Privacy, data protection and mass surveillance in democratic societies: challenges for pluralism and the approach of courts
In a world where security threats are constantly impending – let’s just think of international terrorism, one of the main challenges for all countries after 11 September 2001 –, a need to continuously check and monitor the behavior of the population started to be perceived at the political level. It is at least twenty years since mass surveillance has been one of the top priorities of governmental agendas all over the world. The need to prevent the commission of terrorist acts – rather than just punish them after they have already brought death and destruction – prompted sophisticated surveillance tools, whose application finds its legal basing in increasingly harsh pieces of legislation. And, what’s more important, the development of surveillance legislation goes hand in hand with the fast evolution of technology that characterized the last twenty years.
While, on the one hand, resort to mass surveillance is considered a useful and even essential tool to prevent the threat of terrorism – as well as some other security threats – on the other hand, a number of rights and freedoms are put under stress. Privacy and data protection are the most evident ones, but one can also think of freedom of expression – as surveillance can trigger a sort of “chilling effect” – and the principle of non-discrimination – since surveillance tools tend to “profile” individuals and come up with a “pattern” of persons who are more likely to be involved in terrorist activities. Some problems arise under the perspective of the presumption of innocence, too, as mass surveillance addresses the whole population, treating everyone as a “suspect”. The employment of advanced technology, then, makes things even more complex, as the use of intelligent algorithms and other automated tools often amplifies the risks that have been mentioned. In a pluralistic, democratic society, this scenario results in the need to strictly “guard the guardians”, meaning to check that these measures do not infringe the very essence of pluralism and, consequently, of democracy.
Against this background, courts have had a voice, and it is a strong one. Not only the European Court of Justice (ECJ) and the European Court of Human Rights (ECtHR), but also some domestic top courts – both constitutional and supreme ones – have addressed the issue. This focus exactly aims at offering an overview of their stances. A common feature of these rulings – starting from the landmark Digital Rights decision of the ECJ – is that they accept that mass surveillance, although recognizing that it strongly interferes with privacy and data protection rights and, to some extent, they may challenge also basic democratic principles, such as the principle of equality and the presumption of innocence. Yet courts – especially supranational ones, i.e. the ECJ and the ECtHR – have elaborated refined interpretations – even considering very technical aspects of surveillance – to strike a balance between the need to protect public security (and, ultimately, ensure the survival of the state community) and the safeguards for rights, freedoms and, in one word, democracy.
European courts – meaning both supranational and domestic ones – have walked (and are still walking) through a path that might lead to a new reading of privacy and data protection guarantees, especially as far as their relationship with pluralism and democracy is concerned and having regard at the increasing digitalization of every human activity. This stance is noteworthy and very welcome in democratic societies. As a matter of fact, if, on the one side, public authorities – such as governments – feel the pressure of safeguarding their citizens' security, on the other side courts have to stay firm on their role of “bulwarks” of rights and freedoms, stemming potential drifts of public powers. And given that terrorism is a “global” threat, “global” approaches – and so, among others the fact that supranational courts address the matter – are necessary.
(Focus by Chiara Graziani)
Z. Bauman, D. Bigo, P. Esteves, E. Guild, V. Jabri, D. Lyon, R. B. J. Walker, After Snowden: Rethinking the Impact of Surveillance, in 8 International Political Sociology (2014), 121-144
D. Cole, F. Fabbrini, Bridging the Transatlantic Divide? The United States, the European Union, and the Protection of Privacy across Borders, in 14 International Journal of Constitutional Law (2016), 220-237
O. Lynskey, The Data Retention Directive is incompatible with the rights to privacy and data protection and is invalid in its entirety: Digital Rights Ireland, in Common Market Law Review (2014), 1789-1812
R.A. Posner, Privacy, Surveillance, and Law, in 75 University of Chicago Law Review (2009), 245-260
D.J. Solove, P.M. Schwartz, Privacy, Law Enforcement, and National Security, Wolters Kluwer, 2021
I. Tourkochoriti, The transatlantic flow of data and the national security exception in the European data privacy regulation: in search for legal protection against surveillance, in University of Pennsylvania Journal of International Law (2014), 459-520
A. Vedaschi, The European Court of Justice on the EU-Canada Passenger Name Record Agreement: ECJ, 26 July 2017, Opinion 1/15, in 14 European Constitutional Law Review (2018), 410-429
V. Zeno-Zencovich, Intorno alla decisione nel caso Schrems: la sovranità digitale e il governo internazionale delle reti di telecomunicazione, in Il diritto dell'informazione e dell'informatica, 2015, 683-696