Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

WP1.4 Surveillance Societal and Ethetical Aspects

advertisement 
Grant Agreement number: 313243
Project acronym: SUNNY
Project title: Smart UNattended airborne sensor Network for detection of vessels used for cross border
crime and irregular entrY
Funding Scheme: Collaborative project
D1.4: Surveillance Societal and Ethical
Aspects
Due date of deliverable: 31/08/2014
Actual submission date: 28/08/2014
Start date of project: 01/01/2014
Organisation name of lead contractor for this deliverable: Marlo
Participating: BMT, KEMEA
Duration: 42 Months
Project co-funded by the European Commission within the Seventh Framework Programme (2007-2013)
Dissemination Level
PU
Public
PP
Restricted to other programme participants (including the Commission Services)
RE
Restricted to a group specified by the consortium (including the Commission
Confidential, only for members of the consortium (including the Commission
CO
Services)

SUNNY D1.4: Surveillance societal and ethical aspects
Document Title: Surveillance Societal and Ethical
Aspects
WP:
1
Document number:
T1.4
Main Authors
Org
Frank Conde Tangberg
Marlo
Contributing Authors
Org
David Griffith
BMT
Jan Tore Pedersen
Marlo
Doc. History
Version
Comments
Date
V1
First draft for internal review
23.02.2014
V2
Submitted
28.08.2014
Number of pages:
Number of annexes:
D1.4
Authorised by
66
Page 2 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Contents
CONTENTS ........................................................................................................................................................ 3
ACRONYMS ........................................................................................................................................................................ 4
1. EXECUTIVE SUMMARY ................................................................................................................................................. 6
2. INTRODUCTION ............................................................................................................................................................... 7
2.1 SUNNY Project Objectives .................................................................................................................................... 7
3. INTERNATIONAL REFUGEE LAW AND SEARCH AND RESCUE ....................................................................................................... 8
3.1 Introduction.......................................................................................................................................................... 8
3.2 International Refugee Law ................................................................................................................................... 8
3.3 Search and Rescue................................................................................................................................................ 9
3.4 Rules for Border Surveillance.............................................................................................................................. 10
4. EUROSUR .................................................................................................................................................................. 11
4.1 Overview ............................................................................................................................................................ 11
4.2 Criticism.............................................................................................................................................................. 14
5. THE RIGHT TO PRIVACY AND DATA PROTECTION .................................................................................................................. 17
5.1 Introduction........................................................................................................................................................ 17
5.2 1950 European Convention on Human Rights (ECHR)........................................................................................ 18
5.3 1966 International Covenant on Civil and Political Rights (ICCPR) ..................................................................... 18
5.4 1980 OECD Guidelines ........................................................................................................................................ 19
5.5 The 1981 Council of Europe’s (CoE) Convention for the Protection of Individuals with Regard to Automatic
Processing of Personal Data..................................................................................................................................... 20
5.6 Data Protection Directive 95/46/EC ................................................................................................................... 21
5.7 The Charter of Fundamental Rights (2000) ........................................................................................................ 22
5.8 EC Regulation 45/2001 ....................................................................................................................................... 22
5.9 General Data Protection Regulation .................................................................................................................. 22
5.10 Police and Criminal Justice Data Protection Directive ...................................................................................... 23
6. PRIVACY BY DESIGN ....................................................................................................................................................... 25
6.1 Overview ............................................................................................................................................................ 25
6.2 Business Practices .............................................................................................................................................. 27
6.3 Physical design and infrastructure ..................................................................................................................... 29
6.4 Privacy-Enhancing Technologies ........................................................................................................................ 29
6.5 The Privacy by Design Principles ........................................................................................................................ 32
6.6 Privacy Risk Management .................................................................................................................................. 33
7. LEGAL FRAMEWORK FOR UAV’S....................................................................................................................................... 39
7.1 Introduction........................................................................................................................................................ 39
7.2 International UAS Legal Instruments and Initiatives .......................................................................................... 40
7.3 European UAS Legal Instruments and Initiatives ............................................................................................... 41
7.4 National UAS Legal Instruments and Initiatives ................................................................................................. 43
7.5 U.S Legal Framework for the use of UAS for Border Control .............................................................................. 45
7.6 Recommendations for Test-Sites ........................................................................................................................ 47
8. GENERAL CONCERNS ABOUT UAS USE ............................................................................................................................... 48
9. GUIDING PRINCIPLES FOR SUNNY .................................................................................................................................... 49
10. ANNEX 1: RECOMMENDATIONS MADE FOR OTHER EU PROJECTS .......................................................................................... 52
10.1 OPARUS ............................................................................................................................................................ 52
10.2 PRESCIENT ........................................................................................................................................................ 53
11. ANNEX 2: GUIDING QUESTIONS TO CONSIDER ................................................................................................................... 54
Page 3 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Acronyms
















































ACLU – American Civil Liberties Union
AUVSI - Association for Unmanned Vehicle Systems International
BCR – Binding Corporate Rules
CBP - Customs and Border Protection Agency (USA)
CCTV – Closed Circuit Television
CISE – Common Information Sharing System
CDT - Washington Center for Democracy and Technology
CFREU - The Charter of Fundamental Rights of the European Union
CoE – Council of Europe
CPO - Chief Privacy Officer
DHS – Department of Homeland Security (USA)
DoW – Description of Work
DPA – Data Protection Authority
EASA - European Aviation Safety Agency
EC – European Commission
ECHR – European Convention on Human Rights
ECtHR – European Court of Human Rights
EDPS – European Data Protection Supervisor
ELOS – Equivalent Level of Safety
EP – European Parliament
EPIC - Electronic Privacy Information Center
ERSG - European Remotely Piloted Aircraft Systems Steering Group
EU – European Union
FAA – Federal Aviation Authorities (USA)
FIP – Fair Information Practices
GAO - Government Accountability Office (USA)
HRC – Human Rights Committee
ICAO - International Civil Aviation Organization
ICCPR - International Covenant on Civil and Political Rights
ICO – Information Commissioner’s Office (UK)
IMO – International Maritime Organization
INA - Immigration and Nationality Act (USA)
INOUI - Innovative Operational UAS Integration
JO – Frontex coordinated Joint Operations
LIBE - European Parliament’s Civil Liberties, Justice and Home Affairs Committee
NCC – National Coordination Centre
NIR - Near Infrared
OECD - The Organization for Economic Co-operation and Development
PACE - Parliamentary Assembly of the Council of Europe
PbD – Privacy by Design
PET’s – Privacy-enhancing Technologies
PIA – Privacy Impact Assessment
PII – Personally Identifiable Information
RPAS – Remotely Piloted Aircraft Systems
SAR – Search and Rescue
SES – Single European Sky
TSA - Transport Security Administrator (USA)
UAS – Unmanned Aerial Systems
Page 4 of 66
SUNNY D1.4: Surveillance societal and ethical aspects



UAV – Unmanned Aerial Vehicle
UDHR – Universal Declaration of Human Rights
UNCLOS – United Nations Convention of the Law of the Sea
Page 5 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
1. Executive Summary
This document details issues that need to be taken into account with designing SUNNY capabilities:
a.
Data protection and privacy issues
b.
Privacy by Design (PbD) and the impact of the concept in SUNNY
c.
Current EU border management with examples of irregular migration in specific regions.
d.
Legal and human rights issues
Page 6 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
2. Introduction
2.1 SUNNY Project Objectives
The SUNNY project’s ultimate aim is to contribute to EUROSUR by defining a new tool for collecting realtime information in operational scenarios. SUNNY represents a step beyond existing research projects due
to the following main features:

A two-tier intelligent heterogeneous Unmanned Aerial Vehicle (UAV) sensor network will be
considered in order to provide both large field and focused surveillance capabilities, where the
first-tier sensors, carried by medium altitude, long-endurance autonomous UAVs, are used to
patrol large border areas to detect suspicious targets and provide global situation awareness. Fed
with the information collected by the first-tier sensors, the second-tier sensors will be deployed to
provide more focused surveillance capability by tracking the targets and collecting further evidence
for more accurate target recognition and threat evaluation. Novel algorithms will be developed to
analyse the data collected by the sensors for robust and accurate target identification and event
detection;

Novel sensors and on-board processing generation, integrated on UAV system, will be focus on low
weight, low cost, high resolution that can operate under variable conditions such as darkness,
snow, and rain. In particular, SUNNY will develop sensors that generate both RGB image, Near
Infrared (NIR) image and hyperspectral image and that use radar information to detect,
discriminate and track objects of interest inside complex environment, over land and sea. Alloying
to couple sensor processing and preliminary detection results (on-board) with local UAV control,
leading to innovative active sensing techniques, replacing low-level sensor data communication by
a higher abstraction level of information communication 1.
To ensure that the societal and ethical dimensions are being properly taken into account during the project,
the contributors to this deliverable will participate in the quality assurance processes in the project.
1
SUNNY., 2013., Description of Work.
Page 7 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
3. International Refugee Law and Search and Rescue
3.1 Introduction
SUNNY will take place within the framework of EUROSUR, a recently adopted European Union (EU)
Regulation for Schengen States, which is aimed at guiding the implementation of a structure that will allow
border management to be carried out more effectively, particularly by instructing the participating
Member States to install new and coordinated surveillance mechanisms. These will provide both a
European and a National Situational Awareness Picture, with real-time data provided by a variety of
sources from numerous sectors operating in the maritime environment. Frontex will coordinate efforts
between National Coordination Centres (NCC’s), which will all provide data to Frontex. The Agency will
coordinate surveillance operations to make sure that illegal immigration, the death toll at sea and crossborder crime are all reduced. EUROSUR reiterates that Member States must nonetheless comply with
obligations already assumed through instruments governing the law of the sea, search and rescue, human
rights, international refugee law and protection of data and the right to privacy. The operating mechanisms
and the affirmation of obligations related to data protection, search and rescue and international human
rights/refugee law are important considerations for SUNNY. The project will produce an end-result
(surveillance mechanisms) that must be able to fulfil determined purposes while enabling users to
safeguard fundamental rights of those affected. This requires an understanding of the legal instruments
that govern these issues. On numerous occasions, all the main EU organs have expressed that it is a
requirement to guarantee that the projects they fund, such as SUNNY, facilitate compliance with these
obligations. In order to achieve this, SUNNY partners must understand these legal commitments.
3.2 International Refugee Law
The definition of a refugee is not widely known, but should be understood by everybody involved in
SUNNY. Its definition is found in Art.1 (A)(2) of the 1951 International Convention Related to the Status of
Refugees:
“Refugees have a well-defined fear of persecution due to reasons of race, religion, nationality, membership
of a particular social group or political opinion and is outside of his own country and unable/unwilling to
seek domestic protection”.
It is one’s de facto circumstances, not the official validation of them, which gives rise to the rights
established in the Refugee Convention. This is relevant, as one can imagine a scenario where an UAV picks
up the images of a person on a raft that is sailing towards an EU Member States, and that this person fulfils
the criteria established by the Convention. That person is a refugee once he or she leaves the country
where he or she had a well-founded fear of being persecuted (assuming that his country is his country of
origin or habitual residence and that he is not able to seek protection from these authorities), for the
defined reasons in the Convention, even if he or she has not been recognised by the EU. That person also
has the right not be rejected at the frontier, to be granted entry and to access all the rights in the Refugee
Convention. It is unclear how such rights will be respected, in practice, in the EUROSUR framework,
especially considering the history of rejection and “push-backs” several of the EU Member States have. This
is the reason several experts have expressed fear that the EUROSUR Regulation will be more inclined to
attempt to seal the borders than to respect international refugee law.
It is disappointing that the wording in the EUROSUR Regulation uses the word “illegal immigrant” instead of
“irregular”, considering that the Member States have a responsibility to admit and process any asylum
claim (respecting the assumption of innocence) before attributing an “illegal” status to a person. SUNNY
has chosen the wording “irregular” which is commendable.
Page 8 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
One of the cornerstones in international refugee law is the right to “non-refoulment”. This right is
manifested in Art.33(1) of the Refugee Convention, and reiterated as a non-derogatory right in several
other human right instruments (amongst others, the 1984 Torture Convention) states that:
“No Contracting State shall expel or return (“refouler”) a refugee in any manner whatsoever to the frontiers
of territories where his [or her] life or freedom would be threatened on account of his [or her] race, religion,
nationality, membership of a particular social group or political opinion”.
It is particularly this right that there is a deep concern that could be broken with the implementation of
EUROSUR. Breaking this right normally entails sending a person back to a place where he will be tortured,
executed or otherwise have his or her rights severely violated. No State should receive assistance in
breaking this right. Whenever control is assumed over a migrant by a State, even if it is done
extraterritorially, the State also assumes the legal obligation to make sure the person’s rights are protected
as well (Bankovic vs Belgium in the ECtHR 2). This entails that if, for example, a border management mission
assumes de facto control over migrants at sea, even if it is in the high seas or in a third country, they
assume the human rights responsibilities associated with such control. Therefore, a screening of every
migrant of which control is assumed is necessary to see whether or not this person is a refugee or whether
the person could be in danger of torture or another serious human rights violation (see Sale v. Haitian
Centers Council 3). It is also important to keep in mind that one does not have a right to deny people the
right to leave any country, including one’s own 4.
The scepticism concerning the EU Member States will to actually respect the right to non-refoulment in the
EUROSUR, especially at the southern border, is easy to understand. One has to keep in mind that Italy was
recently sentenced for violating this right by the ECtHR in the case Hirsi Jamaa and Others V. Italy 5.
3.3 Search and Rescue
The obligations set out under the ‘search and rescue’ concept are addressed in several international
instruments. The International Maritime Organization (IMO) established ‘The Convention on Search and
Rescue’ in 1979. In short this instrument establishes it as an international legal obligation to provide aid for
those at sea, independent of their nationality and status. EUROSR, with its massive surveillance, has a
strong potential to strengthen the Search and Rescue operational capability in the region if the political will
to implement this obligation exists.
‘The 1982 UN Convention of the Law of the Sea (UNCLOS)’ establishes that it is an international obligation
to promote the establishment, operation and maintenance of an adequate and effective search and rescue
service. Again, EUROSUR has the potential to strengthen such an establishment and operation.
2
Sperotto., 2006., Beyond Bankovic: Extraterritorial Application of the European Convention on
Human Rights.
3
Supreme Court of the United States of America., 1993., Sale v. Haitian Centers Council
4
International Covenant on Civil and Political Rights., 1966., Art.12(2).
5
European Court of Human Rights., 2012., Hirsi Jamaa v. Italy
Page 9 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The SAR Convention and UNCLOS both affirm that ships should not be subject to undue delay, financial
burden or other related difficulties after assisting persons at sea; therefore coastal States should relieve the
ship as soon as practicable (Ch.5. Reg.7 & Ch.1.3.2.).
The IMO furthermore passed a Resolution (A920 (22)) in which one objective is that ships, which have
retrieved persons in distress at sea, are able to deliver the survivors to a place of safety.
In the SAR Convention Art.1.3.2, the IMO defined “a place of safety”:
•
•
•
as a location where rescue operations ends;
as a place where the survivors safety of life is no longer threatened and where their basic human
needs (such as food, shelter and medical needs) can be met; and
that considerations of well-founded fear of persecution have been respected.
In summary, it is important that EUROSUR and SUNNY helps Members States meet these obligations, but
this will nonetheless rely on political will, which unfortunately, on too many occasions, has been absent. As
a consequence, people have died.
3.4 Rules for Border Surveillance
The EU recently adopted a Regulation that establishes rules for surveillance operations coordinated by
Frontex 6. This piece of legislation helps clarify search and rescue obligations, as it reiterates the right to
non-refoulment, and how to provide more effective mechanisms to identify migrants at sea.
The Proposal states that migrants that are intercepted or rescued on the high seas be disembarked in the
third country from which the ship departed, unless there is a risk of violating the principle of nonrefoulment.
Art.4(1) states that:
“No person shall, in contravention of the principle of non-refoulement, be disembarked in, forced to enter,
conducted to or otherwise handed over to the authorities of a country where, inter alia, there is a serious
risk that he or she would be subjected to the death penalty, torture, persecution or other inhuman or
degrading treatment or punishment, or where his or her life or freedom would be threatened on account of
his or her race, religion, nationality, sexual orientation, membership of a particular social group or political
opinion, or from which there is a serious risk of an expulsion, removal or extradition to another country in
contravention of the principle of non-refoulement.”.
Moreover, it requires border guards to be trained on fundamental rights, refugee law and SAR
6
Europa., 2013., EC Proposal for Regulation concerning Border Surveillance operations.
Page 10 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
4. EUROSUR
4.1 Overview
The EUROSUR Regulation was adopted by the European Union (EU) in October in 2013 7 and is aimed at
enhancing cooperation between national agencies concerned with border management. It will be
coordinated by the EU’s border management agency Frontex. Throughout the EU these agencies will by
using state-of-the-art surveillance technologies to form both national and regional real-time situational
pictures of what is going on at the external borders 8. The Regulation will give an option to deploy advanced
technologies, which include UAV’s to patrol its frontiers 9. Although the Regulation was not adopted until
2013, a roadmap was published back in 2008 and developments were really already under its way before it
was officially adopted. EUROSUR will allow real-time data and intelligence to be shared between various
authorities and operators in the maritime environment through different surveillance tools, such as
satellites or ship reporting systems.
In a press release, EU emphasized that the EUROSUR would prevent the Mediterranean from becoming ‘a
graveyard for refugees’ who try to cross the sea in unseaworthy vessels. The Regulation prohibits violating
the principle of non-refoulment and demands respect for fundamental rights such as personal data
protection. EUROSUR should not be used as an excuse to ignore data protection rights, to seal the borders
or disregard obligations set out in international human rights law 10.
EUROSUR has three primary aims, which are to:
 reduce the number of illegal immigrants entering undetected;
 reduce the death toll at sea; and
 increase EU security by preventing cross-border-crime 11.
EUROSUR will have three different phases of implementation, with eight specific and corresponding steps.
Phase 1: Interlinking and streamlining existing (national) surveillance systems and mechanisms at Member
States level (e.g. National Coordination Centres – NCC).
 Establish a NCC in each Member State with ‘the capacity to provide a situational awareness of
conditions and activities along the external borders as well as all the necessary tools to react
accordingly’. External border Member States should have implemented these NCC’s by the end of
2013, while other participating States will have a chance to complete this task later on.
 Set up a secure computerised communication network to ‘exchange data 24 hours a day in realtime between centres in Member States as well as with Frontex’.
 Increase EU financial and logistical support for neighbouring third countries for the setting up of
border surveillance infrastructure.
7
EUROSUR Regulation.
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.5.
9
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and Drones., p.4.
10
European Parliament., 2013., Press Release., EU border surveillance: MEPs approve EUROSUR operating rules.
11
Erik Berglund, Front., 2010., Presentation ‘UAVs for European Border Surveillance.
8
Page 11 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Phase 2: Development and implementation of common tools and applications for border surveillance at EU
level.
 Conduct research and development to improve the performance of surveillance tools, in particular
earth observation satellites and UAVs.
 Development of shared surveillance tools, with Frontex acting as a facilitator.
 Develop surveillance systems covering the open seas to provide a ‘Common Pre-Frontier
Intelligence Picture’.
Phase 3: Creation of common information sharing environment (CISE) for the EU maritime domain 12.
 Establish an integrated network of reporting and surveillance systems for border control and
internal security purposes covering the Mediterranean Sea, the southern Atlantic Ocean (Canary
Islands), and the Black Sea; common pre-frontier intelligence pictures could be developed to
combine intelligence information with that obtained from surveillance tools.
 Create an integrated network of all European maritime reporting and surveillance systems covering
all maritime activities, including safety, protection of the marine environment fisheries control, and
law enforcement 13.
12
13
Erik Berglund, Front., 2010., Presentation ‘UAVs for European Border Surveillance.
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.15-16.
Page 12 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
EUROSUR is by some being presented as a response to the Arab Spring, but this is not the case. The work
with updating and enhancing the EU’s border protection has been under way for years 14. The EUROSUR
proposal was published in 2011, while its roadmap was issued by the EC in 2008 15. It is but one part of a
broad and long-term policy within the EU that started with the entry of force of the Amsterdam Treaty in
1999, which has extended EU’s powers over national border controls, immigration and asylum policies.
Parallel to this the Member States have called for efficient border policing and a ‘global approach to
migration’, which combined means that there is a demand to prevent the arrival of irregular migrants and,
according to some even refugees, from entering the Union through strong externalized border control.
EUROSUR is a product of these political developments 16.
In 2002 the EU adopted an Action Plan on ‘illegal immigration’, which provided a structure for funding for
migration controls in countries of origin, including border management and expertise, asylum processing
infrastructure, registration structures (databases), reception centres, etc. In 2005, after a migration
summit, the EU extended its approach to include surveillance of the southern borders and Frontex was by
then up-and-running. Transparency about EU’s surveillance has however not been optimal, as evidenced
when it classified the BORTEC study by Frontex, which analysed the EU’s Border Surveillance System. Some
have raised questions in this respect suggesting that BORTEC may have recommended some elements,
which have been included in EUROSUR, such as new airborne sensors. Furthermore, the EU has been
pursuing an ‘Integrated Maritime Policy’ since 2007. EUROSUR will ultimately be part of a more
interoperable surveillance system that brings together existing monitoring and tracking systems used for
maritime safety and security, protection of the marine environment, control over fisheries, control over the
external borders and other law enforcement activities 17.
Hundreds of thousands of migrants and refugees fled the turmoil in North-Africa deriving from the Arab
Spring in 2011, but less than 5% of them actually ended up in Europe. According to experts the problem is
not that Europe is overrun by refugees and irregular immigrants; rather the problem is that they are
concentrated in very few places (i.e. Lampedusa, Greece’s Evros region and Malta), which suffer the burden
of something which should be a common challenge for the region 18. This however, is a problem of Europe’s
own decision-making. The EU has for years aimed at creating a Common European Asylum System (CEAS),
meaning that it would harmonize standards for protection of refugees, provide effective and wellsupported practical cooperation and increase solidarity between Member States and non-members 19. As
part of this, the Dublin II legislation was created, which prohibits asylum seekers from seeking asylum in
another EU country than that of entry to the Union – putting a larger burden to provide protection on the
countries with an external borders, particularly those in Southern and Eastern Europe. In reality, CEAS is no
more than a few pieces of legislation that has not translated into any harmonized standards for protection
nor increased solidarity. It has however concentrated the majority of asylum-seekers in the EU in the
countries at the southern external border.
14
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.8.
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.12.
16
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.13.
17
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.14-15.
18
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.6.
19
Europa., 2013., Asylum (Accessed 20/03-2013).
15
Page 13 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
4.2 Criticism
Several reports by civil society have criticised EUROSUR. Most of these have expressed concerns that
EUROSUR might undermine the rights to asylum and international protection for refugees, as well as the
right to have individual’s data and privacy protected – despite the fact that these rights are actually
protected in the final Regulation.
There seems to be a worry that EUROSUR will be used to identify vessels with irregular migrants who are
then ‘pushed-back’ or rejected at the border. Without proper screening, this will have catastrophic
consequences, as there may be refugees (who by definition have a well-founded fear of persecution) who
could be forced to return to the country of origin where they might face severe human rights violations.
Another risk is that they might be stranded in transit countries (for example Libya), with a poorly
functioning asylum system (or none at all).
The Meijers Committee (Standing committee of experts on international immigration, refugee and criminal
law) has raised several problems with EUROSUR. In a letter to the European Parliament’s Civil Liberties,
Justice and Home Affairs (LIBE) Committee, they raised the following issues with the Proposal, before it was
adopted:




Humanitarian concerns.
The processing of personal data by Frontex.
The risk of exchange of personal data with third states
The possible profiling of migrants 20.
The Heinrich Böll-Stiftung have expressed almost identical concerns, but also added to this a severe
criticism of the decision making process, which they considered technocratic, as it has allowed for the
development of the system and its corresponding expenditure to occur before the legislation was on the
table 21.
The Meijers Committee has, however, expressed support for a uniform legal framework within the EU to
address the arrival of asylum seekers and refugees at the external borders of Europe. The Committee,
therefore, stated their support for the Parliamentary Assembly of the Council of Europe’s (PACE CoE) report
that called for a uniform application of maritime law (for instance responsibility sharing regarding Search
and Rescue zones, the need for an interpretation of the definition ‘distress’, the need for agreement on
disembarkation), abolition of national legislation that deters commercial or civilian vessels from responding
to distress calls, and European responsibility sharing regarding asylum seekers reaching (or trying to reach)
Europe. The Committee uttered particular concerns regarding the effects of EUROUSR on the fundamental
right to asylum, the rights of asylum seekers and refugees and the right to privacy and data protection.
Moreover, they warned against the risks of increased surveillance as this might also increase the human
20
21
The Meijers Committee., 2012., Letter to LIBE regarding EUROSUR., p.1.
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.8.
Page 14 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
costs of undocumented migration: border surveillance, they argued, will have an impact on migration
routes but not on the root causes of migration 22.
The Committee moreover noted that increased situational awareness gives increased responsibility under
international refugee law as well as in the Search and Rescue regime based on the International Convention
on Maritime Search and Rescue 23.
EUROSUR has an ambiguous relation with the right to asylum. The Regulation clarifies that it does not
absolve any Member States of its human rights or its search and rescue responsibilities assumed under
international law. The EU Fundamental Rights Agency has also argued that the ‘best use should be made of
the live-saving potential of the EUROSUR system’. EUROSUR could help bring more people to ‘safety’ but
how to do this is not defined, nor are there procedures for what to do with the people who are ‘rescued’.
Actually, it does the contrary. Art.2.3 of the Regulation states that the EUROSUR shall ‘This Regulation shall
not apply to any legal or administrative measure taken once the responsible authorities of a Member State
have intercepted cross-border criminal activities or unauthorised crossings by persons of the external
borders’. The impact assessment of the Proposal to the Regulation stated that ‘asylum, readmission, and
return’ was out of the scope of EUROSUR. The Heinrich Böll-Stiftung has argued that if the EU has genuine
ambitions to save lives at sea, it must at least specify how EUROSUR will send information or alerts to
Rescue Coordination Centres of the State responsible for a specific Search and Rescue area. This is
something that is included in the 2010 amendment of the Schengen Border Code that includes a provision
in its non-binding annex on ‘Guidelines for search and rescue situations for disembarkation in the context of
sea border operations’. It is important to understand that refugee law cannot be circumvented by equating
interceptions with search and rescue 24.
The Regulation and the EU’s general migration policies could create buffer zones outside of the EU where
cooperation with third countries prevents the departure of migrants and refugees bound for Europe.
Human Rights organizations have challenged the legitimacy of such policies, as they could encourage ‘pushback operations’ that result in the circumvention of the responsibilities under the Refugee Convention and
in particular a breach of the non-refoulment principle 25.
Commissioner Cecilia Malmström argued that in the end it ends up being a question about whether
EUROSUR is merely just being portrayed as a system that will help save migrants at sea or whether it is
simply intended to make the borders more impenetrable. Nor does it address what will happen when there
is a lack of will to aid those in distress, such something with happened in 2011 when 72 people on an
overcrowded boat in the Mediterranean sent out a distress call, were seen by a NATO helicopter and the
Italian Coast Guard, but were given some crackers and water and left at sea to die.
22
The Meijers Committee., 2012., Letter to LIBE regarding EUROSUR., p.2.
The Meijers Committee., 2012., Letter to LIBE regarding EUROSUR., p.2.
24
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.44-45.
25
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.68.
23
Page 15 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The Meijers Committee expressed concerns throughout the development of the Regulation, was that
personal information related to potential asylum seekers might be exchanged with the authorities of third
states from which they are fleeing. Finally, the Regulation’s article 20.5 prohibited this. There still remain
certain doubts as to how this will complied with in practice in a CISE.
The EC is required to make sure that all its proposals comply with the Charter of Fundamental Rights, and
that its implementations of regulations also are in accordance with the Charter. The EUROSUR Regulation
claims that data protection concerns are minimal as the system will not collect large amounts of personal
or biometric data, nor include a central database. However, there will be some personal information
collected, therefore the potential of CISE, and the potential for sharing personal data with third states and
agencies does raise concerns. These can have significant effects on data protection rights and the right to
asylum 26.
Concerns have been expressed regarding the use of UAV’s and other means of aerial surveillance, since
their use has not been very precisely addressed in the Regulation. As mentioned, the EC has stressed that
EUROSUR is not intended to regulate collection, storage or cross-border exchange of personal data. It
argues that EUROSUR will focus on surveillance of geographical areas (borders) and specific activities
(irregular border crossings). Moreover, it stated that ‘the situational picture will as a general rule not
involve personal data but rather the exchange of information on incidents and depersonalised objects, such
as the detection and tracking of vessels’. It does not state how images collected by a UAV, for example,
would be depersonalised and protected and this is a conundrum SUNNY should be investigating.
Incidents involving irregular border crossings of migrants (and other scenarios) could include personally
identifiable information (PII). When a vessel is being tracked, data about ownership of the vessel, its
operators, passengers, crew, agents, etc., is highly likely to be processed27. This could indirectly identify an
individual, and would therefore be PII and invoke data protection rights. Frontex are allowed to use
personal data in the context of Joint Operations (JO), pilot projects, and rapid interventions for the
preparation of risk analyses (in the result of the risk analyses the data must be depersonalized). Heinrich
Böll-Stiftung argues that the European Situational Picture is similar to such a risk analysis. The explanatory
memorandum of the EUROSUR specifies that only in ‘exceptional cases’ may personal data be shared by the
Member States with Frontex, and if such data can be found in a national situational picture, it ‘may be
exchanged between neighbouring Member States only’.
The same organization also expressed concerns that the limitless amount of information, together with the
lack of meaningful oversight on the sharing of data between these parties – implies that ‘mission creep’ is
actually built into EUROSUR from the start – since in CISE – information collected for fishery, maritime
authority, defence, internal security and other sources can be used for other purposes than it was originally
intended 28.
26
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.35.
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.36.
28
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.20.
27
Page 16 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Ultimately, Frontex can use information from satellites and UAVs to supply NCCs with information to help
compose the European or National Situational Picture, but it remains to be seen how the exchange of
personal information will be limited to the correct actors. Furthermore, it could be the case that the UAVS
will fly not only over border areas but also over third countries. Monitoring preparatory activities that
might indicate the departure of potential irregular migrants, in other countries (with a coast of more than
40 nautical miles from the coasts of EU Member States) can happen. Moreover, it is unknown whether
UAVs will have the capacity to recognize persons or process and store personal data, but in SUNNY’s case
this likely to be the case as there are both small and large UAVs being developed. In Frontex’s nine months
study (carried out in 2012) to identify more cost-efficient and operational effective solutions for aerial
surveillance (in particular UAVs with Optional Piloted Vehicles) which could be used for JO, it is indicated
that Frontex will develop and test surveillance tools. These tools are likely to come with very high
resolution optical satellite imagery capable of identifying individuals 29.
The Regulation prohibits the exchange of personal data with third countries that could use this information
to identify persons, or groups of persons, who are at serious risk of being subjected to torture, inhuman
and degrading treatment and punishment, or any other violation of fundamental rights. However, it
remains unclear how this would work in practice, seeing that the exchange of data under EUROSUR with
‘neighbouring third countries’ would take place on the basis of bilateral or multilateral agreements
between the Member State(s) and third countries. This, the Heinrich Böll-Stiftung argue, should be logged
completely to enable national supervisory authorities to properly review the sending of information. They
argue the supervision should be layered so that NCCs are supervised by national Data Protection
Authorities (DPA) and so that Frontex are reviewed by the European Data Protection Supervisor (EDPS) 30.
5. The Right to Privacy and Data Protection
5.1 Introduction
One of the first, if not the first, relevant document to explicitly mention the right to privacy was The
Universal Declaration of Human Rights (UDHR) of 1948. It is the founding document of international human
rights, and its Art.12 states that;
‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to
attacks upon his honour and reputation. Everyone has the right to protection of the law against such
interference and attacks’ 31.
The UDHR is not in itself a binding document, as it is not a treaty, but should rather be considered a
declaration of will (which no State voted against). Nonetheless, through adopting the ‘Charter of the United
Nations’ of 1945 all States agree ‘to achieve international co-operation in solving international problems of
an economic, social, cultural, or humanitarian character, and in promoting and encouraging respect for
human rights and for fundamental freedoms for all without distinction as to race, sex, language, or
29
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.37-38.
Heinrich Böll-Stiftung., 2012., Borderline – EU Border Surveillance Initiatives., p.40.
31
The 1948 Universal Declaration of Human Rights.,Art. 12.
30
Page 17 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
religion’ 32. Therefore all the 193 States who are members of the United Nations are legally responsible for
‘encouraging respect for human rights’. These rights were first codified in the 1948 UDHR.
5.2 1950 European Convention on Human Rights (ECHR)
The right to privacy in Europe as a whole was first established through the adoption of the ECHR. Art.8
deals with protection of private and family life and states that:
‘Everyone has the right to respect for his private and family life, his home and his correspondence’ 33.
The right to privacy is not absolute as exceptions to this right are established in the mentioned article.
‘There shall be no interference by a public authority with the exercise of this right except such as in
accordance with the law and is necessary in a democratic society in the interests of national security, public
safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection
of health or morals, or of the protection of the rights and freedoms of others’ 34.
States are responsible for securing the rights established in these conventions. Individuals who feel that
they have their rights under the ECHR violated have the right to seek remedy 35 with the European Court of
Human Rights (ECtHR), if no domestic remedy is achieved. As one can read from the exceptions to the right
to privacy established in the convention, three important requirements must be fulfilled for there to be
legitimate reasons to interfere with the right to privacy:



The interference must be in accordance with the law, meaning that there is a clear legal basis for
the interference. Such basis must be easily accessible and must meet the standard of foreseeability.
In other words, the law must give clear indications on which terms and conditions public authorities
can interfere. The law must furthermore define the scope and manner of exercise of such a power
clearly enough to ensure adequate protection from arbitrary interference.
Any interference by a public authority into the personal sphere must pursue a legitimate aim,
meaning it must pursue either interests of national security, public safety, economic well-being of
the country, prevention of disorder or crime, the protection of health or morals, or the protection
of rights and freedoms of others.
The interference must also be ‘necessary in a democratic society’, meaning that the interference
must be proportionate.
5.3 1966 International Covenant on Civil and Political Rights (ICCPR)
The right to privacy that was established in Art.12 of the UDHR was subsequently codified in several legally
binding treaties such as the 1966 ICCPR, the 1950 ECHR, and the 1989 United Nations Convention on the
32
The 1945 Charter of the United Nations., Art. 1(3).
The 1950 European Convention for the Protection of Human Rights and Fundamental Freedoms., Art. 8(1).
34
Ibid., Art. 8(2).
35
1950 European Convention for the Protection of Human Rights and Fundamental Freedoms., Art. 13.
33
Page 18 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Rights of the Child and the 1978 American Convention on Human Rights, which are also all legal obligations
to those who ratify them. To exemplify, Art. 17 of the ICCPR states that:
1.
No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or
correspondence, nor to unlawful attacks on his honour and reputation.
2.
Everyone has the right to protection of the law against such interference or attacks.
The article is not terribly specific and leaves room for interpretation. The authoritative treaty body that is
responsible for interpreting the ICCPR is the Human Rights Committee (HRC). The HRC will not only provide
for interpretations through its General Comments, but is also to provide a remedy for violations of the
ICCPR. States are responsible for providing periodical reports on compliance with the ICCPR, which the HRC
will give feedback to. Further, under the First Protocol of the ICCPR, the HRC may receive complaints from
individuals and organizations.
As for the meanings and implications of Art.17 of the ICCPR, the HRC gave its interpretation in General
Comment No.16. The spheres of privacy are as stated in the article; 1) family, 2) home, 3) correspondence
and, 4) unlawful attacks on honour and reputation. Privacy is to be protected whether attacks or
interferences come from State authorities or from natural or legal persons. It is also protected from both
unlawful and arbitrary (even if provided for by law) attacks and interferences. Data protection has been
addressed and the HRC stated that processing must be regulated by law, that data does not reach
unauthorized persons, that collected and processed data are only used for purposes that are in line with
the ICCPR, that people have a right to ascertain which public authority or private individuals or bodies
control their files and to correct or eliminate any information that might be wrong. As we shall see, this
draws the ICCPR towards the ‘Fair Information Practices’ established by other instruments.
5.4 1980 OECD Guidelines
The processing of data is necessary in order for the modern world to progress, to maintain efficiency and to
administer almost every aspect of our life. Regulating information privacy has thus become ever more
prevalent as this development increases its velocity. The Organization for Economic Co-operation and
Development (OECD) established as early as 1980 the ‘Recommendation Concerning and Guidelines
Governing the Protection of Privacy and the Transborder Flow of Personal Data’. This was a framework that
allowed personal data to flow across borders while safeguarding the right to privacy of the individual. These
guidelines are based on eight primary principles:
Collection Principle: Personal data must be obtained by lawful and fair means and where appropriate with
the knowledge and consent of the data subject. Furthermore the collection should be within reasonable
limits.
Data quality principle: Collected personal data must be relevant, accurate, and complete and kept up-todate.
Purpose specification principle: The purpose of collected personal data must be specified not later than at
the time of data collection and must only be used for the fulfilment of such purpose.
Use limitation principle: Data should not be disclosed, made available, or otherwise used for purposes
other than those covered by the purpose specification.
Page 19 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Security safeguards principle: Personal data collected and used should be protected by reasonable security
measures to minimize the risk of unauthorized access, destruction, use, modification or disclosure of
personal data.
Openness principle: There should be a general openness about developments, practices, and policies with
respect to personal data. Means should be readily made available to establish the existence and nature of
personal data, the main purposes of their use, as well as the identity and residence of the data controller.
Individual participation principle: The data subject has the right to obtain information from the data
controller whether his information is being processed, to have his information communicated to him within
a reasonable time, manner and form that is intelligible to him, and the right to challenge data relating to
him, and if successful have it erased, rectified, completed or amended. If collected data cannot reasonably
be made available, the reasons for it must be legitimate and communicated to the data subject.
Accountability principle: Data controllers are accountable for complying with measures that give effect to
the stated principles 36.
These OECD Privacy Guidelines have been used as one of the primary influences in the creation of the
European personal data protection regime 37. These guidelines in themselves are however not binding law.
They are meant to be ‘guidelines’ and are as such ‘soft law’, but have inspired other conventions and
directives that have a binding legal effect, as is the case with the Data Protection Directive in the EU. These
principles are a major part of what is now considered ‘Fair Information Practices’, which SUNNY should take
into account.
5.5 The 1981 Council of Europe’s (CoE) Convention for the Protection of Individuals
with Regard to Automatic Processing of Personal Data
In 1981 the Council of Europe (CoE) adopted the ‘Convention for the Protection of Individuals with Regard
to Automatic Processing of Personal Data’. The aim of the Convention is to ‘achieve greater unity between
its members, based in particular on respect for the rule of law, as well as human right and fundamental
freedoms’ 38. Its purpose is specifically oriented towards respecting the right to privacy with regard to
personal data 39. This instrument is legally binding for all of the ratifying States. This convention is at large
based on the same principles as the OECD Guidelines 40.
36
Schermer, B.W., 2007., p.88-89.
Ibid., p.89.
38
The Council of Europe’s 1981 Convention for the Protection of Individuals with Regard to Automatic Processing of
Personal Data., Preamble.
39
Ibid, Art.1.
40
Schermer, B.W., 2007., p.90.
37
Page 20 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
5.6 Data Protection Directive 95/46/EC
In 1995 the European Union adopted the Data Protection Directive (95/46/EC). The purpose of this
directive was to set up a regulatory framework which seeks to strike a balance between a high level of
protection for the privacy of individuals and the free movement of personal data with the EU, which is
essential to secure efficient business transactions. It sets limits for the collection and use of personal data 41,
and is legally binding for all of the EU Member States.
Equally important is the ‘enforceability’ in that it that it requires all the States in the EU to set up a DPA to
enforce the national law (in effect the national implementation of the Directive) and to provide a remedy
for violations of the Directive 42. These different DPA’s are endowed with powers to investigate, to
intervene, to order blockings, erasure and destruction of data or to impose a definite ban on processing.
Furthermore, if a person’s rights have been infringed, the person could seek remedy in front of national
courts 43. These bodies have not however been as efficient as desired, due to problems with funding and
lack of independence 44. The Directive applies only to data processed by automated means (e.g. computer
databases) and data contained in or intended to be part of a non-automated filing system (e.g. traditional
paper files) 45. It would of course apply to the use of UAVs and video surveillance. All countries in the EU
now have a DPA and it is expected that the countries with which the EU does business will need to provide
a similar level of oversight 46.
The Data Protection Directive is based on the same principles as the OECD Guidelines, only it provides a
specific remedy to persons whose rights have been violated 47. The Directive also sets up a body called ‘The
Working Party on the Protection of Individuals with regard to the Processing of Personal data’ (Art.29
Working Group). This independent body, composed of representatives of each national supervisory body,
has advisory status and can therefore give authoritative interpretations of the directive 48. This body will be
rebranded under the new General Data Protection Regulation, which is aimed at replacing this directive.
This regulation will probably be adopted in 2014.
Exemptions set out in the Data Protection Directive are described in general terms. Whether or not
exemptions apply is usually considered on a case-by-case basis. If exemptions apply, one is exempt from
the requirement:
 to register with the DPA; and/or

to grant subject access to personal data; and/or

to give privacy notices; and/or

not to disclose personal data to third parties.
41
Europa., 2007., Summaries of EU legislation.(Accessed 14th of November 2010).
European Union Data Protection Directive 95/46/EC., Art.28.
43
Privacy International., 2007., Europe. (Accessed 15th of November 2010).
44
Privacy International., 2007., Overview of Privacy.
45
Europa., 2007., Summaries of EU legislation. (Accessed 14th of November 2010).
46
Privacy International., 2007., Overview of Privacy.
47
Ibid.
48
European Union Data Protection Directive 95/46/EC., Art.29.
42
Page 21 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The Directive recognizes that it is sometimes appropriate to disclose personal data for certain purposes to
do with criminal justice, such as for the prevention of a crime and to capture or prosecute offenders for
example. Law enforcement may process an individual’s personal data because they suspect him of
involvement in a serious crime and notifying him would be likely to prejudice the investigation (perhaps
because he might abscond or destroy evidence) then the police do not need to do so. However, the
exemption applies, in any particular case, only to the extent that applying those provisions would be likely
to prejudice the crime 49.
5.7 The Charter of Fundamental Rights (2000)
In the year 2000, the EU adopted the Charter of Fundamental Rights of the European Union (CFREU), which
entered into force in 2009 when the Lisbon Treaty entered into force. Art.8 of the Charter acknowledges
some of the rights set out in the Data Protection Directive. Four important protections are set out:
 The right to have personal data about oneself protected.
 The data must be processed fairly and for legitimate purposes with consent or as established in
some other way by law.
 The data must be accessible to individuals who must also have a right to rectify the data if it is
erroneous.
 An independent authority shall control compliance with the rules set out 50.
These provisions are also in line with the ‘Fair Information Practices’. It is legally binding for all of the
Member States of the EU.
5.8 EC Regulation 45/2001
The processing of personal data by EU institutions and bodies is governed by EC Regulation 45/2001, as
mandated by Art.286 of the EC Treaty. Its objective is to protect the fundamental rights and freedoms of
natural persons, in particular their right to privacy with respect to the processing of personal data.
Furthermore, the institutions and bodies shall neither restrict nor prohibit the free flow of personal data
between themselves or to recipients subject to the national law of the Member States implementing the
Data Protection Directive 95/46/EC. The Regulation also established the European Data Protection
Supervisor (EDPS), under Art.41(F). This body has a consultative status and an influential task of advising
the commission and other EC institutions on proposals for new legislation that can affect protection of
personal data, such as the new General Data Protection Regulation 51.
5.9 General Data Protection Regulation
On the 25th of January 2012 the EC unveiled a draft for a new General Data Protection Regulation that will
replace the Data Protection Directive. The primary reason for this is the varied protection offered by
national interpretations of the Data Protection Directive. When the Data Protection Directive was written
there were not challenges such as social media or cloud computing, so the scenery requires updating of
49
ICO., 2014., Exemptions.
The 2000 Charter of Fundamental Rights of the European Union., Art.8.
51
Privacy International., 2007., Europe.
50
Page 22 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
relevant legislation. The Regulation will provide one single set of rules, as opposed to the different national
legislations, and there will be one DPA depending on where the company is based. It has still not been
adopted and recent negotiations have suffered some setbacks. Fresh negotiations are expected to resume
in mid-2014.
The NGO Privacy International considers that the proposed Regulation goes a long way towards ensuring
that data protection law is capable of adequately responding to contemporary and emerging threats to the
right to privacy. It also ensures a more equal access to these rights for citizens across the EU. Control by
individuals has increased with regards to access, correction and deletion by ensuring that these rights
become meaningful in practice. It strengthens independent authorities (Art.47 and 48), provides better
redress for individuals (Art.73 and 77) and provides a right for associations or organizations who represent
citizens to take collective action. Privacy International are also particularly pleased with the emphasis on
responsibility and accountability of controllers for building privacy in their systems (privacy by design) and
the requirement for breach notifications (Art.23, 31 and 32) 52.
Privacy International has also through the negotiation process highlighted some weaknesses that
undermine the rights of individuals. They argue that the definition and following recital of ‘data subject’
(and therefore personal data) leaves potentials for loopholes for people to be singled out but not
protected. There could be convenient loopholes provided by “legitimate interests” that could allow for
abusive or excessive processing (Art.6). Moreover, further non-compatible use of personal data completely
undermines the use/purpose limitation principle, one of the fundamental pillars on which data protection
is based (Art.6(4)). Provision rights against profiling are weak, they argue, leaving the door open for
discrimination (Art.11, 14 and 20). There is also a lack of restrictions for “public interest” reasons, which are
not properly defined. That could render all the rights and obligations in the Regulation null and void
(Art.21) 53. The relevant article should restrict the use of “public interest” exemptions to specific and welldefined circumstances, such as criminal offences and important economic and financial interests, and it
should also include detailed safeguards and guarantees in relation to the purposes, necessity,
proportionality and categories of data to be processed. Furthermore, the organization argues that a
provision should be added where controllers should not be forced to retain data or take other measures
beyond what is strictly necessary for their original processing purposes in case it was needed for law
enforcement purposes 54.
The adoption is aimed for 2014 and the Regulation is planned to take effect in 2016 after a transition
period of 2 years. It will be applicable to controllers and processors who are located in the EU, and if they
process personal data about EU residents.
5.10 Police and Criminal Justice Data Protection Directive
This Directive will replace the EU’s 2008 Framework Decision, which aimed at providing a horizontal data
protection instrument in the field of data used by police and judicial authorities. It was created to establish
52
Privacy International., 2012., Analysis of EC proposal for a General Data Protection Regulation., p.2.
Privacy International., 2012., Analysis of EC proposal for a General Data Protection Regulation., p.2-3.
54
Privacy International., 2012., Analysis of EC proposal for a General Data Protection Regulation., p.9.
53
Page 23 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
a common level of privacy protection and a high level of security when exchanging data. Moreover, the
Decision is applicable to cross-border exchanges of personal data within the framework of police and
judicial cooperation. The instrument contains rules applicable to onward transfers of personal data to third
countries and to the transmission to private parties in Member States 55.
The new Directive will lay down rules to protect individuals whose personal data may be processed by
‘competent authorities’ for the purposes of ‘prevention, investigation, detection or prosecution of criminal
offences or the execution of criminal penalties’. It aims to harmonize laws regarding data processing by
police and judicial authorities and clarify existing legislative principles. It will be providing access rights to
individuals, the right to information and the right to rectify or delete wrong information or illegally
processed data 56, in line with ‘Fair Information Practice Principles’. There are obviously exemptions to
subject access, but the Working Party argues that these exemptions and limitations are too broad. This, it
argues, should be decided on a case-by-case basis. Moreover, it considers that Data Protection Impact
Assessments (PIAs) should be applied when appropriate 57. Finally, it has stated that there is a need to
further align the powers of the DPAs.
In contrast to the Data Protection Directive which was subject neutral, this Directive introduces a
distinction between the personal data of different categories of data subjects, including suspected and
convicted criminals and victims. The Directive also introduces an obligation to notify the "supervisory
authority" and, in some circumstances, the data subject in the event of any personal data breaches.
The Art.29 Working Party has expressed some concerns about the draft of the Directive in regards to the
use of data of non-suspects, the rights of data subjects and the use of privacy impact assessments and the
powers of data protection authorities 58. It argues that the data of the group defined in Art.5, category E,
which must be understood as having no known relation to a crime or being suspected thereof, should only
be processed under specific conditions and ‘when absolutely necessary for a legitimate, well-defined and
specific purpose’. As it stands they consider the Directive allows law enforcement to process data which is
‘nice to have’ rather than what they ‘need to know’. The Working Party does not question that there could
be purposes for which the processing of non-suspects, but they argue it should be ‘indispensable’ for a
‘legitimate, well-defined and specific purpose’ 59.
The law governing how personal data may be processed by law enforcement authorities, at the moment, is
contained in the current Data Protection Directive 60.
55
EDRI-Gram., 2009., Data Protection Framework Decision Adopted. (Accessed the 3rd of March 2013).
Art.29 Working Party., 2013., Opinion 01/2013 on the Police and Criminal Justice Data Protection Directive., p.4.
57
Art.29 Working Party., 2013., Opinion 01/2013 on the Police and Criminal Justice Data Protection Directive., p.5.
58
Art.29 Working Party., 2013., Opinion 01/2013 on the Police and Criminal Justice Data Protection Directive., p.2.
59
Art.29 Working Party., 2013., Opinion 01/2013 on the Police and Criminal Justice Data Protection Directive., p.3.
60
rd
Out-Law.Com., 2011. (Accessed the 3 of March 2013).
56
Page 24 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
6. Privacy by Design
6.1 Overview
Privacy by Design is a broad concept, aimed at designing privacy and data protection right into any data
processing scheme from the outset. Ann Cavoukian, the Information and Privacy Commissioner of Ontario,
Canada and the Dutch Data Protection Agency developed the concept in the 1990’s. It aims to build Fair
Information Practice principles into the design, operation, and management of the information processing
technologies and systems. The basic idea is to use these principles to design privacy and data protection
into any data processing system from the outset, rather than bolting it on later on, which can be more
expensive and complicated. It is not a compliance-based idea. Rather it proposes the idea of a positive-sum
(instead of zero-sum) motivation, creating a win-win situation for controller/processor and the individual
whose data is being processed, since data is protected and so is the organization (its reputation/credibility
and from litigation).
Information
Technology
Privacy by
Design
Accountable
Business
Practices
Physical
Design and
Infrastructure
Privacy by Design (PbD) has received numerous endorsements by the EC, the U.S. Federal Trade
Commission and has been unanimously adopted as an International Standard by Data Protection
Authorities and Privacy Commissioners. It is by most considered the future of privacy. Forbes declared it
the ‘New Corporate Hotness’ 61. One of the main reasons for the need for PbD, as the Art.29 Working Party
noticed, is that the current Data Protection Directive has not been sufficient in ensuring that privacy is
embedded into ICT. This is why they recommended that PbD be introduced in new data legislation, as it
61
Information and Privacy Commissioner of Ontario, Canada., 2011., A Foundational Framework for Privacy by Design
– Privacy Impact Assessments., Foreword.
Page 25 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
looks like it will 62. Similarly, the Commissioner Viviane Reding also endorsed PbD when she recommended
review of the Data Protection Directive 63.
The EDPS has also called for the compliance with PbD. He argued the need for it to be implemented in two
different ways. First he called for the incorporation of it as a general binding principle, and secondly by
incorporating it in particular ICT areas where privacy risks can be mitigated through adequate technical
architecture and design 64. The EDPS further notes that PbD will be especially important in the area of
freedom, security and justice, in particular in relation to the goals of the Information Management
Strategy, as foreseen in the Stockholm Programme 65. Furthermore, he recommends that the Seventh
Framework Programme and the following ones should be used as a tool to support projects that aim at
analysing standards, ICT technologies and architecture that better serve privacy and more particularly at
the principle of PbD 66.
The Norwegian DPA has also repeatedly insisted that laws and regulations are not enough to secure privacy
and data protection. This has to be further addressed by management in various organizations. It has called
on organizations to use the principles set out in PbD, as they claim that if privacy protections are not built in
to a data processing scheme from the outset, it will be difficult to this afterwards. Furthermore, it called for
an extended mandate for DPA’s to pursue this 67.
The EC does recommend that PbD be considered during the development of Remotely Piloted Aircraft
Systems (RPAS) 68. In its document on Data Privacy and Border Control the British DPA, the Information
Commissioner’s Office (ICO), recommended adhering to the principles of PbD, especially data minimisation,
the employment of privacy-enhancing technologies (PETs) and utilizing privacy impact assessments (PIAs).
This it argues should specifically be applied to technologies such as UAVs, profiling of travellers and future
checkpoints. Such recommendations should be carefully considered in the SUNNY project.
PbD aims to solve a classic dilemma poised as not having solutions. It is the dilemma between security and
privacy. Normally these are viewed as mutually exclusive values where one must prevail over the other.
This can be characterized as a zero-sum mentality. PbD gives a dual protection for both. This has been
branded as positive-sum thinking and awards solutions based on an understanding of both the potential
harm and the proposed benefits that can be attributed to surveillance technologies and other data
processing systems. It is a rejection of the zero-sum mentality where surveillance and security necessarily
comes at the expense of privacy or reversely. Through PbD it is possible to add privacy protecting measures
62
Art.29 Working Party., 2009., Opinion 168 – The Future of Privacy., p.13.
Viviane Reding., 2010., Keynote Speech at the Data Protection Day.
64
European Data Protection Supervisor., 2010., Opinion on Promoting Trust in the Information Society by Fostering
Data Protection and Privacy., p.2.
65
European Data Protection Supervisor., 2010., Opinion on Promoting Trust in the Information Society by Fostering
Data Protection and Privacy., p.9.
66
European Data Protection Supervisor., 2010., Opinion on Promoting Trust in the Information Society by Fostering
Data Protection and Privacy., p.10.
67
Datatilsynet., 2010., Årsmelding (Annual Report)., p.31-32.
68
European Commission., 2012., Working Document – towards a strategy for development of RPAS., p.19.
63
Page 26 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
to surveillance systems without weakening security or the functionality of the system. In this manner all
participants gain by protecting both security and privacy. It is a win-win situation (positive-sum) 69. Essential
to the success is that it is embedded into the design of the processing scheme and that it is designed into
three areas of application; 1) information technology, 2) business practices, and 3) physical design and
infrastructures. For PbD to be an effective approach, it must consider the entire lifecycle of any system or
process that manages personal data. That means from the earliest stage of the system, through
requirements gathering and design, to delivery, testing operations and out until the final decommissioning
of the system 70. Besides being a valuable organizational due diligence exercise, it helps obviate the need for
expensive system design changes and retrofits later on, after an ill-fated disaster has occurred 71.
It is important to make a security Threat and Risk Assessment in the field of information technology (IT),
and to mitigate all the risks identified in this area 72. Policies and procedures should be developed to outline
the acceptable use of IT 73. The organization needs to consider whether a vulnerability assessment and
penetration tests need to be conducted on an on-going basis. Consider whether it ensured that your
information system audit logging functionality has the capacity to generate audit log alerts based on
business rule thresholds and generate routine and ad hoc audit log reports. Monitor and report on system
control and audit logs on an on-going basis 74.
6.2 Business Practices
Sharing of personal data is often a necessary part of an organization’s work, both in private and public
sector. It is increasingly more complex and widespread, with a stronger potential to reveal, often sensitive,
information about our private lives. The public in many cases feel alienated as they do not understand the
processes involved and feel left behind and unable to control their own information 75. Sharing personal
information is probably the primary reason for major privacy breaches, especially within government 76.
Considerations have to be made with regard to the organization’s governance structure, operational and
strategic objectives, roles and accountabilities, policies, information systems and data flows, decisionmaking processes, relationships with and perceptions of internal stakeholders, as well as the organization’s
culture 77.
There are primarily two manners in which information is shared. The first is when two or more
organizations sharing information between them. This could be done by granting access to each other’s
69
Information and Privacy Commissioner of Ontario, Canada., 2009., Privacy by Design – Taking the Challenge., p.1617.
70
Information Commissioner’s Office., 2008., Privacy by Design., p. 7.
71
Information and Privacy Commissioner of Ontario, Canada., 2009., Privacy by Design – Taking the Challenge., p.23.
72
Information and Privacy Commissioner of Ontario, Canada., 2011., A Foundational Framework for a Privacy by
Design Impact Assessment., p.15-16.
73
Information Commissioner’s Office., 2007., Framework code of practice for sharing personal information., p.17.
74
Information Commissioner’s Office., 2007., Framework code of practice for sharing personal information., p.21-22.
75
Information Commissioner’s Office., 2007., Framework code of practice for sharing personal information., p.3.
76
Information Commissioner’s Office., 2008., Privacy by Design., p. 15.
77
Information and Privacy Commissioner of Ontario, Canada., 2010., Privacy Risk Management., p.8.
Page 27 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
information systems or establishing a separate shared database. This could lead to the disclosure of a
limited amount of information on a one-off basis or regularly sharing large amounts of information. The
second involves the sharing of information between the different parts of a single organization, for example
between a local authority’s various departments 78. In any case, a contract or a framework code for the
sharing of personal information must be drawn up in order to clearly divide and award responsibilities for
each step of the process.
The difficulties of sharing data can be illustrated in the ‘silo problem’. Silos refer to systems that have been
designed in isolation within an organization that operates several systems. The most important technology
matter is that of managing multiple systems as ‘data silos’, without considering wider systemic implications
of many silos across one or more organizations, and the combined impact of those silos on private
information. It may be irrelevant that one silo has built in the necessary data protection measures if that
silo (organization) shares personal data with another silo that does not have the same data protection
measures in place. This is a classic example of how data sharing can endanger the protection of personal
data 79.
Another privacy dilemma stems from ‘data aggregation’. Too often, instead of creating an index that
facilitates cross-referencing between existing databases, it is considered simpler to create a new, larger
database containing aggregated data. This kind of centralization can lead to duplication of personal
information, increased risk of inaccurate or inconsistent registration of the data, loss of control over data,
increased data processing and storage costs; and a lack of transparency of the processing which could have
regulatory consequences 80. Data aggregation could also complicate individual’s right to make a ‘subject
access requests’, which is a fundamental part of transparency 81.
The British DPA, the ICO, has drawn up a framework for sharing personal information. It is divided up into
numerous sections with detailed instructions/guidance on how to draw up such a document. First, the
document describes the legal considerations that must be made prior to deciding to share personal
information. Secondly it demonstrates how information can be shared while respecting principles such as
fairness and transparency. Thirdly, it details what information standards must be respected. This means
that information must be adequate, relevant, not excessive, accurate and up to date. Next, it elaborates on
the matter of data retention so that personal information is not stored longer than necessary. Another
aspect such a framework must address is security, in other words that the appropriate technical and
organizational measures are in place. Furthermore, the framework must attend to individual’s right to
access their personal information and freedom of information 82.
78
Information Commissioner’s Office., 2007., Framework code of practice for sharing personal information., p.5.
Information Commissioner’s Office., 2008., Privacy by Design., p.15.
80
Information Commissioner’s Office., 2008., Privacy by Design., p.16.
81
Information Commissioner’s Office., 2008., Privacy by Design., p.24.
82
Information Commissioner’s Office., 2007., Framework code of practice for sharing personal information.
79
Page 28 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
6.3 Physical design and infrastructure
There should be created a set of guidelines related to physical design and the protection of individual’s
privacy. Controlled access to the premises and locations where PI is retained. One could also consider
implementing varying levels of security and restrictions depending on the information that is stored. A risk
assessment of the inherent risks of the physical design and networked infrastructure is recommended. The
identified risks must in any case be mitigated.
6.4 Privacy-Enhancing Technologies
6.4.1 Introduction
Both companies and governments can apply technologies that are potentially intrusive with regards to
people’s privacy or pose a risk to the protection of their data. They can however implement choose
technologies that go further in the empowerment of individuals, giving them increased control over their
data 83. Privacy-Enhancing Technologies, a term coined by the Dutch DPA and Ann Cavoukian, are based on
the idea that there are methods and technologies allow for anonymous and/or minimized collection of PII
as technology are essentially neutral. By designing the universal principles of Fair Information Practices
(FIP) directly into it, such technological tools allow for the collection of information, whilst allowing
individuals to maintain anonymous and have increased participation and control over the data related to
them. Data controllers and processors must start by asking; how much PII is truly required for the operation
and proper functioning of the information system and how can it be minimized without damaging the
information system’s operability 84? PET’s also provide enhanced confidentiality, integrity and general
security for personal data 85.
Privacy and security are often viewed as two opposing forces in a zero-sum game, where one prioritizes
one over the other. This has led to a major threat for privacy, considering that the public’s desire for safety
is so high. PET’s dismisses this by proposing a positive-sum game where both privacy and security exist in a
data processing system, without detriment to the system’s functionality 86. PET’s increase user confidence
and makes it possible to use information technology to achieve multiple objects without having to sacrifice
important aspects of a data processing scheme 87. As mentioned above, PET’s can in fact become
‘transformative technologies’, meaning that they go from being privacy-intrusive to privacy-protective since
they:


minimize unnecessary disclosure, collection, retention and use of personal data;
empower individuals to participate in the management of their own personal data;
83
Information Commissioner’s Office., 2007., Data Protection Guidance Note: Privacy enhancing technologies (PET’s).,
p.1.
84
Information and Privacy Commissioner of Ontario Canada & Registratiekamer of the Netherlands., 1995., PrivacyEnchancing Technologies: The Path to Anonymity Vol. 1., p.3-4.
85
Information and Privacy Commissioner of Ontario, Canada., 2009., Privacy by Design – Take the Challenge., p.43.
86
Information and Privacy Commissioner of Ontario, Canda., 2002., Security Technologies Enabling Privacy (STEP’S) –
Time for a Paradigm Shift., p.1.
87
Information and Privacy Commissioner of Ontario, Canada., 2009., Privacy by Design – Taking the Challenge., 24.
Page 29 of 66
SUNNY D1.4: Surveillance societal and ethical aspects



enhance the security of personal data;
promote public confidence and trust; and
help promote and facilitate widespread adoption of the technology 88.
The Data Protection’s Art.17 requires data controllers to implement appropriate technical and
organizational measures and generally to ensure a level of security appropriate to the nature of the data
and the risks related to processing it. Technology should be used to support this legislation 89.
The EC considers that ‘… the use of appropriate technological measures is an essential complement to legal
means and should be an integral part in any efforts to achieve a sufficient level of privacy protection …’ 90.
Furthermore, it supports a wider development and use of PET’s as it would be strengthen the protection of
privacy protection and help secure the enforcement of data protection legislation. Deploying PET’s will act
as complementary, rather than as a replacement, to the existing legal framework 91. The EC has therefore
stated that it intends to support RTD projects and large scale pilot demonstrations to develop and stimulate
the uptake of PET’s. It also encourages the private sector to invest in the development of these tools 92.
Broadly, the EC set out three targets regarding the use of PETs;
1) To support their development,
a. Identifying the need and technological requirements of PET’s,
2) to support the use of available PET’s by data controllers,
a. promoting the use of PET’s by industry
b. to ensure respect for appropriate standards for protection of persona data through PET’s,
i. standardisation,
ii. coordination of national technical rules on security measures for data processing,
c. promoting the use of PET’s by public authorities
3) to encourage consumers to use PET’s
a. raising awareness of consumers,
b. Facilitating consumers’ informed choice: privacy seals 93.
6.4.2 How do they work?
Information system usage normally requires a procedure, including; authorization, authentication, access
control, auditing and accounting. It is the exchange of information between two or more components
within the information system. Usually, the user’s identity will be viewed as being crucial to the
performance of all the above processes. This is not necessarily the case, however and one must therefore
examine carefully whether the identity is truly required 94.
88
Information and Privacy Commissioner of Ontario, Canada., 2009., Privacy by Design – Taking the Challenge., p.24.
European Commission., 2007., Communication on Promoting Data Protection by PET’s., p.3.
90
European Commission., 2007., Communication on Promoting Data Protection by PET’s., p.3.
91
European Commission., 2007., Communication on Promoting Data Protection by PET’s., p.4.
92
European Commission., 2007., Communication on Promoting Data Protection by PET’s., p.6.
93
European Commission., 2007., Communication on Promoting Data Protection by PET’s., p.6-10.
94
Information and Privacy Commissioner of Ontario Canada & Registratiekamer of the Netherlands., 1995., PrivacyEnchancing Technologies: The Path to Anonymity Vol. 1., p.6.
89
Page 30 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The Information Commissioner of Ontario, Canada and the Dutch DPA argue that the user’s identity is only
needed for the authorization and accounting. For the processes of identification and authentication, access
control, and audit, the identity of the user can be shielded as through identity protection – a ‘pseudoidentity’. This refers to an element of the system that will control the release of a person’s true identity to
various processes within the information system. In this manner it limits areas of the system which do not
require access to the real identity, so it remains user-centric, by producing an alternate digital identity. This
works for bank account numbers, social insurance numbers, health insurance numbers, etc. 95
6.4.3 Examples
One example relates to body scanning technology which is used for security checks at airports. This is
obviously a system that has the potential to be highly privacy-intrusive. Normal metal detectors are
inadequate as there are substances and tools that can be used as weapons which are not made of metal.
On the other side physical body searches can also be considered as too privacy-intrusive and
uncomfortable, and it will most likely not detect anything hidden in certain intimate body cavities. The U.S.
Department of Energy have however produced a system that uses 3-D holographic imaging that only
reveals objects hidden underneath the clothing of airline passengers, rather than displaying the entire
body. It could detect items that are non-metallic as well. Concerns that the unclothed physical features of
the scanned person might be visible to the operator are tackled as only the concealed items are
displayed 96.
The University of Toronto has created a PET for video surveillance. They have found a way of removing the
personally-identifying parts of an image, such as face or body, and storing these separately from the rest of
the image in a secure way. The footage can then be scanned for suspicious events and if an incident merits
deeper investigation, the police, for example, could be given access to decrypt the video content to identify
the subjects 97. This tool which is developed by Karl Martin and Konstantinos N. Plataniotis is called Secure
Shape and Texture SPIHT. It is a scheme for secure coding of arbitrarily shaped visual objects and can be
deployed in a privacy protected surveillance system. The visual objects are encrypted so that the content is
only available to certain entities, such as persons of authority who possess the correct decryption key 98.
Normally, the security model for the verification of identity, protection of information, and authorization
to access premises is based on using a token (template), tied to and thereby representing an individual, to
either authenticate identity or allow access to information, premises or services. This token could take the
form of a password or shared secret (something you know), an identity card (something you have), or a
biometric (something you are). In any case, a third party holds the details of the token and is responsible
95
Information and Privacy Commissioner of Ontario Canada & Registratiekamer of the Netherlands., 1995., PrivacyEnchancing Technologies: The Path to Anonymity Vol. 1., p.6.
96
Information and Privacy Commissioner of Ontario, Canda., 2002., Security Technologies Enabling Privacy (STEP’S) –
Time for a Paradigm Shift., p.7.
97
Enterprise Privacy Group., 2008., Privacy by Design – PET’s Overview., p.7.
98
Martin, K. and Plataniotis, K. N., 2008., Privacy Protected Surveillance Using Secure visual Object Coding., p.2.
Page 31 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
for authorizing and at times allowing the transaction to proceed if the details of an individual’s token match
those stored in a database. It is by many viewed as the ultimate for of authentication or identification 99.
The privacy concerns arise whenever biometric data are used for purposes other than those stated by the
controller/processor (mission creep), such as data matching, aggregation, and surveillance and profiling.
Biometric data which is transmitted across networks and stored in various databases can also be stolen,
copied, or otherwise misused in way that can negatively affect individuals 100.
6.5 The Privacy by Design Principles
Recognition that privacy interests and concerns must be addressed proactively;
More than a moral imperative respecting privacy will be beneficial to all parties concerned. The ‘payoff’ for
organizations would come in many ways, such as improved customer satisfaction, enhanced reputation and
trust, reduced legal liabilities, etc.;
Application of core principles expressing universal spheres of privacy protection;
Privacy must be built into the relevant technologies and systems systematically, with reference to widely
agreed upon principles, standards and other relevant guidance;
Early mitigation of privacy concerns when developing information technologies and systems, throughout
the entire information lifecycle – end to end;
It is essential that privacy is addressed at the design stage, as well as throughout the entire processing
scheme. Having analysed, identified and mitigated risks, through the use of Privacy Impact Assessments
and other relevant tools, from beginning to end of a system will help avoid making costly mistakes later,
requiring expensive retrofits;
Need for qualified leadership and/or professional input;
Designing privacy protection into a data processing scheme requires increasingly specialized expertise
which is critical to organizations’ operations. There is a need for the understanding of information
technologies, legal compliance, business operations and customer relations in order to protect privacy
effectively. Employing a Chief Privacy Officer (CPO) or similar is often recommended to enable strong
privacy leadership and accountability.
Adoption and integration of PETs;
PbD parts from a perspective where Information and Communication Technologies (ICT) are essentially
neutral. The important thing is the choices we make when we design and use them. PET’s embody
99
Cavoukian, A. & Stoianov, A., 2007., Biometric Encryption., p.2.
Cavoukian, A. & Stoianov, A., 2007., Biometric Encryption., p.6.
100
Page 32 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
fundamental privacy principles by minimizing personal data use, maximizing data security and empowering
individuals;
Embedding privacy in a positive-sum (not zero-sum) manner as to enhance both privacy and system
functionality;
Adding privacy to information technologies and systems should not require subtracting security, usability,
efficiency, organizational control or other desirable functions or attributes. There is no necessary trade-off.
It is possible to achieve a win-win situation where privacy and security are enabled; and
Respect for users’ privacy - this is where it all begins and where it all ends 101.
6.6 Privacy Risk Management
Cavoukian has identified 7 essential steps for designing privacy into technology:







Define privacy expectations of the public and identify legislated requirements.
Develop privacy policies and principles.
Undertake an assessment of human and informational resources with a focus on personally
identifiable data (collection, processing, management, flows and storage).
Undertake threat risk assessment by completing a Privacy Impact Assessment.
Deploy a methodology for privacy risk management at the system level.
Introduce the rules of controls developed in the previous step at the source of code level.
Deploy and audit through a model of continuous improvement. Review expectations and
requirements102.
Leadership needs to take into account both legal compliance and business benefits. The failure to address
privacy can severely damage a company or institution’s reputation. It can put into question its leadership as
well. Furthermore, if privacy is not protected, it can seriously harm customers, which again will lead to
mistrust and deterioration of the organization’s information asset quality. Lack of management is
considered as one of the primary barriers for the adoption of PbD. The lack of respect for privacy can again
lead to fines for not complying with the law, as well as loss in market share, unexpected costs and drop in
stock prices 103. The risk will vary depending on the organization’s nature and the individual’s data, but
potential consequences include:


damage to the organization’s reputation and brand;
physical, psychological and economic harm to customers whose personal information is used or
disclosed inappropriately;
101
Information and Privacy Commissioner of Ontario, Canada., 2009., Privacy by Design.
Information and Privacy Commissioner of Ontario, Canda., 2002., 7 Essential Steps for Designing Privacy Into
Technology.
103
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.1.
102
Page 33 of 66
SUNNY D1.4: Surveillance societal and ethical aspects


financial losses associated with deterioration in the quality and integrity of personal information
due to customer mistrust; and
loss of market share or a drop in stock prices following a ‘privacy hit’ resulting in negative publicity
or the failure or delay in the implementation of a new product or service due to privacy
concerns 104.
Good privacy practices will enhance customer loyalty and in the end save time and money. It is a strategic
business differentiator as it allows you to protect the interests of the organization and customers at once,
instead of pegging them up against each other 105. The potential benefits of implementing sound privacy
policies and practices include:






consumer confidence and trust;
a more positive organizational image and a significant edge over the competition;
business development through expansion into jurisdictions requiring clear privacy standards;
enhanced data quality and integrity, fostering better customer service and more strategic business
decision-making;
enhanced customer trust and loyalty; and
savings in terms of time and money 106.
According to the Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, emphasizes
the importance of creating a culture of privacy. This terminology refers to a culture that moves beyond
legislation, regulation and policy to help ensure that errors regarding the control and processing of
personal data does not occur. Such a culture will provide the necessary imperative to promptly detect and
correct errors if they occur. Key components that help establish a culture of privacy is training, on-going
monitoring, auditing, and regular evaluation 107.
Directors will need to ensure that privacy is an important consideration whenever their organization enters
a partnership or contractual arrangement with other companies and institutions for the provision of
specific services, including any UAV operations. An organization may be held liable if agents and service
providers fail to comply with privacy legislation; therefore, in order to avoid fines and lawsuits,
organizations must take reasonable steps to meet the minimum requirements for privacy protection and
set these out in all contractual arrangement with third parties 108.
Moreover, when a privacy breach occurs, directors should ensure that their organizations have a privacy
crisis management tool in place. Such a tool should instruct organizations on the appropriate steps to be
taken to minimize the damage to individuals and the organization’s reputation and business relationship.
Prevention of future breaches is also vital 109.
104
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.2.
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.1.
106
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.3.
107
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.4.
108
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.10.
109
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.10.
105
Page 34 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Education is a fundamental aspect to ensure protection of privacy. Therefore directors should hold
thorough training programs to make sure staffs understand their responsibilities. Directors should consider
invite privacy experts to speak as part of such training 110.
Accountability is another fundamental aspect of privacy protection. Organizations should, if possible, assign
the responsibility for privacy to a senior member of staff or hire a so-called Chief Privacy Officer (CPO). This
person should have expertise related to privacy and must be awarded the responsibility for overseeing the
design, implementation, monitoring and reporting on the organization’s privacy policies and to ensure that
the company’s compliance system and control measures. The extent of this role will depend on the
business. Regardless, this individual will need to possess knowledge about all aspects of the business 111.
Periodic self-assessments and privacy audits are central methods used to report activities related to privacy
protection. One of the primary tools is, as mentioned, PIA’s 112. It is important that the risks to PII are
addressed throughout the entire lifecycle, which in general is: creation/collection  distribution and use
 retention  storage and maintenance  permanent storage OR destruction 113.
Ann Cavoukian has created a 20-point checklist for management to ensure privacy compliance;
1. Has your organization designated at least one individual to be responsible for privacy?
2. Does your organization collect personal information? If so, would any of this information be
considered sensitive?
3. Is the purpose for the collection of personal information explained to customers at the time it is
collected?
4. Is personal information collected only for purposes that are appropriate in the circumstances?
5. Is the personal information that is collected, used or disclosed by your organization limited to that
which is necessary to achieve the specified purpose?
6. Have all necessary consents been obtained for the collection, use or disclosure of the information
and consistent with the reasonable expectations of the individual?
7. Is the form of consent appropriate for the level of sensitivity of the information and consistent with
the reasonable expectations of the individual?
8. Have controls been implemented to ensure that personal information is as accurate, complete and
up-to-date as necessary for the purpose for which it is to be used?
9. Are the security safeguards to protect personal information appropriate for the level of sensitivity
of the information?
10. Are the information management practices of the organization transparent? Does the organization
make available to customers information about its policies and practices relating to the handling of
personal information?
110
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.19.
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.19.
112
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.20.
113
Information and Privacy Commissioner of Ontario, Canada., 2010., Privacy Risk Management., p.10.
111
Page 35 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
11. Do customers have the right to access and correct their own personal information?
12. Is there a mechanism through which customers can make an inquiry or complain about the
organization’s personal information management practices?
13. Has an organizational privacy policy been implemented? Is the privacy policy available to the
public?
14. Has an employee privacy policy been implemented?
15. Has a privacy crisis management protocol been implemented to deal with privacy breaches? In the
event of a privacy breach, do you communicate information to individuals whose privacy has been
breached so that they may take appropriate steps to protect themselves from harmful
consequences, such as identity theft?
16. Are all employees aware of the organization’s privacy policy? Is privacy training, tailored to roles
and responsibilities, mandatory for all employees?
17. Are privacy requirements built into contractual agreements with business partners and services
suppliers and agents?
18. Are privacy requirements built into all employment contracts? Do these contracts include
consequences for breaching the organization’s privacy policy?
19. Does your organization conduct a PIA prior to implementing new technologies, programs, products
or services that could impact on privacy?
20. Does your organization have a compliance program that includes regular privacy self-assessments
and privacy audits to ensure compliance with your privacy policy and privacy legislation? 114
Mitigation of privacy risks is an essential aspect of PbD and is required by the Data Protection Directive’s
Art. 20 which states:
‘1. Member States shall determine the processing operations likely to present specific risks to the rights and
freedoms of data subjects and shall check that these processing operations are examined prior to the start
thereof.
2. Such prior checks shall be carried out by the supervisory authority following receipt of a notification from
the controller or by the data protection official, who, in cases of doubt, must consult the supervisory
authority.
3. Member States may also carry out such checks in the context of preparation either of a measure of the
national parliament or of a measure based on such legislative measure, which define the nature of the
processing and lay down appropriate safeguards’.
One commonly used risk management technique is called Privacy Impact Assessment (PIA). In the UK and
Canada, for example, all government systems that collect and process personal information are required to
have carried out a PIA (in the UK they are required by the Cabinet Office, although they are not legally
required) 115. Although there is an obligation on prior checks in the Data Protection Directive, PIA’s are not
114
115
Information and Privacy Commissioner of Ontario, Canada., 2007., Privacy and Boards of Directors., p.22-23.
Information Commissioner’s Office., 2008., Privacy by Design., p. 8.
Page 36 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
required by law. It is primarily English-speaking countries who apply PIA’s and are more commonly applied
in the public sector than in the private sector. They are however endorsed by privacy commissioners,
government agencies, private corporations and privacy advocates and do help address privacy concerns,
and are useful if applied effectively before processes are designed 116.
One definition provided is that a PIA is a ‘process whereby a conscious and systematic effort is made to
assess the privacy impacts of options that may be open in regard to a proposal’ 117.
An alternative definition is that a ‘PIA is an assessment of any actual or potential effects that the activity or
proposal may have on individual privacy and the ways in which any adverse effects may be mitigated’ 118.
PIA’s are not compliance checks, nor privacy audits. They are prospective tools aimed at addressing privacy
concerns in new programs, services or technologies. Their aim is to identify and mitigate risks so that plans
can be modified at an early point. It works as a prompt warning system. Moreover, the PIA should raise the
largest issues as well, such as questioning not only whether it is legally compliant, but also whether or not it
is a necessary processing of personal data in the first place. If the schemes are too intrusive, PIA’s should
modify or even stop them. A PIA should also an adjustable document that should evolve if the scheme
evolves, as the PIA is not an end-product in itself. It is an open-ended process 119.
One integral part of most PIA’s is the analysis of the flow of personal information. Once a broad description
of the nature and scope of the project has been completed, the next stage in a PIA is to describe and map
the flows of personal information the project. This could include:
•
•
•
•
•
•
•
•
what personal information is to be handled in the project;
how the personal information is to be collected;
how it will be used;
internal flows;
disclosures;
security measures (privacy and security policies/procedures/processes);
any privacy, secrecy and other relevant legislation applying to those flows 120; and
an analysis of the accountability structures 121.
The preparations for a risk assessment must include the description of an aim and targets – meaning the
description of a hypothesis that needs to be investigated. This description must contain information about
who is affected by this work (organization, department, co-workers, and external personnel) 122.
116
Lougborough University – Linden Consulting., 2007., Privacy Impact Assessments., p.6 of the Ex. Summary.
Lougborough University – Linden Consulting., 2007., Privacy Impact Assessments., p.2.
118
Lougborough University – Linden Consulting., 2007., Privacy Impact Assessments., p.2.
119
Lougborough University – Linden Consulting., 2007., Privacy Impact Assessments., p.2.
120
Lougborough University – Linden Consulting., 2007., Privacy Impact Assessments., p.17.
121
Information and Privacy Commissioner of Ontario, Canada., 2011., A Foundational Framework for Privacy by Design
– Privacy Impact Assessments., p.9.
122
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.8.
117
Page 37 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
A risk assessment can be organized as a project and be executed like a project plan. It needs to be executed
by personnel who possess the knowledge and experience necessary. They must understand the assets and
the environment in which the assets find themselves. Finally, an evaluation of the assessment should be
carried out by someone who is not directly involved in the actual assessment 123.
Obviously it is necessary to communicate with all relevant sections of the agency to complete these tasks. It
cannot be done in isolation. A PIA requires a broad understanding of how the project will work 124. One way
to achieve accountability and transparency for such a process is to deliver PIA’s to the DPA and perhaps to
publish them online.
Security measures aimed at addressing risks should be proportional to the probability and the
consequences of security breaches. The work aimed at revealing risks should not be more extensive or
formalized than necessary. Risk assessments should have certain holding points to determine when a risk
exceeds the accepted level. Risk assessments should be taken at the design stage of an information system.
A prerequisite to be able to say anything about security measures is that there has been a mapping of the
personal information that is processed. Furthermore it is necessary to identify the incidents that actually
entail a risk that demands an assessment of security measures. Moreover it needs to take into account the
loss- or damage-potential that can be estimated, which will form part of the consequence assessment.
Probability of such incidents taking place would also have to be addressed 125.
Risk assessments in this context have the aim of identifying incidents that may have an impact on data
protection, and to express a hypothesis regarding these incidents and the probability of them occurring.
One important part of the task is mapping of the assets (personal information) that must be secured and
mapping the environment in which the assets find themselves. Risk assessments must also identify the
need for mitigating actions, by comparing the risks with the accepted risk level. In this scenario it is natural
to give recommendations for security measures 126.
Moreover, there must be made estimates regarding threats – meaning one must try to identify the possible
scenarios that can lead to a security breach. For example, internet network connections with the location of
the personal information can lead to a range of threats that must be assessed. The probability of such an
incident occurring as a result of human activity, either by coincidence, qualified knowledge or some degree
of determination. Would negligence suffice or must it be intended action 127?
It must be possible for organizations to use evidence to determine when a risk exceeds an accepted
security level. Organizations are not free to choose how much risk personal information can be exposed to.
123
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.8.
Lougborough University – Linden Consulting., 2007., Privacy Impact Assessments., p.17.
125
Datatilsynet., 2009., Risikovurdering av informasjonssystem., summary.
126
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.4.
127
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.6.
124
Page 38 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
There will be expectations of a minimum security level for the protection of personal information. These
relate to confidentiality, availability and integrity 128.
The accepted risk level must be described and include what personal information and processes are
touched upon, what incidents could have consequences for data protection and the acceptable levels for
consequence and probability. The description must determine the prioritization between different security
needs and describe the risk mitigating measures 129.
The environment refers to those surroundings or situations in which the assets can be found. This includes
the information systems, the physical installations and the organization. Also those processes and
operating conditions which personal information forms a part of. Additionally, it is necessary to reveal the
existing security measures, whether they are organizational or technical. Mapping out the connections, for
example between the information system and internet/internal networks, physical premises, relations
between humans/machines, competences and routines, etc. is also important 130.
Results from a process-mapping will tell where and how assets are processed, and simultaneously give
information about the possibility for loss or damage. Security tests will reveal if the mitigating actions
actually work 131.
Both cause and consequences must be assessed. The consequence assessment must part from the
undesired incidents that have been identified. Consequences can be expressed through economic loss,
legal liability and other negative effects for the company. There will also be consequences for those people
whose personal data is compromised 132.
7. Legal Framework for UAV’s
7.1 Introduction
The international community does not have any international regulation concerning the use of UAVs that
governs safety, licensing, airworthiness, privacy and data protection in a non-segregated airspace for the
different varieties of such vehicles. In fact, there are many different legal considerations to take into
account when analysing the obligations and restraints for those wishing to fly UAVs. There are
international, regional and national legislations that put obligations and restraints on the use of UAVs. One
will have to consider whether it will be operated for military, law enforcement and customs, commercial or
individual use. Different legal instruments apply to vehicles of different sizes. Whether or not the vehicle
will collect data through surveillance will also define requirements. Moreover, in Europe the whole regional
data protection framework is under reform which will have an impact on the use of these vehicles.
128
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.6.
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.7.
130
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.9.
131
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.9.
132
Datatilsynet., 2009., Risikovurdering av informasjonssystem., p.13-14.
129
Page 39 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Similarly, new legislation that will affect the use of UAVs is being rolled out in several new countries. This
creates a very confusing legal context that must be taken into account.
7.2 International UAS Legal Instruments and Initiatives
UAVs are flying objects and are therefore subject to the rules made by the International Civil Aviation
Organization (ICAO). Consequently, any action taken in the EU should be taken in agreement with the ICAO
and its rules 133. One particularly important piece of legislation is the Convention on International Civil
Aviation, which is also known as the Chicago Convention. This is however not applicable to aircrafts
defined as military, customs or police aircrafts. States are therefore required to develop legislation for such
aircrafts 134.
In 2011 the ICAO issued Circular 328 that touched primarily on matters related to safety, licensing and
airworthiness. The Circular is prudent when assessing the integration of a non-segregated airspace as it
stated that: ‘Integrating remotely-piloted aircraft into non-segregated airspace and at aerodromes can
likely be achieved in the medium-term … Development of the complete regulatory framework for UAS will be
a lengthy effort, lasting many years’ 135.
In March 2012 the ICAO adopted amendments to Annexes 2 and 7 of the Chicago Convention. This
achieved the full insertion of the Remotely Piloted Aircraft Systems (RPAS) in the aviation system. It sets
requirements for safety certification, licensing of remote pilots and certification for operators 136.
The intrusiveness into people’s right to privacy and to have their data protected is not prioritized by
industry and the regulatory authorities 137.
The Association for Unmanned Vehicle Systems International (AUVSI) did nonetheless issue an Unmanned
Aircraft System Operations Industry ‘Code of Conduct’. AUVSI, an influential UAV industry group, took a
step in the right direction, but it is far from good enough. The Code of Conduct is too broad and consists of
generic promises and only makes a general reference to ‘respect the privacy of individuals’. There is no
reference to enforcement, oversight or who would be responsible for this 138.
Similarly, the International Association of Chiefs of Police Aviation Committee issued ‘Recommended
Guidelines for the use Unmanned Aircraft’. These focus primarily on community engagement, system
requirements and operational procedures. They also have one short section on image retention. It merely
specifies that images should primarily only be retained if there is an on-going investigation and that their
usage should be transparent and open for public inspection unless more secrecy is mandated by law 139. It
133
th
The European Commission., 2011., Discussion Paper from the 4 Workshop on Societal Impacts on UAS., p.4.
OPARUS., 2011., Workshop 1 Report., p.16.
135
th
The European Commission., 2011., Discussion Paper from the 4 Workshop on Societal Impacts on UAS., p.5.
136
European Commission., 2012., Working Document – towards a strategy for development of RPAS., p.13.
137
European Commission., 2007., Study Analyzing the Current Activities in the Field of UAV’s., p.70.
138
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and drones., p.11.
139
International Association of Chiefs of Police – Aviation Committee., 2012., Guidelines for the Use of UAV’s.
134
Page 40 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
obviously falls very short of the standards required to effectively protect privacy and personally identifiable
data.
7.3 European UAS Legal Instruments and Initiatives
Safety is, without doubt, the most important consideration that leads the work on integration of UAV’s into
controlled airspace. In the EU, the need for UAV’s to guarantee an equivalent level of safety (ELOS) to
manned aircraft is the dominant priority 140. There is however no all-encompassing regulation that governs
the use of UAVs in a non-segregated airspace in the EU, especially not one that guarantees data protection.
The EC has placed an important part of the responsibility on national governments in order to promote the
UAV technology, so it will receive public acceptance. It emphasizes that government agencies (i.e. Coast
Guard, Police) will be the first users of civil UAVs. Consequently, successful demonstrations of relevant
technology, its safety and its cost-effectiveness will be highly valued in this respect. The military use of
UAVs has rightly produced a very negative reception 141.
Under current legislation and with the standard of technology available today, it is only possible to fly UAVs
in segregated airspaces, with special conditions. Flight in non-segregated airspace is not possible. Short
range operations (out to 500m range), meaning within visual line of sight of the pilot, is however allowed
by some countries 142.
The current guiding legislation on UAVs in Europe is EC Reg. 785/2004. It requires all UAVs weighing more
than 20 kg’s to have adequate insurance cover. Many UAVs will therefore never get off the ground at the
moment. State aircrafts (military, customs and police) are however exempt across the EU, i.e. self-insured.
Civil UAVs fly under civil aviation jurisdiction for Air Traffic Management purposes, while military UAVs are
subject to military flight rules 143.
In Europe unmanned aircrafts are divided in two major groups, which are each regulated by different
authorities:
 UAVs with a maximum take-off mass of more than 150kg. These systems are regulated by the
European Aviation Safety Agency (EASA) 144 and fall under the EC Regulation No 216/2008 145.
 UAVs with a maximum take-off mass of less than 150kg, commonly designated as Light UAS. These
systems are regulated by the national civil aviation authority (NAA) 146.
EASA is engaged, although with limited resources, in developing a safety Regulatory Roadmap for civil RPAS
above 150kg. It is expected to deliver in 2016.
140
European Commission., 2007., Study Analyzing the Current Activities in the Field of UAV’s., p.60.
European Commission., 2007., Study Analyzing the Current Activities in the Field of UAV’s., p.87.
142
Europe., 2012., OPARUS Periodic Report Summary.
143
European Commission., 2007., Study Analyzing the Current Activities in the Field of UAV’s., p.54.
144
European Commission., 2012., First Hearing on Light Unmanned Aircraft Systems., p.1-2.
145
European Commission., 2012., Working Document – towards a strategy for development of RPAS., p.12.
146
European Commission., 2012., First Hearing on Light Unmanned Aircraft Systems., p.1-2.
141
Page 41 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The EC published a Staff Working Paper in September 2012, entitled ‘Towards a European Strategy for the
development of civil applications of Remotely Piloted Aircraft Systems’. The document concludes that there
was a necessity to set up a European RPAS Steering Group (ERSG). Its aim is to ‘foster the development of
civil RPAS by planning and coordinating all the activities necessary to achieve the safe and incremental
integration of RPAS into European air traffic by 2016’. The group is responsible for designing a
comprehensive roadmap towards the integration of civil UAVs into European airspace by 2016 147.
The Single European Sky (SES) and its technological pillar SESAR, which aims to establish a European air
traffic management environment, capable of accommodating UAVs into a non-segregated airspace, is not
expected to be complete until 2020 148. It provides a series of measures enabling safer, greener and more
cost-efficient flights.
JARUS is a European initiative aimed at developing operational and technical regulations for UAVs 149. This is
for light UAVs weighing less than 150kg 150.
EUROCAE WG 73 is another initiative developing a requirements framework that would enable UAVs to
operate within the constraints of the existing Air Traffic Management (ATM) environment in an
unsegregated airspace.
INOUI (Innovative Operational UAS Integration) is a third initiative, funded by the EC 6th Framework
Programme, focused on the integration of UAS in an unsegregated airspace in the context of SES 151.
UAVs have also reportedly been used for police surveillance or border control in several European
countries, such as France, Belgium, Italy, Switzerland and the Netherlands, on certain occasions. The police
department in Kent in the UK has reportedly working on a £3m project to use unmanned aircraft to patrol
the coast 152.
During a European UAS Conference the Dutch Police expressed interest in the use of UAVs but also
registered a series of difficulties with its usage. They highlighted challenges related to the integration within
the police, usability, reliability of the equipment, the quality of sensors, weather challenges, day and night
issues, as well as mentioning that the lack of a regulatory framework and costs was still a problem 153. These
are relevant considerations to keep in mind during the SUNNY project.
147
Cole, C., 2012., Europe to open skies to drones by 2016 says Commission document.
European Commission., 2007., Study Analyzing the Current Activities in the Field of UAV’s., p.74.
149
Masutti, A., University of Bologna., 2010., European UAS conference.
150
European Commission., 2012., Working Document – towards a strategy for development of RPAS., p.11.
151
Masutti, A., University of Bologna., 2010., European UAS conference.
152
The Guardian., 2012., The Rise of drones in UK airspace prompts civil liberties warning.
153
The Dutch Police., 2010., European UAS Conference Presentation.
148
Page 42 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
7.4 National UAS Legal Instruments and Initiatives
Generally, too few authorities have provided for regulation that covers privacy law, torts law, insurance law,
civil aviation regulations, etc. in the field of UAVs. In Italy however, ENAC, the Italian Civil Aviation Authority
recently published a Regulation. This is however, only applicable to UAVs that weigh less than 150kg and
operators must seek approval from ENAC. The Regulation does however not cover data protection. It is the EU’s
legislation on data protection which is applicable and national DPAs will probably be involved in interpreting
regulations and breaches of them. As of early April this Regulation was being discussed by legislators 154.
In Portugal, the lack of a regulatory framework has raised concerns for privacy advocates. The use of UAVs
has become increasingly more common and even users have lamented the legal void that exists. The
primary concern among users seems to be compliance with safety standards and accessing insurance,
which is quite difficult. However, there is recognition that UAVs can constitute a threat to data protection.
Nonetheless, regulating privacy and data protection in the field of UAV use has not so far been
contemplated by Portuguese legislators 155.
In the U.S. President Obama signed the Federal Aviation Authority (FAA) Appropriations bill (Modernization
and Reform Act of 2012) which mandated that the U.S. airspace must be opened to UAVs by 2015. The FAA
is the agency which is responsible for developing ‘a comprehensive plan to safely accelerate the integration
of civil unmanned aircraft systems into the national airspace system’. By September 2015 this plan should
be ready 156. In the U.S. it is the FAA, which is responsible for the safety of U.S. airspace. At the current
moment, they do have the possibility to grant permissions, but do so on only a few occasions. The FAA is
nonetheless under a great deal of pressure from industry and Congress to speed-up developments 157.
Even though the FAA is responsible for ensuring these systems fly safely in the U.S. airspace, with only two
years left until the drones will fly in an unsegregated airspace, no federal agency has taken the lead to deal
with the full implications of using UAVs and developing the relevant policies and guidelines for their use.
This is true, despite the fact that the Government Accountability Office (GAO) recommended the Secretary
of Homeland Security direct the Transport Security Administrator (TSA) to examine the security implications
of future, non-military UAV operations in the national airspace system and take any actions deemed
appropriate 158.
In the U.S. they have a particularly legitimate reason to worry about UAV-surveillance domestically due to
the absence of adequate privacy and data protection legislation. They have no equivalent to the Data
Protection Directive and privacy matters are regulated by the Supreme Court’s interpretation of the Fourth
Amendment of their constitution.
154
Global Legal Post., 2014., Can drones break into the commercial market?
Público., 2013., Em Portugal há drones a mais e legislação a menos.
156
th
U.S. Congressional Research Service., 2012., Drones in Domestic Surveillance Operations – 4 Amendment
Implications and Responses., p.3.
157
American Civil Liberties Union., 2011., Protecting Privacy – From Aerial Surveillance – Recommendations for
Government use of Drones., p.9.
158
Department of Homeland Security., 2012., Using UAS’ within the Homeland – Security Game Changer., p.2.
155
Page 43 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The American Civil Liberties Union (ACLU) has expressed concerns that the debate regarding UAVs in the
U.S. has mostly been spinning around safety – which is also a concern that could be expressed regarding
the EU legal framework. The organization has called for a mandated agency, for example the FAA, to
regulate the use of UAVs with an aim to protect privacy; similar to the way the FAA governs matters related
to safety with respects to UAV usage. If the FAA cannot assume this role, the organization argues that
Congress should enact additional protections to preserve privacy 159.
The American Civil Liberties Union (ACLU) has made several recommendations to the U.S. government,
regarding the use of UAV for law enforcement:
 To restrict the number of users of UAVs.
 Only allow for the use of UAV for evidence collection where there has been a criminal
wrong-doing or where there is a warrant or probable cause; or
 where there is a geographically confined, time-limited emergency situation in which
particular individuals’ lives are at risk, such as fire, hostage crisis or a person lost in the
wilderness; or
 for reasonable non-law enforcement purposes by non-law enforcement agencies, where
privacy will not be substantially affected, such as geological inspections or environmental
surveys, and where the surveillance will not be used for secondary law enforcement
purposes (i.e. mission creep).
 Not to retain or share images unless there is reasonable suspicion that the images contain evidence
of criminal activity or are relevant to an on-going investigation or pending criminal trial.
 That policies and procedures for the use of aerial surveillance technologies by the police are
explicit, in writing and public.
 That there is democratic control regarding the deployment and policy decisions surrounding UAVs,
based on transparent information.
 That there is a clear, systematic examination into the costs and benefits involved in order to audit
and track the effectiveness of these tools 160.
The Washington Center for Democracy and Technology (CDT) has called for greater approval and oversight
to be in place in order to protect civil liberties. It recommended that the FAA carry out PIAs and design
rules regarding privacy and transparency for both government and non-government use of UAVtechnology. Furthermore, the group suggested that all FAA applications for a UAV-license include a data
collection statement that defines whether the UAVs will collect information about individuals and, if so, the
circumstances under which that information will be retained, used, and disclosed. This should include;
 The purpose for which the UAV will be used and the circumstances under which its use will be
authorized and by whom.
 The specific kinds of information the UAVs will collect about individuals.
159
American Civil Liberties Union., 2011., Protecting Privacy – From Aerial Surveillance – Recommendations for
Government use of Drones., p.2.
160
American Civil Liberties Union., 2011., Protecting Privacy – From Aerial Surveillance – Recommendations for
Government use of Drones., p.15-16.
Page 44 of 66
SUNNY D1.4: Surveillance societal and ethical aspects





The length of time for which the information will be retained.
The possible impact on individuals’ privacy.
The specific steps the applicant will take to mitigate the impact on individuals’ privacy, including
protections against unauthorized disclosure.
The individual responsible for safe and appropriate use of the UAV.
An individual point of contact for citizen complaints 161.
These are recommendations directed at government, but nonetheless, a lot can be learned and taken into
account for the SUNNY project. Recommendations regarding declaration of purpose, geographic
confinement, time-limited deployment, mission creep, image retention and disclosure, taking into account
the nature of the information collected, the impact on individuals privacy, the transparency of operations,,
mitigating risks, audits and monitoring of the deployment and its efficiency and having a contact point for
complaints are all valuable aspects that could be considered for SUNNY.
In June 2012, identical bills were introduced in the U.S. House of Representatives and Senate – ‘The
Preserving Freedom from Unwarranted Surveillance Act of 2012’. Their aims are ‘to protect individual
privacy against unwarranted governmental intrusion through the use of unmanned aerial vehicles’. There
have also been committee-hearings on the domestic use of UAVs by the Department of Homeland Security
(DHS) 162.
One author called for the FAA to adopt a 2008 DHS framework, where applicants for a UAV license would
have to describe:
 The purpose for which the UAV will be used and the circumstances under which its use will be
authorized and by whom.
 The specific kinds of information the UAV will collect about individuals.
 The anticipated uses and disclosures of that information.
 The possible impact on individuals’ privacy.
 The specific steps the applicant will take to mitigate the impact on individuals’’ privacy, such as
protections against unauthorized disclosure.
 The individual responsible for safe and appropriate use of the drone.
 An individual point of contact for citizen complaints 163.
Again the recommendations proposed are similar to those expressed by the previously mentioned
organizations. The tendency of concerns is clear and should be considered in SUNNY.
7.5 U.S Legal Framework for the use of UAS for Border Control
Law enforcement agencies in the U.S. are generally granted significant deference to conduct surveillance at
or near its borders. The federal government has a significant interest in protecting its borders from
161
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and drones., p.13.
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and drones., p.15.
163
Geiger, H., 2012., The Drones are Coming.
162
Page 45 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
irregular border crossings, drug trafficking, and, perhaps most importantly, the transit of weapons and
persons seeking to do harm to local people and infrastructure 164.
The U.S. Congress has granted federal law enforcement agencies significant search powers at the border.
Section 287 of the Immigration and Nationality Act (INA) codified at 8 U.S.C. 1357, authorizes immigration
officers to conduct warrantless searches of any vessel within a reasonable distance from the border and
any vehicle within 25 miles from a border for the ‘purpose of patrolling the border to prevent the illegal
entry of aliens into the United States’.
The Supreme Court has likewise acknowledged this federal interest in the borders, observing that ‘the
Government’s interest in preventing the entry of unwanted persons and effects is at its zenith at the
international border’. Again, the touchstone in every Fourth Amendment case is whether the search is
‘reasonable’. The Court observed in United States v. Montoya De Hernandez that ‘the Fourth Amendment
balance of reasonableness is qualitatively different at the international border’.
In late 2003 the Border Patrol in the U.S. tested the ‘Predator B’. The Coast Guard tested the same UAV in
the summer of 2004 in Alaska. During the same summer the U.S. started scanning the Arizona-Mexico
border with two ‘Hermes 450’s’. The reported cost of leasing, fuelling and maintaining these two UAVs for
three months was $4m. The Department of Homeland Security also has also used UAVs along the Canadian
border and in Puerto Rico 165. Between 2004-2005 estimates state that the Predator drones assisted in the
capture of 2300 undocumented immigrants and 3760kg of marijuana on the U.S.-Mexico border 166. In 2011
the ACLU stated that the Customs and Border Protection Agency (CBP) in the U.S. have operated UAVs
along the border since 2005 and in 2011 had seven Predator drones carrying out the task of border control.
By 2010 the entire southern border was being patrolled. In 2011 the Department of defence moved beyond
the border and sent UAVs into Mexico to provide surveillance on drug cartels 167. In 2012 the CBP had ten
UAVs that were used to monitor drug smuggling tunnels, video dams, bridges, levees, and riverbeds at risk
of flooding and assist with the deployment of National Guard resources responding to flooding. They have
also flown missions for Border Patrol, for the FBI, the U.S. Forest Service, the Texas Rangers, etc. 168 U.S.
authorities have however suspended the use of UAVs for homeland border surveillance in the Mexican and
Canadian borders due to what seems an insufficient operational value because operational interest is
marginal with respect to extra cost added 169.
EPIC stated in one of their documents that UAVs often are equipped with surveillance cameras that also
have thermal and night-vision capabilities. If they have Electro-Optical sensors they can identify an object
164
U.S. Congressional Research Service., 2012., Drones in Domestic Surveillance Operations., p.10.
EPIC., 2005., Spotlight on Surveillance – Unmanned Planes offer New Opportunities for Clandestine Government
Tracking., p.2.
166
P. Lee from Bird & Bird., 2011., Presentation on ‘Legal Risks and issues through the UAS lifecycle and privacy issues
surrounding the use of UAS.
167
American Civil Liberties Union., 2011., Protecting Privacy – From Aerial Surveillance – Recommendations for
Government use of Drones., p.6-7.
168
Department of Homeland Security., 2012., Using UAS’ within the Homeland – Security Game Changer., p.1.
169
OPARUS., 2011., Workshop 1 Report., p.22.
165
Page 46 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
the size of a milk carton from an altitude of 60.000 feet. Several UAVs also have radar systems to produce
high-resolution imagery that are able to track moving targets. Ground operators using these systems can
therefore be provided with precise real-time imagery. Some of these UAVs can even fly for 20-50hrs
without refuelling, further extending their surveillance capacity way beyond what has been possible
before 170.
The president of the National Border Patrol Council in the U.S. said at subcommittee hearing that
‘substituting detection technology for staffing and equipment lawbreakers is unwise. While such technology
can be useful … it cannot catch a single violator. Only trained people can accomplish that task’ 171. This
indicates that UAVs should not be portrayed as a panacea for surveillance, border control or law
enforcement.
Reports claim border patrols along the U.S.-Mexican/Canadian borders have been suspended due to the
lack of operation value 172.
7.6 Recommendations for Test-Sites
The U.S. Congress has instructed the FAA to select six domestic sites to test the safety of UAVs. The primary
mission of the FAA will be safety and not privacy 173. The then requested comments on UAVs test sites from
relevant stakeholders. They requested comments on test site requirements, designation standards and
oversight activities. The Electronic Privacy Information Center (EPIC) was one of the groups that
responded174.
The organization has called for federal agencies to regulate and control the proliferation of UAVs that are
used for the purposes of surveillance in the U.S. They stressed that UAVs possess unparalleled surveillance
capabilities that the FAA should assess and risks mitigated before these are deployed further 175. UAVs will,
according to EPIC, invoke Fourth Amendment interests and well established common law privacy rights.
The group further recommended that the FAA support privacy by mandating transparency and
accountability in UAVs operations, prevent unlawful access to UAVs surveillance information and limit the
exposed population whenever possible.
EPIC requested specific rulemaking on UAV surveillance, and indicated that such rules should take into
account data use and retention, property rights, use limitations and enforcement. They also expressed
concerns about UAS network security to be considered, especially within the confines of the test sites.
Considerations should be made regarding; 1) the ability to circumvent encryption codes within drone
170
EPIC., 2005., Spotlight on Surveillance – Unmanned Planes offer New Opportunities for Clandestine Government
Tracking., p.3.
171
EPIC., 2005., Spotlight on Surveillance – Unmanned Planes offer New Opportunities for Clandestine Government
Tracking., p.4.
172
OPARUS., 2011., Workshop 1 Report., p.22.
173
th
New York Times., 2012., The Dawning of Domestic Drones. (Accessed the 6 of March 2012).
174
EPIC., 2012., Comments on the Federal Aviation Administration of the Department of Transportation.
175
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and drones., p.12.
Page 47 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
surveillance software, and 2) the ability to manipulate hardware to gain access to drone surveillance data.
To limit the possible intrusion on people’s privacy, the group further recommended that the flight testing
be carried out in sparsely populated areas. Moreover, the stated that public notices are insufficient as
privacy safeguards and that a proactive approach that provides affected members of the population with
relevant information would be necessary to maintain transparency around test sites 176.
8. General concerns about UAS use
Mission creep means situations where PII have been collected for a specific purpose, but their use
extended beyond this defined purpose. For example if a UAV data collection scheme is defined as a tool for
search and rescue, but the data collected is then provided for law enforcement purposes, this is mission
creep. This is an aspect which must be considered in the SUNNY project, as it will work under the auspices
of EUROSUR where the CISE will pose potential problems with regards to sharing such information. Under
EUROSUR many different sectors operating in the maritime environment will be allowed to collect and
distribute information. It is not clear how PII will be protected in the CISE.
Data security is another challenge related to the use of UAS’, which is quite relevant for SUNNY. EPIC have
expressed concern with the dangers that can result from the hacking of UAVs. This refers to the
interception and compromise of UAV operations that can pose a threat to the security of lawful UAV
operations. To mitigate these risks (especially at test sites) EPIC recommended that the FAA explore; 1) the
ability to circumvent encryption codes within UAV surveillance software and, 2) the ability to manipulate
hardware to gain access to UAV surveillance data 177. The ‘security’ principle has special relevance, because
without strong security, there can be no privacy and personal data cannot be protected. Applied security
standards must assure the confidentiality, integrity, and availability of personally identifiable data
throughout its lifecycle including, inter alia, methods of secure destruction, appropriate encryption, and
strong access control and logging methods 178.
The relevance of this problem can be drawn from an example in Iraq. Militants there have used $26 off-theshelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with
information they need to evade or monitor U.S. military operations. These Iranian-backed insurgents
intercepted the video feeds by taking advantage of an unprotected communications link in some of the
UAVs using software programs such as SkyGrabber to regularly capture UAS video feeds. They do not think
that they took control of the drones however. U.S. military personnel in Iraq discovered this when they
apprehended a Shiite militant whose laptop contained the files of intercepted drone video feeds. Gen.
Deptula stated, in regards to the incident, that there was an inherent risk to using drones since they are
remotely controlled and need to send and receive video and other data over great distances. The military
was however trying to solve the problems by better encrypting the drones’ feeds. Military officials stated
that adding encryption to a network that was more than a decade old involved more than placing a new
piece of equipment on individual drones. Instead, many components of the network linking the drones to
176
EPIC., 2012., Comments on the Federal Aviation Administration of the Department of Transportation.
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and drones., p.12.
178
Information and Privacy Commissioner of Ontario, Canada., 2012., Privacy and drones., p.25.
177
Page 48 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes 179. This
echoes the arguments for designing privacy protections into the design, rather than bolting them on later
at a more expensive prize.
Another example is found in a demonstration by Todd Humphreys at the University of Texas in front of the
Department of Homeland Security. With a few researchers, around $1.000 in parts and some sophisticated
software to send signals to an UAV’s GPS receiver he hijacked a UAV in mid-air, effectively controlling it.
Humphreys explained ‘The navigations systems of these drones have a variety of sensors, but at the very
bottom is a GPS unit’ – and most of these UAVs which will be used in the civilian airspace have a civilian GPS
unit, that is vulnerable to those who are able to spoon feed false navigation information to the navigation
centre of these UAVs. He furthermore warned the FAA about not adjusting to these threats, as these can
cause serious collisions. Although he is a supporter of the utilities of UAVs he still warned of their threat to
privacy which he also called for the FAA to address before opening the U.S. airspace in 2015 180.
Privacy advocates further expect that law enforcement will start to call for actual intervention in law
enforcement situations. The development of airborne technologies that would allow UAVs to dispel
protesters (through gas or other technologies), stop a fleeing vehicle or even deploy weapons is of great
concern181. This should not be a problem under SUNNY, where no mention of armed UAVs has been
uttered.
There is also a fear that increased surveillance will lead to a Panoptican chilling-effect 182. It is proven that
people who are being observed start to behave differently and make different decisions.
Other associated problems are institutional abuse and discriminatory targeting. Law enforcement, as most
other workplaces suffer the consequences of having ‘bad apples’. When these ‘bad apples’ sit on the top of
the chain, abusive behaviour can spread quickly. Many law enforcement agencies have notorious human
rights records characterized by abuse. Trusting them to handle UAS’ can have detrimental effects on human
rights.
9. Guiding Principles for SUNNY
The EC has stated in one of its working documents that the development of RPAS must respect the rights
and principles enshrined in the CFREU, and in particular the right to private life and family life (Art.7) and
the protection of personal data (Art.8). The Lisbon Treaty recognizes that these rights have the same value
as treaties. The document further stresses that the Data Protection Directive must be respected as it also
applies to RPAS. It is merely an extension of technologies that collect PII already available in cameras and
179
Gorman, Dreazen & Cole., 2012., Insurgents Hack U.S. Drones.
st
RT., 2012., Drone hack explained: Professor details UAV hijacking (Accessed 21 of March 2012).
181
American Civil Liberties Union., 2011., Protecting Privacy – From Aerial Surveillance – Recommendations for
Government use of Drones., p.11.
182
Refers to the ‘Panoptican Prison’ created by Jeremy Bentham – The concept of the design is to allow a watchman to
observe (-opticon) all (pan-) inmates of an institution without them being able to tell whether or not they are being
watched.
180
Page 49 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
satellites. Similarly, the new General Data Protection Regulation will apply to data processing by
commercial RPAS operators. The EC claims there is no need for a new or modified legal privacy and data
protection regime to accommodate commercial RPAS applications, which of course could be discussed
further. National rules might impose restrictions on the use of RPAS by states, for example, for public video
surveillance. In order to allow for the development of RPAS services for state use, some degree of
harmonisation might need to be envisaged. To that end, the different national rules would need to be
analysed. The future adoption of the new Police and Criminal Justice Data Protection Directive, would, if
adopted, define the benchmarks for data processing carried out by law enforcement. The EC does
recommend that PbD be considered during the development of RPAS.
The EC also called for transparency and extensive consultations to be a factor in the development of RPAS,
considering the negative perception that may surround their use. It stated that the European Group on
Ethics, the LIBE Committee of the European Parliament of the EU, the Agency for Fundamental Rights and
the EDPS would be natural organizations to consult with. Defining permissible and forbidden usage of RPAS
could further increase public confidence. The EC also stressed that privacy and data protection PIAs could
further strengthen their position.
The Data Protection Directive does not apply to state use of RPAS in the context of police and border
surveillance. In these cases, national rules apply. If Member States however agree on the adoption of the
Police and Criminal Justice Data Protection Directive would be a good step for the harmonization of data
protection rules. Such harmonization, according to the EC, would further strengthen the perception of
RPAS. Nonetheless, the EC has recommended that PbD be considered for the development of RPAS’. PbD
however is based upon FIP which is what the Data Protection Directive has codified. The correct
implementation of PbD also requires a user-centric approach that goes beyond mere compliance, and to
have a sincere interest in protecting privacy and personally identifiable data.
Such a line of thought is line with the British DPA, the ICO. In its document on Data Privacy and Border
Control the DPA recommend adhering to the principles of PbD, especially data minimisation, the
employment of PETs and utilizing PIAs. This it argues should specifically be applied to technologies such as
UAS, profiling of travellers and future checkpoints. This is because the ultimate aim should be to secure
borders AND protect data/privacy.
UAVs have primarily become famous or rather infamous due their use on the battlefield as a weapon.
However, even on the battlefield their primary purpose is surveillance. The main arguments applied for the
use of UAVs is their potential endurance and persistence, cost-effectiveness (although some are concerned
that the cost of UAVs will rise) and their ability to function in environments which are difficult for human
beings – i.e. ‘dull, dirty and dangerous’.
Furthermore, since they do not require carrying a pilot it is possible to keep them relatively small, providing
low visibility and enabling a ‘stealthy’ approach. Therefore people will often be unaware that they are being
observed by the UAVs. This is of course an advantage in warfare, but raises many questions when it comes
to surveillance. The prospects of cheap, small, portable flying video-surveillance machines threatens to
eradicate existing practical limits on aerial monitoring and allow for pervasive surveillance, police fishing
expeditions, and use of these tools in a way that could eventually eliminate the privacy people expect .
Page 50 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
It poses a series of questions with regard to collection, retention, use, disclosure and eventual safe
destruction of PII, just like in any other data processing scheme. These concerns are applicable to
government agencies, commercial entities or small entities such as private individuals alike.
A natural comparison is often made between the use of Closed Circuit Television (CCTV) cameras (either
fixed ones or those used in a helicopter for example) and the surveillance capacity of UAVs. Public
surveillance is not necessarily illegal in Europe, but must be balanced up against individuals’ right to private
life.
In ‘Peck vs. the United Kingdom’ the ECtHR reiterated that ‘the monitoring of the actions of an individual in
a public place by the use of the photographic equipment which does not record the visual data does not, as
such, give rise to an interference with the individual’s private life’. Public surveillance which records visual
data will therefore be considered personal data under the Data Protection Directive and would invoke
individual rights that are stated in it. That means that individuals whose images are recorded should have
the right to consent, access and correct, which is quite difficult in practice. To compare, Google have been
required by the EU to warn local residents (and online) before sending out the cameras for Google Street
View and to keep the unblurred versions of the photos no longer than 6 months, instead of a year, which
was previously the case .
It is however difficult to inform individuals of the presence of UAVs due to high altitude the may fly at
(providing invisibility), their silence and the extensive territory they may cover. Nonetheless, there could be
creative solutions such as local and online warnings. When authorities are carrying out covert surveillance,
which they are not required to notify, they must conform to national surveillance laws. Furthermore, if
UAVs are hovering over homes, possibly with thermal imaging, etc. they would likely need further special
authorization. Large scale, random surveillance of communities and populations using such enhanced UAVs
would be difficult to justify however. This latter example would however be an improbable result of the
SUNNY project as UAVs are expected to fly over border areas.
In its presentation to the European UAS Conference, the Dutch police informed that images of people will,
in most cases, fall under the national data protection legislation derived from the Data Protection Directive.
Images or voices will be considered personal insofar that they provide information on an individual that
make him/her identifiable, even if indirectly, and that will engage the jurisdiction of the Directive. So will
the information about people that is derived from such images (for example vehicle registration numbers).
Such data can also reveal sensitive personal data.
National interpretations of the Data Protection Directive have however varied (which is one of the reasons
why the EC has proposed a new General Data Protection Regulation). In Norway, camera-surveillance of
persons that can be recognized on the images will enact the national law that implements the Data
Protection Directive (personopplysningsloven). This legislation was amended in 2012. One of the changes
that were made was the introduction of the word ‘fixed’ – referring to fixed-cameras – cameras that are
fixed to one determined location. Camera-surveillance there means ‘consistent, regular or repeated
surveillance with the assistance of a remotely-controlled or automatic surveillance-camera or similar
equipment that has been fixed’ in a certain location. This means that handheld cameras will not be
considered camera-surveillance in this piece of legislation. UAV cameras are fixed to the vehicle, but not to
a specific location. Private camera use is nonetheless restricted in this law when it comes to the
publication, but not to the recording itself. The Norwegian DPA (Datatilsynet) expressed a concern that if
Page 51 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
UAV technology becomes so accessible, cheap and technologically fascinating then many will be tempted to
abuse these cameras for surveillance, spying and voyeurism.
10. Annex 1: Recommendations made for other EU Projects
10.1 OPARUS
OPARUS has been developed under the auspices of the EU’s Seventh Framework Programme. The goal of
OPARUS was to elaborate an open architecture for the operation of unmanned air-to-ground wide area
land and sea border surveillance platforms in Europe. This is based on an analysis of concepts and scenarios
for UAV-based aerial surveillance of European borders (Schengen). The architecture will consist of different
operational and technical aspects covering surveillance sensors, aerial platforms, communications and
networking and control stations 183. The threats they identified were illegal immigration, smuggling and/or
terrorism, and the solution was of course the use of surveillance through UAVs with new sensors 184.
Ms Jeanny Lucas from SAFRAN CNIL advised the OPARUS consortium on the ethical aspects by focusing
primarily on privacy. She emphasized that the Data Protection Directive would be applicable for the use of
UAVs in the civil domain. Moreover, Lucas argued that to provide a roadmap for the development of a
project in which privacy is protected, she recommended the implementation of PbD, to which it is
important to apply PIA’s in order to identify threats and solutions to privacy protection 185.
Furthermore, Lucas has addressed the complex legislative environment in which such a project would take
place. One example would be when a ship with persons on-board is identified by taking images from a UAV.
In such a case the Data Protection Directive should be applied she argued – which is the same argument
utilized by the Dutch Police during the European UAS Conference. Lucas further raised some standardized
questions that would need to be responded in order to respect the Directive:









Who is responsible for the processing?
What organization requires the collection of the data?
Who will process the data?
What is the perimeter? What legislation applies? Are they State- or private actors?
Will any individual be filmed or can individuals be indirectly identified?
Is there a clear division of responsibility within the processing scheme?
What type of data will be processed?
How long the images will be stored?
Has the data receiver be identified and authorized for data processing 186?
183
OPARUS., 2011., Workshop 1 Report., p.1.
OPARUS., 2011., Workshop 1 Report., p.6.
185
th
European Commission., 2011., Unmanned Aircraft System Panel Process – 4 Workshop on Societal Dimension.,
p.8-9.
186
OPARUS., 2011., Workshop 1 Report., p.8.
184
Page 52 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Lucas concluded that the whole process should meet the Data Protection legislation framework. She also
stated that PII data transfers would be unproblematic as this particular project would be restricted to the
Schengen area. Nonetheless, Lucas did remind the consortium that the Data Protection Directive has some
exceptions in fields such as;







Safety
Defence
Public security
Prevention and research
Detection and penal infringement pursuit or deontology issues for regulated work
Control, inspection or regulation mission, even occasionally, in cases of public security, prevention,
detection and financial or economical interest
Concerned people protection or right and liberty of other people.
Additionally, Lucas reminded the consortium of the relevance of the Binding Corporate Rules (BCR), which
are supported by the EU and were developed by Art.29 Working Party (representatives of every national
DPA in the EU). The rules stress that multinational corporations, international organizations and groups of
companies that make intra-organizational transfers of PII across borders must comply with the Data
Protection Directive. The legal requirement in the Directive is that the country to which the transfer will be
made has an adequate level of data protection (i.e. the same as in the EU). Finally, she raised the question
of whether it is problematic to receive images from third countries (non-European) under the Data
Protection Directive – to which she claims Frontex have stated that this issue is regulated on a case by case
basis through bilateral agreements 187.
10.2 PRESCIENT
Another EU project that is relevant to SUNNY is called PRESCIENT. It aims to identify and assess privacy
issues posed by emerging sciences and technologies and to contribute to the development of new
instruments for the governance of science and technology 188. The project has identified research that
specifies a range of negative implications on privacy and data protection. References are made to
comments from EPIC about UAVs increased capability to monitor citizens clandestinely and that its cost
may outweigh the benefits. More comments are made about the possibility of mass deployment of UAV
surveillance as this could lead to an environment where individuals believe that a UAV is watching them
even when no UAV are in operation. This could create a self-governing effect as described by Jeremy
Bentham in the Panoptican prison. Moreover, the advancement of surveillance technology threatens to
erode society’s expectations of privacy 189.
A deliverable from the project also states, as this report has highlighted, that there is a lack of international
and European legal framework to govern UAVs. Furthermore, it emphasises that UAV regulations are likely
187
OPARUS., 2011., Workshop 1 Report., p.8.
PRESCIENT., 2013., http://www.prescient-project.eu/prescient/index.php (Accessed on the 4th of March 2013).
189
PRESCIENT., 2012., Deliverable No.2 – Privacy, data protection and ethical issues in new and emerging
technologies., p.97.
188
Page 53 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
vary depending on the model, size, weight and speed, making regulations significantly complex and difficult
to understand and enforce. ‘The Economist’ also warned that, ‘below a certain size, unmanned aircrafts
could be impossible to regulate’ 190. One of the main problems will be that in many countries, there will be
an ‘alphabet soup’ of organizations that have some jurisdiction over UAVs 191.
The document further refers to arguments made by law enforcement officials who state that UAVs will not
present any new form of surveillance, as this is what has been done with helicopters for a long time 192. This
is however, misleading, considering the stealth and the endurance of these UAVs which gives surveillance
increased covertness and longevity.
When it assesses European privacy and data protection legislation, it makes special emphasis on the CFREU
of 2000’s Art.7 and 8, which protects privacy, family life, home and communications, and data protection
respectively. Highlighted are the rights to fair processing, consent, access to data and the right to
rectification. The ‘Peck vs. United Kingdom’ case of the ECtHR is mentioned, as it reiterates that ‘the
monitoring of the actions of an individual in a public place by the use of photographic equipment which does
not record the visual data does not, as such, give rise to an interference with the individual’s private life’,
making public surveillance such as CCTV lawful under the Charter. Under this consideration, the document
argues, UAVs surveillance that monitors but does not record would be lawful. However, public surveillance
which does record visual data would be considered ‘personal data’ under the CFREU and would mean
subjects have rights of access and correction 193.
11. Annex 2: Guiding questions to consider
In order to respect the principles of Privacy by Design SUNNY must have a genuine intent on respecting the
right to privacy and data protection. That interest must go beyond mere compliance and must secure that
the foundations for the protection of these rights are set out in three areas; information technology,
accountable business practices and the physical design and infrastructure in which the project will operate.
The intent of complying with the FIP Principles can be a good start to consider a serious lifecycle protection
of PII. The report will end with some guiding questions that will help set of some initial considerations for
SUNNY.
Collection Principle:
 Who is responsible for data collection?
 Who is responsible for data processing?
190
PRESCIENT., 2012., Deliverable No.2 – Privacy, data protection and ethical issues in new and emerging
technologies., p.98.
191
PRESCIENT., 2012., Deliverable No.2 – Privacy, data protection and ethical issues in new and emerging
technologies., p.99.
192
PRESCIENT., 2012., Deliverable No.2 – Privacy, data protection and ethical issues in new and emerging
technologies., p.99.
193
PRESCIENT., 2012., Deliverable No.2 – Privacy, data protection and ethical issues in new and emerging
technologies., p.100-101.
Page 54 of 66
SUNNY D1.4: Surveillance societal and ethical aspects







Has the responsibility for collection and processing been divided and understood in a legally
binding document?
How will unnecessary data aggregation be avoided?
Will UAVs with surveillance capacities be operated by law enforcement or civilian actors?
What kind of data could be collected?
Could PII be collected?
Are adequate data collection and processing management procedures in place?
Has the lifecycle of PII been identified?
Data quality principle:
 What is the purpose for collecting PII?
 Will the data collected by UAVs be of necessary quality for its purposes?
Purpose specification principle:
 Is there a legitimate reason for collecting PII?
 Will UAV surveillance data be used for evidence collection?
 Has there been carried out a PIA?
 How will the impact on individual’s privacy be mitigated?
Use limitation principle:
 Who will access data?
 Should the use of UAV be geographically confined?
 Should the use of UAV be confined to specific time-limits?
 Is there a proper framework for the legitimate sharing of data?
 Is disclosure minimized?
 When is PII no longer necessary to store?
 Is there a way to secure that PII is destroyed when it is no longer necessary?
Security safeguards principle:
 Could PII data collected by a UAV be depersonalised?
 Who is responsible for identifying inadequate receptors of PII?
 Will the exchange of PII be logged?
 How will UAVs integrate with other systems while maintaining the security for PII?
 Are there PET solutions available?
 Are proper safeguards with regards to the physical storage of PII in place?
 Are all the security risks in the PII lifecycle identified and mitigated?
Openness principle:
 Is there a contact point for the public?
 Is there a transparent policy regarding the use of UAVs for surveillance purposes?
 Is there a way to notify the public of the surveillance?
 Has there been written a public data collection statement?
Individual participation principle:
 Is there a possibility of receiving subject access requests?
 Who are responsible for receiving subject access requests?
Page 55 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Accountability principle:
 Who is responsible for the potential violations of data protection and privacy rights?
 What could the impact on individuals be if such PII is collected?
 Will there be a data protection supervisor?
 Is there adequate democratic control regarding the use of UAVs?
 Are relevant DPA’s informed and consulted?
Page 56 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
12. Annex 3: The Situation at the External Border of the EU
This is an annex to Deliverable 1.4. for the SUNNY project. The aim of the annex is to shortly describe the
movement across the external border of the EU, with a particular focus on irregular migration and crossborder crime. Particular attention will be placed on those indicators related directly to border-crossings
which could be detected by the surveillance activities that will be tested in SUNNY. Irregular border
crossings in the maritime domain and at the external land borders will be addressed thoroughly. The report
will excludes analysis of pre-frontier control mechanisms such as Visa systems; post-border issues such as
prolonged irregular stay; forgery of documents; and the return of migrants. Irregular border crossings will
be analysed in statistically and in terms of the routes used. The annex will then shortly describe the number
of asylum applications submitted in the EU, as well as the number of facilitators that operate around the
EU’s external borders. Finally, the most relevant cross-border crime aspects will be addressed.
Irregular border-crossings
Frontex report that there was a sharp increase in the detections of migrants who irregularly crossed the
EU’s external borders from 2012 to 2013. 72.500 detections were made in 2012, while 107.000 were made
in 2013. This represents an increase of 48%. The number of detections for 2013 is however, more along the
lines of the detections made in 2009 and 2010 (104.600 and 104.000 respectively). During 2011, which was
the year of the “Arab Spring”, 141.000 detections were made, that being the highest number of detections
in a year so far since Frontex started registering these numbers 194.
Three phenomena characterized the recent trend: a large increase in Syrians applying for asylum after
taking the Eastern- or Mediterranean route; a steady flow of migrants departing from North Africa (Libya
and Egypt) who travelled across the Central Mediterranean; and finally a sharp increase of migrants
crossing the land-border between Hungary and Serbia 195.
The most common nationalities of those detected were Syrian, Eritrean, Afghan and Albanian. These
nationalities accounted for 52% of the total detections (55.400). Syrians represented approximately a
quarter of the total number of detections. The number of Syrians detected tripled between 2012 and 2013
and was by far the most common nationality among asylum seekers (50.096 applications – almost twice the
number of applications made in 2012).
194
195
Frontex., 2014., Annual Risk Analysis., p.7.
Frontex., 2014., Annual Risk Analysis., p.7.
Page 57 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
(BBC map of the migration routes, 2013)
Central Mediterranean
Detections progressively increased in the Central Mediterranean throughout 2013, peaking in the third
quarter, before it reached a total of 40.304 detections at the end of the year 196. Detections in the Central
Mediterranean represented 38% of all the irregular border crossings. This represented a fourfold increase
in detections compared to the previous year (albeit below the number from 2011) 197. The lack of a stable
government in Libya made it an easy departure point for facilitators to use, by organizing boat trips 198. SubSaharan and Eastern Africans (especially an increasing number Eritreans) used the Central Mediterranean
route. The exception was Syrians who ranked second, even on this route. Somalis, Nigerians, Malians,
Senegalese and Gambians were among the common nationalities that used the same route 199. Some 1.982
Egyptians were also detected on this route in 2013 200. There is a strong tendency of numbers peaking in the
summer months, when the weather conditions are easier to travel under 201. This is also a route where a
large number of boats capsize. The use of rubber boats has been reported to have become more common,
mostly by sub-Saharan Africans. These boats are, in comparison with fishing boats, even more likely to
196
Frontex., 2014., Annual Risk Analysis., p.8.
Frontex., 2014., Annual Risk Analysis., p.30.
198
Frontex., 2014., Annual Risk Analysis., p.8.
199
Frontex., 2014., Annual Risk Analysis., p.30.
200
Frontex., 2014., Annual Risk Analysis., p.34.
201
Frontex., 2014., Annual Risk Analysis., p.32.
197
Page 58 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
capsize. However, since they are the cheapest sailing option, they are often preferred. This tendency
requires search and rescue operations to be carried out even closer to the Libyan coast 202.
In 2014, estimates say that more than 40.000 people have reached Italian shores, which is more than the
number of immigrants who arrived in Italy by boat in the entire 2013 203. The Italian authorities have saved
more than 50.000 people at sea, and the number is in fact expected to surpass the record from 2011 when
approximately 62.000 people arrived in Italy 204. That estimate has taken into account that approximately
600.000 migrants are in transit in Libya, waiting to depart. The summer months are heavily trafficked and
between the 5th and 9th of June some 4.500 people were picked up by the Italian navy. Somewhere around
2.000 migrants have reached Malta since the start of the year 205.
Eastern Mediterranean
There were 24.800 detections in the Eastern Mediterranean in 2013, that being the lowest level of
detections since 2009. It was nonetheless ranked second, of all the various routes in the EU, as far as
detections go 206. The peak was reached in 2011, when 57.025 detections were made. Most detection of
irregular migrants was made in the Eastern Aegean Sea, followed by the land border between Bulgaria and
Turkey 207. The decrease is probably owed to strengthened surveillance on the Greek side, the erection of a
fence along the 12-km land connection with Turkey, the deployment of border patrols along the river Evros
and change to internal policy related to asylum and returns 208. Frontex also carried out Joint Operations
Poseidon Sea and Land in the region to stem irregular migration near Greece 209.
Syrians represented more than half of all detections on the route (12.727 – 51%). They were mostly
intercepted on the border between Bulgaria and Turkey, but were also the nationality that was intercepted
the most on the border between Greece and Turkey. In most cases, they travelled in family groups. In
Bulgaria they often applied for asylum, while in Greece this was less common, probably due to the
conditions asylum seekers live in in Greece. Afghans ranked second (6.129), mostly detected in the Eastern
Aegean Sea. The detections of Afghans have declined since 2011 however (19.618). The decline was also
applicable to Africans from 8.479 in 2012 to 3.460 in 2013 210.
In the Aegean Sea, most migrants targeted the islands of Lesvos and Samos. Most of the migrants (70%)
were detected on the islands after their crossing. Afghans and Syrians were the most detected
nationalities 211.
202
Frontex., 2014., Annual Risk Analysis., p.34.
Time Magazine., 2014., Boat Migrants Risk Everything for a New Life in Europe.
204
Reuters., 2014., EU should share out refugees rescued at sea: UNHCR.
205
The Guardian., 2014., Thousands of migrants cross Mediterranean in effort to reach Europe.
206
Frontex., 2014., Annual Risk Analysis., p.8.
207
Frontex., 2014., Annual Risk Analysis., p.8.
208
Frontex., 2014., Annual Risk Analysis., p.32.
209
Frontex., 2014., Annual Risk Analysis., p.35.
210
Frontex., 2014., Annual Risk Analysis., p.35.
211
Frontex., 2014., Annual Risk Analysis., p.37.
203
Page 59 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
The Western Balkan
The Western Balkan route saw 19.500 detections in 2013, rising from the 6.400 detections made the
previous year. The land border between Hungary and Serbia was heavily transited. Many of the detected
migrants applied for asylum and subsequently absconded to continue their journey to other Member
States, according to Frontex 212. Kosovo was the most detected nationality, representing 32% of all the
detections on this route. Media campaigns in Kosovo and return flights from Hungary to Pristina started to
create a decline in detection rates towards the end of 2013. Among other common nationalities Frontex
registered Pakistanis and Afghans. African and Asian migrants were often detected on the border between
Hungary and Serbia, after originally having crossed the external border on the Eastern Mediterranean route
and then transited through the Western Balkans via Greece and the Former Yugoslav Republic of
Macedonia, and increasingly via the Bulgarian-Serbian border. It is worth noting that Croatia’s accession to
the EU on the 1st of July 2013 did not affect the movement of migrants along the Western Balkan 213.
Albania and Greek border
Circular migration between Albania and Greece increased substantially (59%) to total 8.729 detections. In
2009 and 2010 however, the number of detections reached 40.250 and 35.297 respectively 214.
The Western Mediterranean
The Western Mediterranean area experienced 6.800 detections, while 300 were made in on the Western
African route. These were stable and comparable numbers to the year before 215. There are several areas on
this route; especially important are those close to the southern Spanish coast and the border areas of Ceuta
and Melilla. Nearly two-thirds of the detections in 2013 were reported at the land borders of Ceuta and
Melilla. Frontex consider this to be due to the effective prevention of sea departures by the Moroccan
authorities. The Joint Operation Indalo has probably also reinforced this effect. Furthermore, Frontex
warned of the potential risk of larger groups crossing the borders of Ceuta and Melilla 216, a prediction
which came true in the summer of 2014 when more than 1.000 migrants stormed a razor-wire fence at
Melilla 217.
The detections made by Spanish authorities are often of unknown nationalities, but they are normally
assumed to be sub-Saharan Africans in most cases. These migrants are often reluctant to cooperate with
the authorities 218.
212
Frontex., 2014., Annual Risk Analysis., p.8.
Frontex., 2014., Annual Risk Analysis., p.38.
214
Frontex., 2014., Annual Risk Analysis., p.32.
215
Frontex., 2014., Annual Risk Analysis., p.8.
216
Frontex., 2014., Annual Risk Analysis., p.39.
217
The Guardian., 2014., Europe faces 'colossal humanitarian catastrophe' of refugees dying at sea.
218
Frontex., 2014., Annual Risk Analysis., p.39.
213
Page 60 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Black Sea
According to Frontex, detections of irregular migrants along the Black sea are extremely rare. However, in
2013 Bulgaria and Romania reported incidents of where Syrians and Afghans were detected. These
incidents were nonetheless considered isolated cases which could be a response to increased surveillance
on the Eastern Mediterranean route and the increasing number of migrants in transit waiting to get to the
EU from Turkey 219.
219
Frontex., 2014., Annual Risk Analysis., p.40.
Page 61 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Asylum applications
In 2013 a total of 1.1 million people submitted an asylum application worldwide, and most of them in
developing countries. This is just a small proportion compared to the total of over 50 million refugees
worldwide. Germany was the largest single recipient of asylum applications in the world220. Data provided
by Frontex suggest that applications increased by 28%, totalling 353.991 asylum applications in the EU (up
from 276.308 the previous year). Naturally, the most common nationality among applicants was Syrian
(50.096). Almost two-thirds of all Syrian applications in the EU were made in Sweden, Germany and
Bulgaria 221. Russians (often in Poland and Germany), Afghans and nationals from the Western Balkans
(often in Hungary) represented the majority of the nationalities that applied for asylum in the EU 222.
Facilitators
The detection of facilitators actually decreased from 2012 to 2013 by 11%. A total of 6.900 detections of
facilitators were made in Frontex considers this to be due to the shift towards the abuse of legal channels
and the use of document fraud to enter the EU. In this way facilitators can operate remotely rather than
accompanying the migrants 223.
220
UNHCR., 2014., Global Trends.
Frontex., 2014., Annual Risk Analysis., p.8.
222
Frontex., 2014., Annual Risk Analysis., p.49.
223
Frontex., 2014., Annual Risk Analysis., p.8.
221
Page 62 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Cross-border Crime
Drug smuggling
Cannabis resin had been the most seized drug in Europe for many years according to information Frontex
has received. Morocco is the main provider, despite its production capacities being reduced. Afghanistan
however is re-emerging. Spain reported the largest detections, having seized amounts that exceeded
domestic demand by around 15%. Secondary movement of cannabis to the Netherlands and Belgium in
particular has been a common pattern. The smuggling of cannabis across the EU external border has
however decreased in later years due to increased domestic production. The tendency has nonetheless
differed in parts of southern Europe where Albania has increased supplies to Greece, Italy, Slovenia and
Hungary 224.
Cocaine is the third most intensively smuggled drug in Europe after cannabis resin and herb. The seizures
had increased from the mid-nineties up to 2007, but declined from 2009. Spain accounted for
approximately 50% all cocaine seizures between 2001 and 2011. Most of it came from South America
(Argentina, Brazil, Chile, Colombia, Ecuador, Mexico, Peru and Venezuela). Some if it was also channelled to
Europe through West-Africa (Guinea, Guinea-Bissau, the Gambia and Senegal). Traffickers used aircrafts,
speedboats, maritime vessels and couriers on commercial flights. Even the Balkan Sea route has been used
in later years, where Bulgaria, Greece, Romania and Turkey have made important seizures 225.
The seizures and treatment numbers could suggest that the heroin use in Europe has been decreasing for
the last decade. The smuggling of heroin has nonetheless kept using traditional routes. Most of it is
produced in Afghanistan and to a lesser extent in Iran and Pakistan. It is mostly transported either through
the Balkan route (through Turkey) or the Northern route (through Central Asia and the Russian
Federation) 226. Seizures in Turkey increased three to four times between 2001 and 2009, representing a
contrasting trend to the rest of Europe. From here the heroin tends to be smuggled in through the land
borders of Greece or Bulgaria 227.
Trafficking in Human Beings
Victims of human trafficking are often not aware of their destiny when they are smuggled and/or
intercepted by border guards, for which they represent a very difficult challenge for the authorities. The
number of identified victims registered has increased from 3.691 in 2008 to 5.535 in 2010. Improved
reporting could be one reason for the increased identification rates. The identified victims were primarily
from Nigeria, China, Paraguay, the Dominican Republic, Colombia, Russia, Brazil, Vietnam, Namibia and
Algeria 228.
224
Frontex., 2014., Annual Risk Analysis., p.42.
Frontex., 2014., Annual Risk Analysis., p.43.
226
Frontex., 2014., Annual Risk Analysis., p.43.
227
Frontex., 2014., Annual Risk Analysis., p.44.
228
Frontex., 2014., Annual Risk Analysis., p.45.
225
Page 63 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
European foreign fighters in Syria
Europeans with a jihadist agenda fighting in Syria has significantly increased in 2013 according to
information provided to Frontex. Reports show that at the end of 2013, somewhere between
approximately 400 to almost 2.000 persons travelled to fight in the Syrian conflict 229. This represents a
challenge for border guards.
Weapons smuggling
The French police discovered a large smuggling ring in December 2013 who smuggled firearms and
ammunition through the Western Balkans. There have also been large discoveries in Greece. Frontex have
also been warned by UNODOC that the instability in Northern Africa and the Middle East might fuel the
weapons smuggling 230.
229
230
Frontex., 2014., Annual Risk Analysis., p.45.
Frontex., 2014., Annual Risk Analysis., p.46.
Page 64 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
Outlook
Frontex considers it likely that irregular migration to the EU will continue in large numbers. More migrants
will require search and rescue operations and international protection. Secondary movement of migrants
within the EU is also expected according to the Agency 231.
The Agency predicts that the Mediterranean will continue to be the main crossing point for migrants. It also
recognizes that there will be an increased demand on authorities to engage in search and rescue operations
in large geographic areas, in particular in the Mediterranean Sea. Sub-Saharan Africans departing from
Libya is not expected to decrease 232. Egypt and Tunisia could also become potential hot-spots for
departures of migrants.
Furthermore, it expects to see an even larger number of people seeking international protection at the
external borders. As long as the Syrian civil war continues unresolved the number of Syrians seeking refuge
will continue 233.
It is worth to note that UNHCR, in its new Global Trends report, states that the number of refugees
worldwide at the end of 2013 exceeded 50 million people for the first time since WWII. The number grew
by 6 million from the previous year, which is mainly due to the war in Syria, but also due to armed conflicts
in countries such as the Central African Republic and South Sudan. No European country is among those
countries hosting the largest numbers of refugees either, as it is a problem which in its majority is absorbed
by other developing countries. Pakistan, Iran and Lebanon are the countries that host the largest number of
refugees. 3.5 million People are seeking refuge in Asia and the Pacific, thereby constituting the regions with
the most refugees in the world 234.
The borders with Turkey are also expected to see a large number of irregular border crossings. On the
Southern Mediterranean route, surveillance has been enhanced along the Greek land border with Turkey.
This has led to displacement to the Eastern Aegean Sea and the Bulgarian land border with Turkey. This will
require larger and better reception facilities and increased allocation of resources for search and rescue
operations 235.
It is possible that organised crime groups could get increasingly involved in the facilitation and smuggling of
migrants and trafficking in human beings across the external borders of the EU. There are still however
great uncertainties about the level of organization and structure of the smugglers. Many are opportunistic
groups with a low level of organization. Little is known about the potential connection between smugglers
and traffickers as well 236.
231
Frontex., 2014., Annual Risk Analysis., p.9.
Frontex., 2014., Annual Risk Analysis., p.63.
233
Frontex., 2014., Annual Risk Analysis., p.63.
234
UNHCR., 2014., Global Trends.
235
Frontex., 2014., Annual Risk Analysis., p.63.
236
Frontex., 2014., Annual Risk Analysis., p.66.
232
Page 65 of 66
SUNNY D1.4: Surveillance societal and ethical aspects
In the end, cross-border movement on the external borders of the EU will to a large extent be dependent
on external social, political and economic factors in third countries. The Arab spring created an unexpected
influx of migrants, but also debilitated border control in third countries such as Tunisia, Libya and Egypt.
The influx of Afghans and Iraqis in previous years was more predictable due to the U.S. invasion. It is
however difficult to predict what will happen on the external borders of the EU.
Tunisia are trying to implement a democracy, but it is however unstable. Libya is struggling to create a State
apparatus but is not advancing quickly, quite on the contrary. It seems to be a failed State. That is
unfortunately likely to remain the same for another few years. Migrants from sub-Saharan Africa will
therefore probably continue to travel through Libya in order to migrate to Europe. Egypt has suffered two
coup d’états and has recently held elections of dubious standards where a former military general has been
elected president. That election followed by systematic human rights abuses will continue to fuel instability
in Egypt. The wars in Iraq and Syria have morphed into each other, creating a very unpredictable
environment that will most likely force a lot of people to flee their homes. It will perhaps also create a void
that can be exploited by criminal and terrorist groups. These conflicts are already having a spill-over effect
that must be considered. There can also be many situations further away from the EU’s external borders
that will affect the cross-border movement.
Page 66 of 66
Related documents
Constitution Day: A Panel Discussion on Privacy and Surveillance Social Science
Constitution Day: A Panel Discussion on Privacy and Surveillance Social Science
Discussion 1 Computer Organization 1. 2.
Discussion 1 Computer Organization 1. 2.
Download
advertisement