09.7 a Comparative Report with Regard to the Respective Case
Total Page:16
File Type:pdf, Size:1020Kb
SIAM Security Impact Assessment Measures WP 9 Legal Frameworks – Regulative Techniques Deliverable D9.7 Report on the Legal Framework of T h e i n t e rdisciplinary the Use of SMTs at EU and Research Group on International Level L a w , S c i e n c e , Technology & S o c i e t y Vrije Universiteit B r u s s e l Project number 261826 Katja de Vries Call (part) identifier FP7-Security-2010-1 P r o f . D r . M i r e i l l e Funding scheme Hildebrandt Collaborative Project 1 Table of Contents List of figures…..…………………….........................................................................…....... p. 7 List of tables in the annex………………………………………………………………............…......... p. 8 Summary ………………………………………………….……………………………………............…......... p. 9 Chapter 1. The legal compatibility of SMTs – a broader view in a double sense …. p. 11 1.1 A broader view in terms of the legal framework …..………………………....... p. 14 1.1.1 Legal norms do not exist in isolation: law as a “system” or “legal totality”...................................................………..... p. 14 1.1.2 The legal framework of the Council of Europe (CoE) – and why it of specific importance to the SIAM assessment process. ...................................................…………........... p. 28 1.1.3 The EU legal framework - and why it of specific importance to the SIAM assessment process.……………………….......... p. 29 1.1.4. Fundamental Right Impact Assessment and Legal Protection by Design in the EU legal framework (with special attention to their role in Data Protection)............................................................ p. 31 (a) LPbD in EU data protection: Data Protection by Design ... p. 32 (b) IA in EU data protection: Data Protection Impact Assessment (DPIA)……………………………………………………..… p.. 36 (c) IA and LPbD with regard to other fundamental rights… p. 38 2 1.2 A broader view in terms of the relation between SMTs and legal normativity: KORA as one particular form of Legal Protection by Design (LPbD) .......................................................….................................................. p. 39 1.2.a. Theoretical assumptions underlying the designing of norms into the architecture of an SMT.……..………............................. p. 41 1.2.b. The particularities of designing legal norms, especially those expressing fundamental rights, into SMT architecture........... p. 43 1.2.c. Assessing how the notions “privacy by design” and “privacy by default” fit in the broader field of LPbD........................... p. 44 1.2.d. Assessing how the KORA method fits in the broader field of LPbD....................................................................................... p. 46 Chapter 2. The legal frameworks of fundamental rights of the Council of Europe and the EU. Assessing the legal compatibility of SMTs with European fundamental rights (examples: Smart CCTV and Passenger Profiling) and inferring LPbD implications from them (example: Smart CCTV) ……………………….......................................................... p. 48 PART 1: General observations about the legal frameworks of fundamental rights of the Council of Europe and the EU. 2.1 Some general observations……………..……………………………………………..…. p. 50 2.1.1 The relation between D4.2 and D9.7..................................... p. 50 3 2.1.2 Fundamental rights – some introductory remarks………………….. p. 51 2.1.3 Smart CCTV and Passenger Profiling – two examples that are looked at in more detail..................................................................... p. 51 2.2 Differences in legal effect of (i) the European Convention of Human Rights, (ii) Convention 108, (iii) the EU charter of Fundamental Rights and (iv) EU Directives, Framework Decisions and Regulations ……………..…................. p. 57 2.3 Proportionality and Fair Balancing.........……………………........................ p. 65 2.3.1 In the case law of the EHtHR and ECJ..................………………… p. 65 2.3.2 In LPbD and IA......................................................................... p. 73 2.3.3 Proportionality in the quadruple structure of the legal compatibility analysis in 2.4 and 2.5................................................ p. 77 2.3.4 A typology of technological and organizational design implications...................................................................................... p. 79 PART 2: Fundamental rights of the Council of Europe and the EU. Assessing the legal compatibility of SMTs with them (examples: Smart CCTV and Passenger Profiling) and inferring LPbD implications from them (example: Smart CCTV) 2.4 Council of Europe: the ECHR....………………………………………………………... p. 83 a. Art. 2: Right to life b. Art. 3: Prohibition of torture c. Art. 5: Freedom from unlawful detention 4 d. Art. 6: Presumption of innocence and fair trial e. Art. 8: Respect for private and family life: f. Art. 9(1): Freedom of thought, conscience and religion g. Art. 14: Prohibition of discrimination with regard to the exercise other human rights 2.5 The EU: the EU charter of fundamental rights and secondary legislation with regard to the protection of fundamental rights……………………………....…..... p. 116 2.5.1 The EU Charter for Fundamental Rights (CFREU)................... p. 118 a. Art. 1: Human dignity b. Art. 2(1): Right to life c. Art. 3(1): Right to the integrity of the person d. Art. 4: Prohibition of torture and inhuman or degrading treatment e. Art. 6: Right to liberty and security f. Art. 7: Respect for private and family life g. Art. 8: Protection of personal data h. Art. 10(1): Freedom of thought, conscience and religion i. Art. 21: Non-discrimination j. Art. 24(2): The rights of the child k. Art. 25: The rights of the elderly l. Art. 26: Integration of persons with disabilities m. Art. 35: Health care n. Art. 45(1): Freedom of movement o. Art. 47: Right to an effective remedy and to a fair trial p. Art. 48: Presumption of innocence and right of defense 2.5.2 EU secondary law with regard to Fundamental Rights............... p. 134 5 (a) Data Protection……………………………..…………………….......... p. 134 Data protection Directive 95/46/EC Framework Decision 2008/977/JHA Proposed General data protection Regulation Proposed Law Enforcement Data Protection Regulation (b) Anti-discrimination.............................................……….................... p. 146 Racial equality Directive 2000/43/EC Employment equality Directive 200/78/EC Gender Recast Directive 2006/54/EC Gender Goods and Services Directive 2004/113/EC Proposed Equal Treatment Directive COM (2008) 426 (c) Freedom of movement..........................................................…....... p. 152 Directive 2004/38/EC on the right to move and reside freely Annex………..…………………………………………….………………………............…........................ p. 154 Internet resources of relevant legislative texts at the European level for the SIAM Database (organized according to the freedom infringement typology presented in D4.2)…………………………………………………………………………......................... p. 164 Bibliography…………………………………………….………………………............…........................ p. 169 6 List of figures Fig. 1 – How in D9.7 the “background” of D9.2-D9.6 and D9.8 is foregrounded…… p. 13 Fig. 2 – The inductively inferred Freedom Infringements of D4.2 mapped against some of relevant rights and legal instruments of the EU and CoE legal frameworks...................................................................................................p. 27 Fig. 3 – IA and LPbD. Two ways of bringing SMTs and Fundamental Rights in alignment with each other and prevent any clashes between them………....p. 32 Fig. 4 – Discrepancies and overlaps between the categories of sensitive data and the prohibited grounds for discrimination………………………………………... p. 144 Fig. 5 – The different protective scopes for the various prohibited grounds of discrimination...........................................................................................p. 148 7 List of tables in the annex Table 1 – Compatibility of Passenger Profiling with relevant ECHR rights....................... p.155 Table 2 – Compatibility of Smart CCTV with relevant ECHR rights................................... p.156 Table 3 – LPbD for Smart CCTV based on relevant ECHR rights....................................... p. 157 Table 4 – Compatibility of Passenger Profiling with relevant CFREU rights......................p. 158 Table 5 – Compatibility of Smart CCTV with relevant CFREU rights..................................p. 159 Table 6 –LPbD for Smart CCTV based on relevant CFREU rights.......................................p. 160 Table 7 – Compatibility of Passenger Profiling with relevant secondary EU legislation...p. 161 Table 8 – Compatibility of Smart CCTV with relevant secondary EU legislation ..............p. 162 Table 9 – LPbD for Smart CCTV based on relevant secondary EU legislation ..................p. 163 8 Summary In order to assess and/or increase the level of compatibility of SMTs with European fundamental rights, legal normativity has to be translated and articulated into SMT architecture. Legal normativity operates by immanently (re-)constructing the legal framework to which a legal norm belongs:: that is, legal norms are never interpreted in isolation but always in relation to their legal pedigree, to other legal norms and to the specifics of an individual case. Legal normativity functions in a way that is distinctly different from other types of normativity, such as technological normativity, which works through a folding-in or “black-boxing” of its pedigree (e.g., a body scanner “works” independently