Database Reference
In-Depth Information
while an important human right in itself, is oftentimes more a means than an end.
By limiting access and use of data via the right to informational privacy and data
protection (the
means
), we limit the possibilities for misuse and abuse of these
data, thus protecting interests such as personal autonomy, reputation and equal
treatment (the
ends
). For instance, the right to privacy in the context of govern-
ment surveillance is aimed at protecting personal autonomy: because knowledge is
power, less information about citizens means less power for governments. In the
context of processing data about an individual's race or religion the primary inter-
est is not privacy protection, but rather equal treatment and/or avoiding discrimi-
nation: by not allowing racial information to be processed, it will be impossible to
discriminate on the basis of these data. So by regulating the use of personal data,
we mitigate possible risks and protect underlying goals (i.e., the moral reasons for
data protection).
While this approach has proven useful, it also has its limitations. The binary na-
ture of data protection law (it either applies, or it does not) also means that there
are few possibilities to differentiate in the application of data protection legisla-
tion. On the one hand this may mean that too strict a regime is applied to 'mun-
dane' privacy issues, while serious issues such as discrimination do not get the at-
tention they deserve and are only treated as data protection issues. Moreover, too
strong a focus on data protection may draw away our attention from alternative
(legislative) solutions that provide more protection for individuals and groups as
well as take into account the interests of the profiler.
7.7 Shifting the Focus in Data Protection Law
We have seen that the EU Data protection directive is quite expansive in its scope
because of the broad interpretation of the concept of personal data, which may be
troublesome. As such, we may conclude that there are limits to the effectiveness
of data protection law in the context of profiling. Nonetheless, privacy and data
protection law provide an important barrier against privacy intrusions and there
are compelling moral reasons for protecting personal data. Therefore it is worth-
while to explore how we can make privacy and data protection law more effective,
particularly in the context of profiling.
7.7.1 Differentiation in Data Protection: Data Centric Approach
A first option to make data protection law more effective is to differentiate in the
application of data protection law based upon the data being processed. Depending
on factors like the type of data processed, the likelihood of identification, and the
scope of the data processing exercise we could set different standards of protec-
tion. When it comes to the appropriate (legal) safeguards, we could for instance
employ a light regime that focuses on transparency, data quality and data security,
possibly linked with stronger
ex-post
protection mechanisms, for data that is not
easily identifiable; and a stronger regime that employs all the (ex-ante) safeguards
of the data protection directive for data with a clear link to an identified person.
Search WWH ::
Custom Search