July 3, 2015
A National Balancing Act: Security of a Country and Privacy of the Individual
By Giovanni Buttarelli
European Data Protection Supervisor

In 1755, Benjamin Franklin wrote, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

The concept of security has a longer heritage than that of privacy. But the historic and linguistic roots of security lie not in the state watching over its citizens, but rather in the desire of the individual to be free and without care (sine cura). Privacy, likewise, is about being left alone – and we have Americans to thank for the early evolution of that concept, with its origins in several amendments to the U.S. Constitution.

So, in fact, security and privacy are very similar ideas. Both concepts contain, at heart, the individual, and the ability to live one’s life in dignity, free from interference from others, and particularly from the state.

But today, security is a highly contested notion. And the danger with contested notions is that every serious problem gets presented as a security problem for the state to fix – increasingly by covert means, and typically by more intrusive forms of surveillance. (Remember Edward Snowden’s disclosures, in 2013, of massive global surveillance?)

I fully recognize the need for appropriate action and legal measures, particularly in the wake of terrorist incidents. Fighting crime and terrorism are of course legitimate objectives and data protection authorities like the European Data Protection Supervisor are not prima facie for or against any specific measure that interferes with the right to privacy and involves handling large volumes of personal information.

However, there is little evidence that mass surveillance prevents terrorist attacks and that giving up privacy results in greater security. Indeed, greater security does not require the loss of privacy. It is time that nations move beyond the false fad of discussing security vs. privacy and focus on implementing laws that take into account privacy rights as well as the indisputable need to fight terrorism.

Individuals are persuaded to disclose personal information in order to minimize real or perceived risks. The result is an increased intrusion into our privacy, which in turn changes the relationship between the individual and the state and the relationship between citizens.

It is time for a real debate on security and privacy – one that considers the evidence of their necessity.

According to U.S. counterterrorism officials, more than 20,000 foreign fighters from over 90 countries have gone to Syria. Many have returned to their home countries and are suspected of involvement in terrorist activities there. I have invited members of the European Parliament to consider whether and how blanket state access to passenger name records is relevant to the threat posed by a few hundred of the 3,000 European Union citizens that make up the numbers.

We need sustainable and long-term policies that are true to the fundamental rights and freedoms that we all value.

Surveillance should enhance – not undermine – trust in democratic institutions. Governments need to justify why any massive, non-targeted, and indiscriminate collection of individuals’ data is really needed.

In order to protect our fundamental rights in a world of big data, we need to defend our data protection principles. These are the same principles that demand that the state and its security and law enforcement arms access and use personal information proportionately, with the maximum possible transparency without compromising their legitimate goals of protecting the public. Transparency should be reinforced to ensure an end to secret profiling and should include the disclosure of decision-making logic.

Let us not forget that the right to privacy is laid out in Article 12 of the Universal Declaration of Human Rights. The strength of democracy lies in the preservation of our rights and freedoms.

Giovanni ButtarelliGiovanni Buttarelli is the European Data Protection Supervisor (EDPS). The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy, and cooperating with similar authorities in the EU and globally to ensure consistent data protection.