| Summary: | <p>It has often been stipulated that data protection has a focus on the information part of privacy. It is more narrow than privacy as such, but gives more specific rules and requirements for the legitimate processing of personal data. These requirements include adequate measures for the protection of data, at an organizational as well as a technological level. This is where information security touches upon data protection directly.</p><p> Privacy, as said, has a broader scope, and its roots are closely related to individual autonomy, human dignity, and bodily integrity (e.g. Koops et al. 2016). This is the reason why certain technologies have long been backfired in its adoption, as they were considered to be too infringing upon privacy. A telling example is the use of biometrics, such as fingerprints scanning and facial recognition (e.g. Sherman 2005).</p><p> Strikingly, biometrics are now gradually becoming more commonplace. Applications in the field of national security are well-known. Think, for instance, of the US Border Customs, where fingerprints and a photo are taken when entering the country (Dimitrova 2016). But these technologies are also getting used for information security purposes, such as fingerprints for unlocking smartphones, but also face images (selfies) in relation to eID solutions. Biometrics become a technological means to protect personal data by controlling access to information and accounts.</p><p> What we see is that a technology which has always been considered highly infringing upon privacy is now getting used as a technological measure for data protection. And if, despite the sometimes disputable quality of biometrics, this becomes a state-of-the-art measure for protection of personal data, data protection laws may require an infringement on privacy for the benefit of data protection. This is paradoxical, and may in the end result in data protection becoming the prevalent standard, which pushes privacy more and more to the background. A tension arises between data protection and privacy, which are both recognized as fundamentals rights in itself in the EU Charter of Fundamental Rights.</p><p> There is a need to rethink data protection practices with privacy as the underlying concept in mind. And to work on innovative solutions that protect personal data as well as privacy. This paper contributes to the existing literature, by taking the privacy versus security debate as a starting point and then moving to security measures being used for data protection purposes. The tension between data protection and privacy that follows has not been described so far.</p>
|
|---|