Privacy,surveillance, and the proportionality principle: The need for a method of assessing privacy implications of technologies used for surveillance

Developments in technology have created the possibility for law enforcement authorities to use for surveillance purposes devices that are in the hands or private premises of individuals (e.g. smart phones, GPS devices, smart meters, etc.). The extent to which these devices interfere with an individual's private sphere might differ. In the European Union, surveillance measures are considered lawful if they have been issued in conformity with the legal rules and the proportionality principle. Taking a fundamental rights approach, this paper focuses on the information needed for adopting proportionate decisions when authorizing the use for surveillance of devices that are not built for surveillance purposes. Since existing methods of privacy assessment of technologies do not offer the required information, this paper suggests the need for a new method of assessing privacy implications of technologies and devices which combines an assessment of privacy aspects with the different dimensions of surveillance.     

Technology in policing: Experiences,obstacles and police needs

Increasing efforts are made by police forces all over the world to optimize the use of technology in policing and remove any obstacles as new and existing technologies provide new opportunities for law enforcement, criminal investigation and prosecution. This contribution describes results of research on which technologies are currently used at police forces and other criminal investigation organizations in the Netherlands, their experiences with these technologies and their needs and preferences in this regard. For existing opportunities the prevalence and satisfaction of several technologies in policing, including wiretapping, fingerprints, DNA research, database coupling, data mining and profiling, camera surveillance and network analyses were investigated. For new opportunities the most promising technologies (i.e., promising according to the police forces) were mapped. Furthermore, an inventory was made of the legal, technological and organizational obstacles police forces encounter when using different technologies for purposes like law enforcement, criminal investigation and prosecution.     

Surveillance deputies: When ordinary people surveil for the state

The state has long relied on ordinary civilians to do surveillance work, but recent advances in networked technologies are expanding mechanisms for surveillance and social control. In this article, we analyze the phenomenon in which private individuals conduct surveillance on behalf of the state, often using private sector technologies to do so. We develop the concept of surveillance deputies to describe when ordinary people, rather than state actors, use their labor and economic resources to engage in such activity. Although surveillance deputies themselves are not new, their participation in everyday surveillance deputy work has rapidly increased under unique economic and technological conditions of our digital age. Drawing upon contemporary empirical examples, we hypothesize four conditions that contribute to surveillance deputization and strengthen its effects: (1) when interests between the state and civilians converge; (2) when law institutionalizes surveillance deputization or fails to clarify its boundaries; (3) when technological offerings expand personal surveillance capabilities; and (4) when unequal groups use surveillance to gain power or leverage resistance. In developing these hypotheses, we bridge research in law and society, sociology, surveillance studies, and science and technology studies and suggest avenues for future empirical investigation.     

Location privacy: The challenges of mobile service devices

Adding to the current debate, this article focuses on the personal data and privacy challenges posed by private industry's use of smart mobile devices that provide location-based services to users and consumers. Directly relevant to personal data protection are valid concerns about the collection, retention, use and accessibility of this kind of personal data, in relation to which a key issue is whether valid consent is ever obtained from users. While it is indisputable that geo-location technologies serve important functions, their potential use for surveillance and invasion of privacy should not be overlooked. Thus, in this study we address the question of how a legal regime can ensure the proper functionality of geo-location technologies while preventing their misuse. In doing so, we examine whether information gathered from geo-location technologies is a form of personal data, how it is related to privacy and whether current legal protection mechanisms are adequate. We argue that geo-location data are indeed a type of personal data. Not only is this kind of data related to an identified or identifiable person, it can reveal also core biographical personal data. What is needed is the strengthening of the existing law that protects personal data (including location data), and a flexible legal response that can incorporate the ever-evolving and unknown advances in technology.     

Sorting out smart surveillance

Surveillance is becoming ubiquitous in our society. We can also see the emergence of “smart” surveillance technologies and the assemblages (or combinations) of such technologies, supposedly to combat crime and terrorism, but in fact used for a variety of purposes, many of which are intrusive upon the privacy of law-abiding citizens. Following the dark days of 9/11, security and surveillance became paramount. More recently, in Europe, there has been a policy commitment to restore privacy to centre stage. This paper examines the legal tools available to ensure that privacy and personal data protection are respected in attempts to ensure the security of our society, and finds that improvements are needed in our legal and regulatory framework if privacy is indeed to be respected by law enforcement authorities and intelligence agencies. It then goes on to argue that privacy impact assessments should be used to sort out the necessity and proportionality of security and surveillance programmes and policies vis-à-vis privacy.     

What drones inherit from their ancestors

Any specific technology derives attributes from the generic technologies of which it is an instance. A drone is a flying computer. It is dependent on local data communications from its onboard sensors and to its onboard effectors, and on telecommunications links over which it receives data-feeds and command-feeds from terrestrial and perhaps airborne sources and from satellites. A drone acts on the world, and is therefore a robot. The remote pilots, and the operators of drone facilities such as cameras, depend on high-tech tools that interpret data that display transmitted, enhanced and generated image and video, and that enable the composition of commands. So drone operators are already cyborgs. Many drones carry cameras and are used for surveillance. Computing, data communications, robotics, cyborgisation and surveillance offer power and possibilities, but with them come disbenefits and risks. Critical literatures exist in relation to all of those areas. An inspection of those literatures should provide insights into the limitations of drones, and the impacts and implications arising from their use.     

Location and tracking of mobile devices: Überveillance stalks the streets

During the last decade, location-tracking and monitoring applications have proliferated, in mobile cellular and wireless data networks, and through self-reporting by applications running in smartphones that are equipped with onboard global positioning system (GPS) chipsets. It is now possible to locate a smartphone user's location not merely to a cell, but to a small area within it. Innovators have been quick to capitalise on these location-based technologies for commercial purposes, and have gained access to a great deal of sensitive personal data in the process. In addition, law enforcement utilises these technologies, can do so inexpensively and hence can track many more people. Moreover, these agencies seek the power to conduct tracking covertly, and without a judicial warrant. This article investigates the dimensions of the problem of people-tracking through the devices that they carry. Location surveillance has very serious negative implications for individuals, yet there are very limited safeguards. It is incumbent on legislatures to address these problems, through both domestic laws and multilateral processes.     

Expanding Media Law and Policy Education: Confronting Power,Defining Freedom,Awakening Participation

The changes brought about by the Digital Age have not triggered significant increases in political participation or meaningful reductions in longstanding social power asymmetries, which are now increasingly negotiated in policy contexts that involve mass media (surveillance, big data, net neutrality). At the same time, new technology and communication patterns have opened fissures in public opinion about the limits of free expression while also creating new legal risks for citizen-communicators. This article suggests that universities need to recalibrate their curricula to meet the exigencies of this moment, which should include an increased emphasis on media law and policy courses and initiatives. The article outlines a rationale for action, and some strategies, based on the need to: (1) expand citizens’ expressive agency by equipping them with the knowledge to shield themselves from overt restraints and subtle forms of coercion; (2) deepen citizens’ civics knowledge, enhance their political efficacy and enable their political participation; (3) facilitate citizens’ engagement in reemerging debates about the meaning and scope of the First Amendment; and (4) spur citizen involvement in confronting pressing constitutional and media policy issues whose resolution will ultimately shape the broader balance of social power.     

Through a screen,darkly: Electronic legal education in Europe

Abstract

Electronic legal education involves the use of information, communication and instructional technologies to enhance students’ learning of the law and to provide law teachers with environments and tools for teaching the law. With the fast growth of the Internet many Law schools and Law faculties are moving their education and training into web environments. This may open new ways of teaching and learning the law by providing students with an environment in which they can manage legal information and legal knowledge for their personal professional use. However, it is clear that throughout Europe there are divergent as well as convergent uses of the web and IT This article explores some of the issues inherent in this, and suggests a number of projects that would enable ICT in legal education to facilitate the aims of the Sorbonne‐Bologna process.     

The thin red line: Refocusing data protection law on ADM,a global perspective with lessons from case-law

This article explores existing data protection law provisions in the EU and in six other jurisdictions from around the world - with a focus on Latin America - that apply to at least some forms of the processing of data typically part of an Artificial Intelligence (AI) system. In particular, the article analyzes how data protection law applies to “automated decision-making” (ADM), starting from the relevant provisions of EU's General Data Protection Regulation (GDPR). Rather than being a conceptual exploration of what constitutes ADM and how “AI systems” are defined by current legislative initiatives, the article proposes a targeted approach that focuses strictly on ADM and how data protection law already applies to it in real life cases. First, the article will show how GDPR provisions have been enforced in Courts and by Data Protection Authorities (DPAs) in the EU, in numerous cases where ADM is at the core of the facts of the case considered. After showing that the safeguards in the GDPR already apply to ADM in real life cases, even where ADM does not meet the high threshold in its specialized provision in Article 22 (“solely” ADM which results in “legal or similarly significant effects” on individuals), the article includes a brief comparative law analysis of six jurisdictions that have adopted general data protection laws (Brazil, Mexico, Argentina, Colombia, China and South Africa) and that are visibly inspired by GDPR provisions or its predecessor, Directive 95/46/EC, including those that are relevant for ADM. The ultimate goal of this study is to support researchers, policymakers and lawmakers to understand how existing data protection law applies to ADM and profiling.¹     

Stop and Risk: Policing,Data, and the Digital Age of Discrimination

Predictive policing is the newest innovation in the field of law enforcement. Predictive policing programs use algorithms to analyze existing crime data in an attempt to make predictions about future crimes: What crimes are likely to be committed, where crimes are likely to be committed, and a list of potential victims and offenders. Proponents of predictive policing champion the practice as an effective, proactive form of law enforcement that is free from bias due to its data-driven nature. However, as a matter of justice policy, predictive policing is just as discriminatory as traditional police practices, such as stop and frisk: Both are relatively ineffective; both have the potential to disproportionately target minorities; both are challenging forms of surveillance that create several important ethical and legal issues; and both are presented as objective, impartial, and equitable. This article has three primary goals: Highlight the potential and problematic similarities between stop and frisk and predictive policing; present the problems associated with predictive policing, including its questionable effectiveness, biased foundation, and faulty legal and ethical footing; and discuss the ways in which discriminatory criminal justice programs, such as stop and frisk and predictive policing, are presented to the public as objective, non-discriminatory policies.

     

Data registers in respiratory medicine: a pilot project evaluating compliance with privacy laws and the National Statement on Ethical Conduct in Research Involving Humans

This article reports on data from a small pilot survey evaluating the compliance of voluntary databases in respiratory medicine with privacy laws and the National Health and Medical Research Council's National Statement on Ethical Conduct in Research Involving Humans. The increasing complexity of privacy law, including the recent private sector amendments, creates many challenges for database administrators. The impact of privacy laws upon voluntary or non-statutory databases, and upon doctors reporting patient data to such databases, is far from straightforward. The article suggests way in which the law might be adapted in order to better facilitate the role of voluntary data registers in health research and public health surveillance, while still protecting the privacy of patient information. The article also briefly considers how database administrators might "future-proof" their existing data holdings to ensure compliance with legal and ethical standards.     

Understanding research methods,limitations, and applications of drug data collected by the National Forensic Laboratory Information System (NFLIS-Drug)

The National Forensic Laboratory Information System (NFLIS) is a drug surveillance program of the US Drug Enforcement Administration that systematically collects data on drugs that are seized by law enforcement and submitted to and analyzed by the Nation's forensic laboratories (NFLIS-Drug). NFLIS-Drug data are increasingly used in predictive modeling and drug surveillance to examine drug availability patterns. Given the complexity of the data and data collection, there are some common methodological pitfalls that we highlight with the aim of helping researchers avoid these concerns. The analysis done for this Technical Note is based on a review of the scientific literature that includes 428 unique, refereed article citations in 182 distinct journals published between January 1, 2005, and April 30, 2021. Each article was analyzed according to how NFLIS-Drug data were mentioned and whether NFLIS-Drug data were included. A sample of 37 articles was studied in-depth, and data issues were summarized. Using examples from the literature, this Technical Note highlights eight broad concerns that have important implications for the proper applications, interpretations, and limitations of NFLIS-Drug data with suggestions for improving research methods and accurate reporting of forensic drug data. NFLIS-Drug data are timely and provide key information to inform drug use trends across the United States; however, our present analysis shows that NFLIS-Drug data are misunderstood and represented in the literature. In addition to highlighting these issues, DEA has created several resources to assist NFLIS data users and researchers, which are summarized in the discussion.     

‘Customary internet-ional law’: Creating a body of customary law for cyberspace. Part 2: Applying custom as law to the Internet infrastructure

The shift in socio-economic transactions from real space to cyberspace through the emergence of electronic communications and digital formats has led to a disjuncture between the law and practices relating to electronic transactions. The speed at which information technology has developed require a faster, more reactive and automatic response from the law that is not currently met by the existing law-making framework. This paper suggests the development of special rules to enable Internet custom to form legal norms to fulfill this objective. In Part 2 of this article, I will construct the customary rules to Internet law-making that are applicable to electronic transactions by adapting customary international law rules; apply the suggested rules for determining customary Internet norms and identify some existing practices that may amount to established norms on the Internet, specifically practices relating to the Internet Infrastructure and Electronic Contracting.     

Assessing for bruises on the soul: identifying and evidencing childhood emotional abuse

The term ‘emotional abuse’ is acknowledged by law in the Children Act 1989 and refers to the wider social concept of harm that occurs in the psychosocial domain. Emotional abuse is a contested notion and a form of harm that statutory child protection social workers find difficult to recognise and gather evidence of. Early preventative intervention approaches, which occur outside the legal system, are the preferred course of action in work with emotional abuse. However, child protection social workers may use their statutory powers and duties to implement interventions when cases are deemed to require attention within legal frameworks.Professionals routinely fear legal work in cases of emotional abuse, feeling inadequately equipped to engage effectively with the law. This article draws on rich research data, gathered for an Economic and Social Research Council funded doctoral project. The data offers an original perspective on the interaction between social work and law, adding to existing literature on the frictions that exists. Using psychosocial methods, the research explores social worker experiences of identifying and evidencing emotional abuse, with particular attention to the application of ‘attachment theory’. The article shines a light on some practice complexities of identifying and evidencing emotional abuse.     

Patent Cases in the Court of Chancery, 1714–58

The purpose of this article is two-fold. First, it discusses recent improvements in the cataloguing of Chancery bills and pleadings entered between 1714 and 1758, held in the C 11 series at the National Archives. This has made it much easier to locate cases by subject, and a methodology for doing this is described. Secondly, the article outlines the results of work carried out in C 11 on cases relating to patents for invention. Although there has been significant research into how other forms of intellectual property right were adjudicated in the Court of Chancery, notably copyright, patent law for this period remains obscure. The article shows that Chancery (along with the common law courts) retained the principal jurisdiction in patent law, rather than the Privy Council as was once thought.     

The 'final' privacy frontier? Regulating trans-border data flows

This article examines the threat to privacy posed by the transferof personal information from one jurisdiction to another. Despiteinternational trends towards greater protection of personalinformation, significant challenges to personal privacy arisein this context. These include the use of outsourcing by businesses,the encroachment of security laws and the potential ‘spill-over’of technologies developed for combating terrorism into the privatesector. Also significant are technologies enabling the ‘profiling’of individuals and ‘data mining’ across borders.Against this backdrop, the article considers existing jurisdictionalresponses towards regulating personal information flows acrossborders. It considers various actual or proposed solutions including‘safe-harbours’, contractual mechanisms and extra-territorialapplications. The article concludes that many of the existingapproaches to regulating trans-border information flows areto some extent deficient and suggests the need for a new ‘fourthgeneration’ set of data protection protocols. In formulatingthe latter, analogies are drawn from other relevant areas ofthe law in order to furnish creative solutions to the problem.     

Are Older Workers Past Their Sell‐by‐Date? A View from UK Age Discrimination Law

This article assesses the effectiveness of United Kingdom age discrimination law in protecting older workers from claims that they are less productive and perform more poorly than younger workers. The article assesses employer perceptions and the incompatibility of such perceptions with existing research and the current interpretation of age discrimination law by the CJEU and the Supreme Court which accords with such research. The effectiveness of age discrimination law in practice is assessed through an analysis of existing compensation reduction rules. The article concludes that the existing rules which allow for a reduction in compensation payable where there is a chance that the same outcome would have been reached in the absence of discrimination (the ‘chance model’) reduces the effectiveness of the existing protections. A move to a ‘certainty model’ would be less speculative, would serve the objectives of anti‐discrimination law and would reduce concerns about compatibility with EU law.     

Jurisdiction and Scale: Rent Arrears,Social Housing,and Human Rights

This article draws on the recent work of Mariana Valverde on jurisdiction and scale to frame a study of the interaction between mandatory possession proceedings brought by one particular type of social housing provider – housing associations – and national as well as human rights law. It was the explicit political choice to focus social housing provision on housing associations, as opposed to local authorities, which opened up the mandatory possession jurisdiction. The essence of the argument is that, despite the apparent incommensurability of these different scales and jurisdictions, they are able to accommodate each other quite happily. Two sets of texts are used to develop this argument. First, consideration is given to the legal technicality through which mandatory possession proceedings might be challenged. Second, we draw on data from a study of housing associations practices and policies on the use of one particular mandatory ground of possession for rent arrears, demonstrating the way in which scale and jurisdiction, political rationality and technologies intertwine.     

Financial instruments entail liabilities: Ether,bitcoin, and litecoin do not

The financial assets that are subject to major EU financial legislation (i.e. (designated types of) financial instruments) have traditionally been defined in a largely exemplary and circular manner. The recent proliferation of ‘non-traditional’ financial assets, such as cryptocurrencies and stablecoins, is increasingly challenging the viability of these pragmatic financial asset definitions. Through the analysis of the technologies and functionalities underpinning non-traditional financial assets, legal scholarship has aimed to categorize novel assets within the existing framework of financial asset definitions. Although a solid understanding of e.g. distributed ledger applications and cryptography appears a prerequisite for future policy and legislative interventions, contemporary EU financial legislation is mostly indifferent to the technologies on which financial assets may be wired. Categorizations based on the purposes that non-traditional assets may serve (i.e. payment, utility, and investment) are more relevant to financial law, but suffer from subjectivity because they depend on the asset usage by the asset holder. Against this backdrop, this paper proposes a novel systematization of non-traditional assets that is based upon the conceptual substructure of the assets within the scope of EU financial legislation. More specifically, this paper submits that, irrespective of underlying technologies and functionalities, all assets that are subject to major EU financial legislation have a conceptual common denominator: they entail the liability of an entity and, hence, have intrinsic value. The proposed categorization singles out a well-defined group of novel financial assets that is not subject to EU financial law (i.e. assets that only have extrinsic value). Different from functionality- and technology-based categorizations, the suggested approach allows to eradicate some ambiguities that are present in the existing taxonomies. By exploring the conceptual common denominator of the financial assets that are subject to EU financial legislation, this paper aims to foster debate on the circular and exemplary character of financial asset definitions in EU financial legislation in general and the relation of these definitions to novel types of financial assets in particular.