News

APRIL 2020

ARTICLE

 

DATA PROTECTION

 

The fragile good of privacy

Translation of the article “Το εύθραυστο αγαθό της ιδιωτικής ζωής» published in protothema.gr on 15/4/2020

The biggest illusion a person could have is probably believing that the only way to cope with health threats, such as the Covid-19 pandemic is the thoughtless use of modern technological means of continuous mass surveillance of his behavior and consequently of his privacy.

And as long as there is no vaccine or at least a cure for Covid-19, the States implement other measures for dealing with the virus. As this virus is so contagious the most effective measure has been found to be the restriction of peoples’ free movements, the so called “lockdown”, aiming at reducing the spread of the virus through the avoidance of peoples’ interactions. The “lockdown” is the current super-weapon of States and governments. It is self -evident – and I stress this for the avoidance of any doubt – that in the present circumstances this measure as implemented in Greece is both necessary and appropriate for dealing with the pandemic. In this respect I trust the experts’ opinions.

However who can ignore the (potential) detrimental consequences of such a restrictive measure on the economy but also on peoples’ –mental and physical – health, especially if it lasts for a long period of time? The “lockdown” of enterprises has led to – and this will gradually be clear- the collapse of the global economy. Nor should the consequences of social distancing on the mental and physical health of individuals be underestimated.

In light of the present economic and social tsunami which threatens the western societies in particular, a number of governments stand ready to adopt - some have already done so, such as China, Singapore, Israel, South Korea etc. – the use of new technologies which monitor the individual on a regular and systematic basis. “Location data” on mobile phones is a characteristic example as they indicate the geographic position of the user of the mobile in such a way that governmental authorities can locate the movements of Covid-19 patients, as well as the movements of those who have been in contact with them.

The cooperation of the two giants, Apple and Google, which has recently been announced, will move towards the same direction. Reportedly Apple and Google will develop a special application which will have the ability to notify about 3 billion iPhone (Apple) and Android (Google) smartphone users if they have been in contact with a person infected with the corona virus. Through this application the smartphones will – with the consent of the user - be able to exchange anonymous data via applications handled by public health services. The question, however, remains: Ηow will contact tracing be possible by using anonymous data? Is it the case that the data will not be anonymous but pseudonimised i.e. personal data? . And as long as the virus destroys human lives and the medical science does not deliver the cure/vaccine for coping with the virus, as long as the economy falls apart and with it peoples’ lives, the inducement of new technologies and their potential will only grow. The discussion has already commenced and the main focus is on technological tools and biometric applications, which usually are implemented for the prevention and suppression of terrorism and crime in general (facial recognition) or for the surveillance of prisoners (electronic, biometric bracelets or even microchips -implanted in humans-. These tools and applications enable not only the monitoring of the individual’s location but, more importantly the monitoring of his body temperature, blood pressure, heart beats which can indicate his physical health as well as his mental health and state of mind.

In light of such dangers, the initial approach of the European Data Protection Board on the issue of new technologies and in particular the use of mobile location data for coping with the pandemic leads to the correct result. However it seems to commence from the wrong start line, because it uses the terms “public health” and “public security” as being one and the same, thus - in the context of dealing with the pandemic of Covid-19 - enabling Member States to introduce legislative measures to safeguard public security in accordance with art. 15 of the ePrivacy Directive (2002/58/EC). This is contrary to the jurisprudence of European Courts, who consider that measures for the protection of public security are those that aim at the prevention and combating of terrorism and organised crime. In my view the issue has not only incorrectly been approached from a legal perspective, but also unnecessarily so since the limitation of art 13 of Directive EC/95/46 (referred to also by art. 15 of the ePrivacy Directive), which has been incorporated in art 23 of the General Data Protection Regulation and enables Member States to introduce legislative measures to safeguard, inter alia, “other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, …, public health and social security”. Furthermore this approach can prove rather “slippery” in case of evaluating measures that are usually imposed for dealing with terrorism or (serious) criminal acts – depending on how seriously personal rights and freedoms have been restricted as per above. However as correctly accepted by the European Council, the strict implementation of the principle of proportionality (and in particular necessity and strict senso proportionality) must be considered to be a barrier against arbitrary judgments and the thoughtless use of applications which interfere with the privacy of communications and the protection of personal data. In light of the above the principle of proportionality can be seen as the ultimate and –maybe lifesaving- refuge of our privacy.

The most pessimistic prospect for the future is complacency, the fatalistic acceptance and peoples’ familiarisation with the catalytic consequences which the thoughtless use of technology may have on privacy and the level and quality of Democracy and civilization in general. If we want to safeguard our privacy and simultaneously the quality of modern Democracy, we must face the degenerative aspects of technology with a critical mind. We must also selflessly adhere to the principles of Democracy and the value of humans. And a last- and I think necessary- comment: These thoughts do not negate or even question the progress of technology. On the contrary they express a cry of agony for our society’s readiness to acquaint itself and cope with the unknown or the unexpected.

Author Grigoris Lazarakos
Managing Partner of L & L Law Firm
Associate Professor of Constitutional law at the Hellenic Army Academy
DPO at the Hellenic Parliament