Wednesday, March 30, 2016
Seminar 5 Postion Statement: Dr Rocco Bellanova
The main goal of this contribution is to sketch a critique of what I suggest to call ‘data protection thinking’. The purpose is to both understand its potential and test its limits when it comes to grasp and possibly resist mass-surveillance.
If privacy is said to be dead, data protection regulation might be considered alive and kicking. A major reform of its European Union (EU) legislative framework is close to formal adoption, after four years of debates and several hundred amendments. Eventually, the two new EU legal instruments should deeply influence the everyday of a myriad of different actors, from European governments to individuals and companies around the world. Data protection has also been at the centre of recent judgments of the EU Court of Justice. Two prominent cases - concerning the Data Retention Directive and the Safe Harbour Decision – touched upon key features of contemporary mass-surveillance practices: their international dimension and their public-private entanglement. Actually, discussions about the role and capacity of data protection to regulate and contain surveillance should be no surprise in a context marked by the proliferation of devices producing digital traces and of algorithms promising far reaching detection and prediction capabilities.
Actually, data protection and security measures increasingly operate, if not always at the same time, at least on the same elements. For example, when it comes to the introduction of EU or international schemes for the surveillance of Passenger Name Records (PNR), passenger data become the site of both the actions and interactions of data protection and security practices. However, a closer analysis of the encounters between data protection and surveillance invites us to stop conceiving data protection only in terms of a (residual) counterpoint to data-driven governance, but rather as a proper form of governmentality. In other words, data protection actively participates both to the government of people and things through data, and to the questioning of specific forms of governing. It is both government – a continuous effort of dis/ordering – and mentality – the reflexive effort to make sense of different forms of dis/ordering.
This obliges us to engage even more closely with ‘data protection thinking’, because its governmentality is neither univocal nor self-sufficient. On the one hand data protection thinking helps us interrogate the way in which specific security practices are deployed, and the way in which they capture, enrol and bend many diverse elements (such as passengers, regulations, commercial services, software). But data protection thinking often plays a substantial role in the deployment of these security practices: it can legitimize, influence and smooth their design and implementation.
I believe that, far from being the golden solution to mass-surveillance, data protection thinking can teach us something worthy. I will attempt to show social sciences scholars the pros and cons of embracing data protection thinking: as research object and/or as epistemic mind-set. To do so, I propose a brief exploration of the making of the EU PNR security program, the first European big data surveillance system.