Who will win the battle between privacy and cyber security? Is it a real battle or just a fake problem that has emerged on both sides of the Atlantic in order to exert pressure in the data flow debate? Who benefits from fomenting this old conflict between rights and freedoms on the one hand and security, both physics and cyber, on the other? Will the new Privacy Shield and GDPR, the new General Data Protection Regulation, with its principles of privacy by design, accountability and privacy by default, succeed in clarifying, once and for all, the boundaries where national security needs, the safety of citizens and the legitimate defence against terror- ism meet with the enjoyment of fundamental freedoms, such as, just to mention a few, free- dom and secrecy of communications and domestic domicile inviolability? And what will happen to the legitimate interests of the companies processing user data for their different purposes, while maintaining, at the same time, high levels of trust and IT security? Is it right to entrust in- dividuals with job of assessing the validity of a national agency request for data access due to anti-terrorism purposes?
Let’s try to clarify the matter.
- The European legal culture, built on the blood and tears of the many who have had their rights denied by totalitarian regimes, has created antibodies that should be enough, in the- ory, to keep privacy and security in balance in their proper orbits without the risk of large and dramatic collisions.
- In Italy, for instance, the Constitution already embodies the idea of a double guarantee sys- tem, through law and justice, that allows the judiciary and police force to fully carry out their duty, even temporarily compressing rights and fundamental freedoms of citizens in order to prevent and prosecute crimes, without this being considered as an attack on free- dom. National security and that of its citizens is a primary asset that, without the need to resort to special laws, already finds ample provisions in the Constitution, Penal Code, Crim- inal Procedure, Privacy Code, restricting the full and unlimited enjoyment of rights, but only in the presence of stringent requirements and for a limited amount of time. In the light of the above, in theory, the conflict Apple/FBI would not have exploded in Italy and in other EU countries based on civil law jurisdiction. However, things are never completely linear and simple as they might appear.
- First of all, evolving technology represents a constant challenge for laws and rules. However, the technology is in the hands of large multinational private groups, that increasingly tend to legitimacy impose their standards on a transnational basis, constantly stressing the prin- ciples of jurisdiction and sovereignty.
- It is normal that everyone seeks to protect their own interest. But what if, such as the Ap- ple case, a national institution of justice starts to creatively chase technology, requesting access with more and more sensitive and accurate information on each of us? At the same time, in order to avoid the excesses of mass control undertaken by certain intelligence and security agencies, can we afford to allow the big high tech multinationals as ultimate guar- antors of our rights and freedoms?
- Above all, what does not help is everyone going in conflicting directions. We need uniform signals and answers to these challenges. What will happen when the Internet of Things will be really popular and dominate our daily lives? The era of big data is here and we cannot al- low the judiciary, nor intelligence agencies, or private investigators or, worse, hackers, to have indiscriminate access to data collected from thousands of interconnected objects that control our bodies or drive our cars. However, at the same time, we cannot delegate the safeguarding of our rights to private companies that have as their objective the making of profit.
It is therefore time to rethink the relationship between States and the privacy of their citizens, not in an emergency perspective that has led to the signing of the Privacy Shield nor in the con- text of the debate on GDPR. We now need international treaties that put both the individual and internet in the driving seat. These are the indissoluble duo that we must all learn to deal with and legislate for on the basis of our shared European culture. We have got to set aside the end of Schengen or Brexit. Here we need to come together and forge new and enduring part- nerships.