“Reforming Data Protection: the Global Perspective”
22-24 January 2014, Brussels
Following our “Big Data and Security in Europe” event, we were at the annual ‘Computers, Privacy and Data Protection’ (CPDP) conference, with 60 panels, workshops and special sessions and over 340 speakers. We attended a range of sessions, including:
- EU data protection reform: fixing the last bugs”;
- Normative and empirical perspectives on threat impact assessments”;
- Timing the right to be forgotten”;
- Privacy practices in biometrics”; and
- Open source surveillance and online privacy”.
Even this short list highlights the breadth of issues addressed at the conference.
On 23 January 2014, Louise spoke at “Privacy in the age of pre-emptive security” panel, organised within the framework of the ‘Securing against Future Events: Pre-emption, Protocols and Publics’ project.
The Panel was chaired by Prof. Marieke de Goede (University of Amsterdam), with Dr Tugba Basaran (University of Kent) as the moderator. The speakers included: Mr Rocco Bellanova (Université St Louis/Peace Research Institute Oslo), Ms Diana Alonso Blas (Eurojust), Dr Quirine Eijkman (Leiden University) and Mr Daniel Drewer (Europol). The panel was set to address such questions as:
- Why has the data mining and analysis become so important for pre-emption of security threats?
- In what ways do new techniques reorient conventional practices in relation to data collection, processing and sharing?
- What would effective policy safeguards look like in the age of pre-emptive security?
In her opening contribution, Louise argued that, although data-based security measures are not new, having been actively promoted post-9/11, it is the specific orientation to the data that is new, especially in light of the shift from the searches shaped by clear questions and rules to pure knowledge discovery in large heterogeneous data sets. She suggested that these changes pose a number of novel challenges to the protection of private and associational life, especially in light of the focus on links between data elements and other things and inferences in the “world where big data analytics can forget the person, but still remember the association”.
While Rocco Bellanova offered a provocation suggesting that data protection can serve as an enabler of security expansion, Quirine Eijkman focused on the decision-making processes and the role of the front line officers in contexts in which semi-automatic risk analysis is applied.
In her intervention, Diana Alonso Blas pointed out that, with pre-emption, the burden of proof is reversed and new challenges emerge for privacy. She argued that, with more and more security systems and initiatives being constantly put forward, it is important to continue asking questions, for example: Do we really need these systems? What are their details and the legal basis for them? Who and how will perform their supervision? What are the arrangements for the constant review of the need for them?
Daniel Drewer focused on the privacy safeguards applied by the Europol, including: time limits; rules on sensitive data; handling instructions for data processing and strict security set-up for data sharing. He emphasised that data mining does not take place at Europol and that Europol is not a ‘big data’-focusedinstitution. Instead, Europol relies on the data from member states – something he describes as a ‘stack of needles’. While there is a possibility to process data on ‘future’ criminals, data-based indicators are required and a judgement is made on a case-by-case basis.
Presentations were followed by a lively Q&A session. Judging by the size and active participation of the audience, the panel was a success and generated many discussions that continued long after it ended.