Pre-event / VICI
Privacy protection in the 21st century
New concepts, theories, and applications
Symposium 14 May 2019 & VICI panels 15 May 2019
In privacy protection, the traditional distinction between private and public physical spaces is becoming less useful in determining what really is protection-worthy. The walls of the home are ‘evaporating’ and it is becoming increasingly more difficult to use them to shield in-home activities. At the same time, through ubiquitous datafication and mobile devices, the home itself has lost its privileged role as the primary place of private life. Many people carry more private information in their pocket than could be revealed by a thorough search of their home. Public space and digital spaces are thus becoming important places for private life, while also becoming subject to increasingly omnipresent and sophisticated surveillance.
These challenges bring forward a number of interesting questions. What are the various aspects of private life that deserve protection in the 21st century? Can spatial approaches to privacy protection remain useful going forward? If the place-based boundary no longer works, can we identify a core of privacy which should receive a more robust protection? Can we ‘recreate’ the physical architecture that delimits a protected private sphere in digital space? How should we protect privacy in public spaces?
These questions have been addressed in the NWO-funded VICI project Privacy in the 21st century. Finding a new paradigm to protect citizens in the age of ubiquitous data (2014-2019), led by prof. Bert-Jaap Koops. We will present the project’s results at this final symposium and continue the discussions in three VICI panels at the TILTing 2019 conference.
Symposium 14 May 2019
In the final closing conference of the VICI project, the VICI team will present the project’s findings and conclusions. These will be discussed by international scholars (Lyria Bennett Moses, Roger Brownsword, Lee Bygrave, Francien Dechesne, Michael Froomkin, and Seda Guerses) and the audience.
- Privacy typology and surveillance theory
- Content approaches: the core of privacy and mosaic spheres theory
- Spatial approaches: home 2.0, the digital home, and computer castles
- Application spaces: surveillance in public, Dutch criminal procedure, and laws of nature
The full program can be found below.
This VICI symposium on 14 May 2019 is free of charge. You can register for the pre-event VICI symposium here.
Program VICI panels - 15 May 2019
10:45-12:15 Session 3G: VICI Panel 1. Space and its contents: protecting privacy through the ‘containers’ or the ‘contents’ of private life?
Privacy is usually protected in the law through proxies. Often, the law uses as proxies certain ‘containers’ of private life, for instance protection of homes and communication channels, which protect these spaces regardless whether the contents are privacy-sensitive in particular cases. Proxies can also be content-related, protecting the substance of private life and using proxies to capture this substance; for instance, data protection law protects all personal data qua personal data (even if the data are not privacy-relevant) and protects “sensitive” data using as proxy “special categories of data”, while criminal law protects certain categories of secrets and of confidential communications. Both approaches are useful, but neither can capture privacy perfectly: the proxies are only approximations of privacy, often being both too broad (covering also privacy-irrelevant cases) and too narrow (failing to cover certain privacy-relevant cases). This panel – the first of two panels in the context of Bert-Jaap Koops’s VICI project on ‘Privacy in the 21st century’ – will discuss the different approaches in law to protecting privacy and the pros and cons of ‘container’ and ‘contents’ approaches, applied to contexts of contemporary privacy challenges.
Moderator: Jaap-Henk Hoepman
10:45 Bert-Jaap Koops
Three approaches to privacy protection: containers, contents, contacts
Abstract: In this presentation, I present a general framework of how the law tries to capture privacy in terms that are both sufficiently general to provide flexibility and sustainability, and at the same time sufficient clarity and legal certainty to be meaningful in everyday practice. Three types of approaches – focusing on the containers, contents, or contacts of private life – are presented, with examples of traditional proxies for privacy protection (such as home, sensitive data, and professional privilege) and examples of new proxies that may better capture privacy in the 21st century.
11:05 Vlad Niculescu-Dincă
Thinking geologically about privacy protection in cyberspace
Abstract: For promoters of ‘smart cities’ the vision implies, amongst others, thick digital infrastructures enabling dynamic and efficient governance of urban ecosystems (Kitchin 2013). This kind of vision presupposes networks of sensors and actuators seamlessly gathering and communicating large amounts of data about the environment and urban dwellers. This paper argues for a new dimension of investigations and proposes a set of insights from geology and sedimentology to help us grasp the various phenomena in smart urban ecosystems and develop new approaches to privacy protection in cyberspace. Firstly, the paper makes the argument for a geological approach to digital infrastructures. Geology cannot be understood as a domain outside social, political and ethical influences, thus warranting the conceptual undertaking to bring these disciplines closer. Secondly, the paper places the approach in the STS tradition and shows its added value to the understanding of digital infrastructures. I argue that geology offers a rich vocabulary and principles for understanding various phenomena with various degrees of dynamism and depth in digital infrastructures. I have shown elsewhere how the layers of software code in policing profiling algorithms can present phenomena of settling, debris, deposition, accumulation, sedimentation or volcanism with significant potential for privacy harms and the erosion of presumption of innocence. Thirdly, the paper offers a step in this direction by developing, clarifying and adapting the notion of sediment traps in a descriptive, methodological and normative sense. Echoing the protective bubble or membrane, the notion of sediment traps taps into the conceptual reservoir of geology, sedimentology and civil engineering to offer a rich set of insights, knowledge, practices, and principles that can be translated to privacy protection.
11:25 Heleen Janssen
Responsibility in Personal Data Stores. Imperfections and implications for users, platforms and third parties
Abstract: Users generally lack control over their personal data when it comes to many popular internet services. Yet, the risk of privacy-harming data breaches and the fact that personal data is currently often used to influence user behaviour has led to the development of tools to empower users to regain control over their personal information, in theory strengthening users’ data protection, privacy or monetisation opportunities. Personal Data Stores (“PDS”) are one such variety of these tools, providing users with a physical or virtual device within which users themselves capture, aggregate, and control third party access to and transfers to third parties of personal data. This paper explores the limits and problems with the PDS approach. The paper considers how responsibility from a GDPR-perspective is assigned in the context of PDSs, and considers whether the purported empowerment of users indeed offers solutions for the challenges posed by current, ‘centralised’ models of data processing. The responsibilities of two other key stakeholders involved in the PDS ecosystem – the PDS-platform and third parties (as recipients of the distributed personal data) – are also examined. Since PDSs represent an emerging technology, clarification as to the meaning and means for ‘empowerment’ and ‘control’ will bear impact on any analysis. As PDS technology continues to develop and proliferate, potentially providing an alternative to centralised models, we identify urgent legal issues which require consideration.
11:45 Questions and general discussion
14:00-15:30 Session 5G: VICI Panel 2. Surveillance, criminal investigation and privacy: perspectives from different cultures
This panel – the second panel in the context of Bert-Jaap Koops’s VICI project on ‘Privacy in the 21st century’ – will discuss challenges of safeguarding privacy in the context of surveillance and criminal investigation. A general challenge is how to distinguish between major and minor privacy intrusions, now that classic yardsticks (such as distinctions between private places and public places, or between inside and outside of the body) have become less meaningful to assess the privacy impact of surveillance activities. More specific challenges are, for example, how to safeguard privacy in contexts of computer searches, covert remote searches, surveillance in public space, and access to data stored with service providers. Every jurisdiction faces these challenges, but they come up with different answers and approaches to address them. Comparative outlooks are fruitful for law-makers and researchers who consider these issues within their own jurisdiction, as examples from different countries and cultures may provide inspiration and inspire out-of-the-box thinking. This panel features three perspectives from different jurisdictions and cultures, illustrated with various technological developments in criminal investigation and surveillance.
Moderator: Bo Zhao
14:00 Nupur Chowdhury
Differentiating between Privacy Infractions
Abstract: The Supreme Court of India in 2017 confirmed the right to privacy as a fundamental right protected under the Constitution of India. This was first applied to review a claim that the aadhaar project (providing unique identity numbers to all residents in India based on their biometric details (iris scan and finger prints)) was in violation of the right to privacy. The Court upheld the aadhaar project. The aadhaar judgement of the Court reflects its failure to appreciate the current reality of how information is collected, stored and shared. In this context it is necessary to reconceptualize the right to privacy and develop a more robust standard of review by Courts in assessing privacy claims. I develop this argument in the four following steps. First, right to privacy should be given the status of non-derogable and non-alienable fundamental right. Second, not all privacy claims are of similar value and do not deserve equal constitutional protection. Privacy violations can be categorized into two different species - privacy takings and privacy intrusions. Third, privacy takings both by the State and by non-state actors should be prohibited as a general rule, and consideration should be given to cumulative impact of practices rather than a specific instance related to the privacy claim. Fourth, it is important to highlight the normative foundations of the right to privacy in terms of the physical, decisional and informational aspects that it seeks to protect.
14:30 Jakub Harašta
Technology, Privacy and Criminal Law: Understanding the Change in the Czech Republic
Abstract: Technology changes, and rapidly so, and with it changes the understanding of the concept of privacy. However, written law lags behind both technology and concept of privacy. This submission aims to discuss the danger of a covert change of the scope of privacy caused by the interplay between a rapidly changing technology environment and the static legal framework. In this presentation I will ask how the old legal rules in the Czech Republic apply to the new game formed by a wide availability of IT, encryption, big data analysis and artificial intelligence. I will focus on five criminal procedure institutes that are currently being used to access electronic data: obligation to comply with request, seizure of property, interception of electronic communication, data retention, and surveillance of people and things. These provisions served widely different purposes when first formulated and later re-formulated, however now they all play a significant role in obtaining electronic evidence for the purpose of criminal procedure. By mapping their development over time, I will show the back and forth game of balancing the needs of criminal investigation with existing privacy requirements.
15:00 Maša Galič
Stratumseind 2.0, Living Labs, and Preserving Privacy in Smart Cities
Abstract: Smart cities and living labs are a common sight in cities around the world, including the Netherlands. Stratumseind 2.0 and its living lab (LL) in the centre of Eindhoven are an illustrative example of such initiatives. The two main goals of the LL (organised in the form of a public-private partnership) are to improve safety on the Stratumseind street through digital technology and to turn this type of cooperation into a business model. However, with the widespread deployment of networked technologies in public space, the possibility of achieving privacy in public space (PiP) is becoming increasingly difficult. By examining the surveillance techniques within the LL, I identify the main dimensions and types of PiP that are at risk (based on the typology of privacy by Koops et al. 2017). This analysis shows that in the context of PiP the ‘self-development’ (or ‘freedom to’) dimension of privacy is at the fore (particularly the associational and behavioural types of privacy), which has an important value not only for the individual but equally so for society and democracy more broadly. However, the deployment of surveillance technologies in public space other than video cameras is hardly regulated in the Netherlands (at least, beyond data protection law). Based on this analysis, I try to identify which combination of regulatory means, exploring tools beyond the law, are best suited to address the identified privacy challenges.
Program VICI symposium – 14 May 2019
Please find the program for the VICI symposium “Privacy protection in the 21st century -New concepts, theories, and applications” on the 14th of May 2019 here.
The Symposium on 14 May 2019: TZ 9, Tias Building, Tilburg University
The TILTing conference on 15-17 May 2019: DZ 1 - DZ 8 , Dante Building, Tilburg University