‘Data protection thinking’ – understanding its potential and testing its limits against mass-surveillance
Rocco Bellanova
Peace Research Institute Oslo (PRIO) and Université Saint-Louis – Bruxelles (USL-B)
The main goal
of this contribution is to sketch a critique of what I suggest to call ‘data
protection thinking’. The purpose is to both understand its potential and test
its limits when it comes to grasp and possibly resist mass-surveillance.
If privacy is
said to be dead, data protection regulation might be considered alive and
kicking. A major reform of its European Union (EU) legislative framework is
close to formal adoption, after four years of debates and several hundred
amendments. Eventually, the two new EU legal instruments should deeply
influence the everyday of a myriad of different actors, from European
governments to individuals and companies around the world. Data protection has
also been at the centre of recent judgments of the EU Court of Justice. Two
prominent cases - concerning the Data Retention Directive and the Safe Harbour
Decision – touched upon key features of contemporary mass-surveillance
practices: their international dimension and their public-private entanglement.
Actually, discussions about the role and capacity of data protection to
regulate and contain surveillance should be no surprise in a context marked by the proliferation of
devices producing digital traces and of algorithms promising far reaching
detection and prediction capabilities.
Actually,
data protection and security measures increasingly operate, if not always at
the same time, at least on the same elements. For example, when it comes to the
introduction of EU or international schemes for the surveillance of Passenger
Name Records (PNR), passenger data become the site of both the actions and
interactions of data protection and security practices. However, a closer
analysis of the encounters between data protection and surveillance invites us
to stop conceiving data protection only in terms of a (residual) counterpoint
to data-driven governance, but rather as a proper form of governmentality. In
other words, data protection actively participates both to the government of
people and things through data, and to the questioning of specific forms of
governing. It is both government – a continuous effort of dis/ordering – and
mentality – the reflexive effort to make sense of different forms of
dis/ordering.
This obliges
us to engage even more closely with ‘data protection thinking’, because its
governmentality is neither univocal nor self-sufficient. On the one hand data
protection thinking helps us interrogate the way in which specific security
practices are deployed, and the way in which they capture, enrol and bend many
diverse elements (such as passengers, regulations, commercial services,
software). But data protection thinking often plays a substantial role in the
deployment of these security practices: it can legitimize, influence and smooth
their design and implementation.
I believe
that, far from being the golden solution to mass-surveillance, data protection
thinking can teach us something worthy. I will attempt to show social sciences
scholars the pros and cons of embracing data protection thinking: as research
object and/or as epistemic mind-set. To do so, I propose a brief exploration of
the making of the EU PNR security program, the first European big data
surveillance system.
No comments:
Post a Comment