal immigration to migrants smuggling, from terrorism to money laundering.
And that’s why Europe is taking on regulatory instruments to govern on the one hand the duties / rights in the field of private citizens and, secondly, the duties / rights of the institutions towards the citizens. We are talking, respectively, of the Regulation and the Directive on Data Protection. “Regulation” and “directive” are two very general words, which bear far more complex legal and long nomenclatures, but, in the data protection background, interested people can immediately understand what they refer to.
In both normative sources, upcoming promulgation – it seems that both measures have passed the steps of the discussion in trilogue – roles, responsibilities, recipients and “actors” of the data protection system and, consequently, privacy are defined and soon they will cover Europe, the United States and Third Countries. Much importance will be obviously assumed by the national controller authorities, which are already partly coordinated by the European Data Protection Supervisor.
From an operational point of view and spare change, however, it should change little, but it will be very useful once and for all to give uniformity to the individual national laws and procedures to provide common data access and litigation systems.
In any case, to date, the European and national institutions acting in the field of security are – in extreme and deep synthesis – legitimate holders of power related to the use, collection and retention of data, to fulfill their purposes and founding their institutional purposes. The so called “Swedish Initiative”, the “Prüm Decisions” are nothing more than legal attempts, already adopted or in the process of transposition in national law, in order to provide a better use of these information and their exchange between Authorities.
And this is the knot of the question: according to the European and national case-law, the compression of the right to privacy has so far been generally considered correct, if the same interest conflicts with higher interests, such as the right to life, or the principle that it must a crime must be prevented or brought to completion. In fact these – let’s call them philosophical – principles, are underlying the legislative existence of disparate databases – even if, some of them, are not yet operational – that support justice and European police forces in their daily mission of prevention and contrasting crime.
In this specific sector there have been fundamental judgments of the European Court of Justice who have disciplined and completely redesigned the architecture of data protection, especially in the economic relations with major US giants, which are in fact the monopoly of social communication and service providers online.
For example, think about the famous sentence on the “Data Retention” (to which we refer integrally) that made completely skip the agreements so far perfectly and “efficient” between EU and US. Before the sentence, every non-EU state, which managed European citizens’ data was in fact free to manage by itself: or rather, despite having to ensure an adequate data protection regime, it was quite free from forms of controls and inspections by the EU institutions. The so called principle of the “Safe Harbour” proved to be insufficient to protect the privacy of citizens who entrusted to the giants of the global telematics their data, their own interests and their own photographs. Following the judgment, the “Safe Harbour” has been completely revised and replaced by a safer agreement called “Privacy Shield “.
European institution which is tasked with signing these agreements is the Commission. The agreement has developed has developed a new legal system putting, so to speak, “the stakes” for the United States, providing clear guarantees and transparency requirements applicable to access to data from the government of the US, by imposing specific obligations on companies and a robust application, providing effective protection of the rights of EU citizens with different possibilities of litigation and devising a mechanism of annual joint review of the effectiveness of the shield.
So, to sum up, Europe is not in contrast with common sense: on the one hand provides for the guarantee of the right to privacy issues and fundamental rights, on the other manages to balance strongly her action of collecting information necessary to safeguard of its citizens, defending its interests and its autonomy from friends across the Atlantic.
On this dilemma some very strong doubts remain, especially with regard to national legislation. Consider, for example, in countries where prostitution is illegal. Many political movements or currents of thought are clamoring for the legalization and the drafting of specific rules. A writer’s opinion is that a law in matter can never be enacted, precisely for reasons of privacy, even if the “prostitution” topic is touches many others: human rights, gender-based violence, exploitation, immigration, acts of disposal of his own body and so on.
If a law to regularize and reinstitute prostitution would issued, the same would conflict – without limitation – with rules requiring the accommodation lists to be communicated to the authorities (and thus to enter into the databases). Inevitably a client and a prostitute would be identified, and a profile of the people who attend the same prostitute or who usually frequents that area could equally be traced or, worse, sexual habits (which are, for now, quite rightly, a as sensitive) could be profiled. Again, it is essential for the authorities to know hotel customer records (that can be crucial in resolving judicial and investigation cases) and hotel owners are oblige to communicate them.
Here the dilemma: to protecting the public interest or the individual interests?