Things do not add up. Ok, we have a European directive that regulates the use of personal data. The directive is quite old now (1995 is a few centuries ago, technologically speaking); the more so if one thinks that it has been drafted on the basis of the Strasburg convention, which dates back to 1982! Nevertheless, it is the law of the land and, as such, one thinks that individual should be duly protected as to their privacy. And yet now more than ever before it is painfully clear that protection of personal data and privacy are in no way synonyms. So let’s go back to the basic and let’s try to get the record straight.
Privacy legislations were born for two reasons. First reason: way back in the early seventies legislators were concerned of the potential wrongful use of computers. Computers have an incredible capacity to store, retrieve and compare data, by far superior to any other device previously known to man. Assuming that all data are recorded for fair and lawful purposes, the association and process of data from archives set out for different purposes could create a “Big brother” that will know everything about everyone. It was perceived that, for example, government could use the data to discriminate or isolate persons that would not conform to certain criteria, because of their ideas, of their health status, of their race, ect. In this vision, otherwise legally collected data could be used to reach unlawful means, thanks to this capability to record, compare, sort and in any other possible way process data. This was even more significant in western Europe, were the memories of the discrimination carried out by dictatorships in the 30’ was still alive, and their consequences well known.
Second reasons: Europe was divided in two, the western and the eastern bloc. The fate and the life of dissidents in the eastern bloc was well known; hence, in implementing a law that regulated the way a public government could use personal data there was a very strong, underlying political message. The western block said to its citizens and to the rest of the world: we are not going to act like that. Data Protection legislation was a way to show everyone the difference between west and east and to assert the strength of democracy: personal data of citizens can be processed only for fair and legitimate purposes, and certainly not to discriminate against them. This was the message western Europe gave the whole world.
The outcome was a set of statutes meant to protect individuals from the power of computers, and so the governments pledged that they would not spy into the private lives of their citizens.
In comes Year 2000 and, what do you know, things have drastically changed. Now we have all kinds of devices, and these devices are completely different from way back when. Most important of all, these devices are in everyone’s pocket and used every day to “get wired” , to get always in touch with other people. The technological picture is completely different from the one of the early seventies; to-day bits and pieces of information are available everywhere. Well, information is power, as someone said.
The thing is that every time we connect to Internet, every time we use our smartphone or tablets, every time we send a message to a friend’s page on Facebook, every time we click on the “I like “ button, you name it, these information are collected and used to better define our personalities and target the ads on us. You would be surprised to know the number of companies that are making a fortune using Facebook’s data or Google Analytics. Make no mistake: every bit of information we unconsciously supply to them is used and sold and our data is bound to stay in the files of these companies for ever end ever. Is everyone aware that Gmail reads and scans every single word in every single mail message? Are you aware that the content of your conversation with your kids, brother, sister, wife, lover is read and used? Now, is that legal? Can anyone open my mail just like that and get away with it? And why our governments do not act? These are the same Governments that, by implementing the European Directive, have laid a significant burden to anyone who processes data: inform, require consent, notify, bla bla bla. Why these governments now condone all this, and how is this consistent with the claim that our privacy is protected because our data are protected? The truth is our data are not protected at all; as one famous Silicon Valley entrepreneur said in a public speech some time ago “You have zero privacy. Get over it!”
Well, the thing is that Governments do not act for one very simple reason: Government have started to ignore the basics of the protection of data simply because they are using the same information from the same sources for their own purposes. The Internet has given our Governments and our administrations an incredible source of information, which can be used to allegedly fight crime. Nothing wrong in fighting crime, but are we sure that tapping twits is legal? And are we sure that tapping messages (e-mail, web postings, Facebook messages) is legal? Most of all, let’s not forget that if someone opens my mail without a due warrant, this is a crime, under any western legislation. And yet police officials are doing it every day. When the “occupy Wall Street” movement organized a rally in New York last spring, N.Y. police found out where they were gathering (Grand Central Station) by looking the twits that participants were exchanging. Reading those twits Police found out that protesters were scared by dogs, so they got the largest collection of police dogs ever seen in N.Y.; trainee dogs to be used in airport to detect drugs were used, even if they could have done nothing to fight rioters; and yet they were incredibly effective. The use of these information was crucial to tackle the rally for the N.Y.P.D.
Every digital camera has a GPS; so every time you shoot a picture, there is a trace of where the picture was taken. This was used to track and arrest one of the main hackers of Anonymous: he took a picture of his computer screen after he had cracked a site and posted it over the Internet. In a matter of hours he was found and arrested.
Now, suppose you are a journalist, or a lawyer working on a case. You google for “ abuse, rape, child, minors”. You do this because you are getting the information you need for the article you’re writing or the case you’ll be discussing. Do you think that search will go unnoticed? If you search the Internet for information on Osama Bin Laden is it because you’re a terrorist (or a potential terrorist) or because you want to write an article on fundamentalist Muslims?
Presently, confusion is at its peak. If all of the above was not enough, the world of clod computing has rapidly made its way in to-day’s processing world. The implications from a legal point of view, (if we want to try and comply with the EEC Privacy Directive, that is) are amazing. So, what do we make out of all this?
I was rebuked once because I was told: it’s easy to point out at problems, but we do not need to know what the problems are, we need solutions. Well, I do not have a solution, for the time being. I have a few ideas, but that’s far from having a solution.
One step would be to have all social networks and search engines be forced to publish the list of all organizations that have access to personal data and/or to whom personal data have been sold. What the heck, if our data are in the public domain, isn’t it just fair that they tell us what they do with them? Another major step would be to stop implementation of a new law with yet more bureaucracy and establish a very simple, but strong legal principle: the data of one person belong to that person and to no other. That pretty much would do it, wouldn’t it? If the world has accepted the principle that a content is protected (e.g. music, movies, etc) and belongs to its authors and publishers, why not do the same with personal data. Given the enormous value they generate, I do not see any reason why we shouldn’t do it. And finally, let’s implement new rules for Governments: freedom and democracy are way too important to let someone tamper with fundamental human rights. European legislators believed that freedom and democracy would be stronger when they implemented the first rules of data protection in the early seventies; it’s about time present legislators show us they share the same belief.