This is the written version of the presentation I held during the sixth IAP 5/16 meeting of December 16, 2004 in Rotterdam wherein : - I further elaborate the concept of correlated human tending to rebaptise the thing detectable or (re)traceable human - I search a slope beyond boom and doom scenario’s - I look again into the legal system, distinguishing between opacity tools and transparency tools - I defend the idea that data protection is much more relevant for the correlated/detectable/(re)traceable human than privacy.

The correlated human revisited. A slope beyond boom and doom

I. Introduction
II. The 19th century’s Ms. and Mr. Average. Measurement.
III. The contemporary correlated human. Detection. (The detectable or traceable human).
IV. Beyond boom and doom
V. The democratic constitutional state
1. Double bind : order and liberty
2. Three essential constitutional mechanisms
a. human rights : bulwarks and political empowerment
b. rule of law : legality and trias politica
c. democracy : representation, participation, transparency, accountability
VI. Two legal tools : opacity of the individual and transparency of power
1. Stopping power through opacity tools
2. Channeling power through transparency tools
3. Distinguishing both
Articles 7 and 8 of the Charter of Fundamental Rights of the European Union
VII. Privacy as an opacity tool. Data protection as a transparency tool. But not exclusively !
VIII. Back to correlated or detectable or traceable humans
1. Application of the existing legal framework
2. Prospective account : What should be protected through opacity or privacy tools and what should be protected through transparency tools?

Appendix : Basics of data protection

I. Introduction

This presentation is devoted to the second transversal theme of the IUAP V/16 research project, namely the correlated human. As announced in the abstract I would like pick up the thread were we left it

Let me therefore quickly recall which researches we already undertook concerning the correlated human :
1. Our third network meeting of May 2003 in Gent already dealt a first time with the subject, with presentations by Jean Paul Van Bendegem, Mirelle Hildebrandt and myself (see www.imbroglio.be)
2. These presentations have launched a number of interesting critical reactions, both during the meeting and afterwards and further discussions took place in different fora (imbroglio.be, FIDIS, VUB-seminar, Paris Network meeting, WG Correlated Human, ...).
3. We established a working group around the subject (incl. Hans Comijn, Karen Fran?ois, Mirelle Hildebrandt, Wim Schreurs, Jean Paul Van Bendegem and myself) who started to work in a more structured way on the subject. In this working group we had a number of brainstormsessions and exchanges of abstracts and small papers. This has been fruitful and we have made quite some progress in understanding the thing that, at the moment of the weiting of the project we intuitively called the "correlated human" and in the ways to approach it, the ways it concerns us. I think, for myself surely, that I can summarise this shift like I did in title of my talk of today: when dealing with the "correlated human" we are now on a slope beyond doom and boom scenario’s

II. The 19th century’s Ms. and Mr. Average. Measurements

I would like to pick up the paper I presented during our network meeting in Gent in May 2003 under the title The correlated human and the human as seen by law (and which I have partly posted on imbroglio.be in the tree section)

In this paper I first focussed upon the 19th century human sciences. With explicit reference to Foucault I described how these human sciences were intertwined with techniques of normalisation, determined by the average values produced by the comparison of the members of a studied group. This statistical average defined what was to be considered as normal both as a scientific criterion and as a criterion for the policing and steering of behaviour. The normal individual of the 19th century was Mr. or Ms Average.

It is important to point at the fact that the scientific and statistical approaches of 19th century were prestructured or stratified. Human scientists and policy makers were searching for certain explicative etiological schemes: they choose to investigate the populations from the perspective of certain parameters which they believed to be relevant and pertinent. As such Lombroso inquired the skulls of detainees and Quetelet their social backgrounds, for they respectively believed that this parameter could provide an aetiology of criminal behaviour. In other words : the correlations established by 19th century scientists were the result of an oriented questioning: the chosen parameters or variables were pre-assumed to be relevant for the objet of study.

In a later comment on imbroglio.be Isabelle Stengers evoked the notion of measurement in this context. She wrote the following: "When you measure, you usually know what you measure in terms of intended meaning for a production of knowledge. Measurements are meant to be meaningful (they imply a stratification of variables)". Thus: measurements are purposeful, they answer an oriented questioning. It is important to bear this in mind, because it is a way to grasp what the shift from the "average human" to the "correlated human" implies.

III. The contemporary correlated human. Detections. The detectable or traceable human.

By inventing the concept of "correlated human" in our IAP-project we wanted to attest and express the shift, that today it are no longer preceding questions (and the structuration/stratification of parameters they imply) which are organising the search of correlations, but, on the contrary, it is the emergence of a correlation as such that has become the pertinent or interesting information, which in its turn will launch questions, suppositions and hypotheses. Nowadays, the upsurge of a correlation is the information

In my talk of May 2003 I linked this reversal of the d?marche to the development of the soci?t? de controle ? la Deleuze. The correlated human then refers to the individual who is almost permanently followed by control systems collecting and processing the traces she leaves in her tracks. In a sense it is the individual itinerary which is scrutinised, leading to an undifferentiated and in principle unlimited processing of data, which in its turn generates an equally unlimited ’correlative potential’ (the possibility of the establishment of an unlimited number of correlations between the gathered and processed data).

I also related the advent of the ’correlated human’ to the many developments in the field of information and communications technologies which indeed are the corollaries of the soci?t? de contr?le (and vice versa). Today an individual -consciously and unconsciously, voluntarily and involuntarily - leaves a vast amount of processable and thus swiftly ’correlatable’ electronic traces in his wake. This is of course sharply increased by the use of internet, of mobile telephones, of electronic financial systems, biometric identification systems, radio frequency tags, smart cards, ubiquitous computing, and so on. Thanks to ’convergence’, all these techniques participate in the spontaneous and automatic production of correlatable data. Add to this, the use of still more pervasive and powerful data mining and tracking systems and the ’correlative potential’ increases again.

Relating to this, in her personal memories Isabelle Stengers evoked the image of the ’generalised bubble chamber’. A bubble chamber, she wrote, is ’a container full of saturated vapour such that if you have an energetic particle travelling through it, its many successive encounters with a gas molecule will produce a small local liquefaction: quantum mechanics tell us that we cannot define the path of a particle but because of the bubble chamber we can "see" it, or its "profile"’. According to the metaphor of ’the generalised bubble chamber’ there is an unlimited number of detectors and detections surrounding us.
And we do and move, and leave traces and ’profiles’ which allow to ’see’ us. Hence: the correlated human is detectable and detected, (s)he leaves and is surrounded by traces, (s)he is retraceable

That is the new fact, certainly in comparison to the 19th century ’average human’. Because detections (as Isabelle Stengers emphasised) are not measurements I refer to Isabelle Stengers again : "Detections are linked to "traces" produced by the presence, activity, encounters of something. They register traces. This is something much wider than measurements responding to addressed questions: by themselves detections as such are asignifiantes. As such they do not have a specific meaning. But they can acquire meaning, as a result of the questions and concerns of the one who uses them. So, detections may correspond to measures, but first of all they are indeterminate "

I would like to point at things Isabelle Stengers derives from this :
 first the proposition that the new fact we want to address is maybe better described as the ’detectable’ human than as correlated human.
 second the idea that detections as such do not invade privacy because they are asignifiantes and undetermined. ’Who cares, Isabelle writes, if I got out of this autoroute there and at this time or that I bought such product at the supermarket’. As such, indeed, nobody cares.

IV. Beyond boom and doom

In my May 2003 presentation I did skip this stage of reflection. It is not that I thought it differently, but I did not focus upon it : I immediately proceeded on to possible further uses/processings that can be made of such traces/detections. What I dealt with were the powerful capacities of permanent identification, surveillance and control linked to the mere availability of these detections to all kind of actors. Indeed the traces and detections can all be very easily processed and correlated, in response to all possible kind of questions, e.g. "who left this autoroute, this day, at this moment, when these little boys disappeared ?"

Hence, the detectable human is the virtual object of a battery of information and profiling techniques, of prognoses, prognostics and (pro-active) interventions.

This way of seeing things of course tended a little bit to draw a doom scenario with regard to the introduction of ICT’s. Big brother en Kafka’s K are looming across the corner : humans can be, will be and already are made transparent by a totally opaque system of power. I am not going to dwell upon this scenario, it is well known : it is very often evoked. Yesterday (December 15, 2004) e.g. Wim Schreurs did send me a publishers’ synopsis of a new book by Daniel Solove The digital person (New York University Press 2004) which read as follows : "Seven days a week, twenty-four hours a day, electronic databases are compiling information about you. As you surf the Internet, an unprecedented amount of your personal information is being recorded and preserved forever in the digital minds of computers. For each individual, these databases create a profile of activities, interests, and preferences used to investigate backgrounds, check credit, marketproducts, and make a wide variety of decisions affecting our lives. (...) In this startling account of new technologies for gathering and using personal data, Solove explains why these digital dossiers pose a grave threat to our privacy. For example, they increase our vulnerability to identity theft, a serious crime that has been escalating at an alarming rate. Moreover, since September 11, the government has been tapping into vast stores of information collected by businesses and using it to profile people for criminal or terrorist activity."

Boom scenario’s on the other hand, namely scenario’s with a globally optimistic view on the future, have a tendency to minimise risks and dangers to values as privacy. I do certainly not adhere to the related ideas of the still increasing progress of technologies and of human well-being. But I do, of course, well understand the enthusiasm of Bruno Latour and Noortje Marres pertaining to the possibilities of tracing and exploring scientific controversies on the web. However, I think that this example cannot be generalised to the society as a whole, because the kind of retraceabilty and mutual transparency which delights them, are in my opinion precisely characteristic for the way scientific networks proceed. This cross-transparency and cross-checkability are making out the strength of scientific practices, maybe not of our societies as a whole Henceforth, I am not convinced by the ideal Transparent society of David Brin which is best served by the total mutual transparency of all actors and wherein everybody is both a watched and a watchdog. On the contrary I think there can be good arguments, particularly from the perspective of today’s democratic constitutional state, to protect individuals against a too intrusive conduite de la conduite by more powerful social actors and to withdraw individuals from scrutiny, surveillance and control. I will come back to this later on and Mireille Hildebrandt wil pick up this thread much more fundamenally in her presentation.

Let me be clear: I do not mean to minimise nor the dangers, nor the benefits of the accumulation and linking of devices that automatically process personal data. To me the correlated human or the detectable human is not necessarily good or bad. The interesting question for me is now : ’how to cope and to get on (maybe positively) with the situation such as it evolved today ?’. More specifically I want to address the question how the law copes (or tries to cope) with the developments ? And what can we learn from the law’s dealing with issues such as privacy and data protection ?

V. The democratic constitutional state

This brings me, again like in my Gent story of May 2003, to the legal system and its role and to this heavy thing called the democratic constitutional state. I’m not going repeat what I said last time, I just want to make a few points.

First I would like to recall that the overall aim of the democratic constitutional state (DCS) of today is to protect a social order in which the individual liberty of the citizen is the major concern. Consequently, a DCS should guarantee simultaneously and paradoxically a high level of individual freedom and an order in which such freedom is made possible and guaranteed. As a result of such a double bind the DCS is constantly under tension, because the individual liberties must be tuned to a social order, which, in its turn, is precisely devised to be constitutive for the liberty of its individual participants. A DCS is not a given/static order, but it is a dynamic one, which evolves as a result of a permanent balancing of individual, social and state interests and concerns.

Secondly we can easily see that the DCS (in its practice and history) has brought about a specific concept of state in which the exercise of power is per definition limited. From a constitutional perspective this power economy expresses itself through three essential mechanisms : namely a. the recognition of fundamental rights and liberties, b. the rule of law (constitutionalism) and c. democracy. Let me say a few words about each of them, because they are available legal means to cope with change and to deal with concerns, which will enable me to pick up the lead (namely the correlated/detectable/traceable human) later on.

a. Human rights and liberties are constitutionally recognised. As a rule, the State neither private actors are allowed to encroach upon these rights. One the one hand they work as a shield or a bulwark. They express the recognition of the power of the individual, precisely by drawing the limits and frontiers of the powers that can be exercised upon them. They contribute to what we know as the private sphere. On the other hand, human rights also have a political function. They do entitle individuals to freely and autonomously determine their lives and choices and they empower citizens to participate in the political system.

b. The rule of law: the constitutions of DCSs contain the rule of law which again tends to limit the power of government, but this time this happens no longer through the setting of a limit to the reach of the power, but through what one could call a system of "internal" organisation of government and power. The main idea of the rule of law is the subjection of government and other state powers to a set of restricting constitutional rules and mechanisms.
On the one hand the rule of law provides for the principle of legality of government: public authorities are bound by their own rules and can only exercise their powers in accordance with the law. All powers must derive from the constitution, which implies that government is accountable and that its actions must be controllable, and thus transparent. The rule of law expresses the idea that our societies are governed by impersonal laws and not by arbitrary and/or emotional commands of humans.
On the other hand the rule of law establishes the trias politica or, in other words, a system of balancing of powers. These powers - the executive, legislative and judicial power - are constitutionally doomed to work together through a dynamic system of mutual control or checks and balances. In sum: the trias politica replaces a centralist power by a pluricentric power economy. Such a system implies the mutual accountability of state powers, and thus again, the reciprocal transparency and controllability of the legislative, the judicial and, last but not least, the executive power.

c. Democracy : the constitutions endorse the people’s sovereignty and the principles of democracy and democratic representation. Justification of power must be sought in the citizens’ consent or will. More concretely this implies that government should be in line with the public or general interest and mainly be driven by the will of the majority. Hence, systems of representation and participation of citizens are again of crucial importance. State organs and institutions must be representative. Participation of citizens to political decision-making must be organised and stimulated. And, last but not least, systems of democratic governance must foresee procedures of direct and indirect control of the public authorities by the citizens. As a result the democratic rule implies the accountability of the government towards the citizens, which again calls for transparency of public decision-making and policies.

VI. Two legal tools : opacity of the individual and transparency of power

Together with Paul de Hert we summarised the foregoing by highlighting that the development of the DCS has in fact led to elaboration of two complementary sorts of legal tools. We make a distinction between tools that tend to guarantee the non-interference in individual matters or the opacity of the individual, which we call opacity tools , and tools that tend to guarantee the transparency and accountability of power, which we call transparency tools.

1. Limiting power through opacity tools
Opacity tools protect individuals and their liberty/autonomy against state interferences and also of interferences by other powerful actors. They are linked to the recognition of human rights and a sphere of individual autonomy and self-determination. They set limits to the interference of the power with the individuals’ autonomy. They block or stop the power.They enforce the anonymity of behaviour (e.g. on the web through approving regulations of techniques of anonymity, pseudonymity, identity management, ...).
A good example is the protection of the ’sanctity’ or inviolability of the home, which indeed properly expresses the concern for the respect of the individual’s autonomy: the public authorities (but also the other citizens) must respect the bounds of the home. A home is inviolable, and any breach of that principle generally engenders criminal prosecution. Once inside a home, people are more free from interference from the government (and others) than outside. A home is a privileged setting. Within a home, each and everyone has the freedom to do as he/she pleases, uninhibited by society’s social and moral mores. This doesn’t mean that everything happening inside the home is automatically protected. Search warrants can be ordered in criminal cases, but only, in principle, if a series of stringent conditions are met. Crimes and unlawful acts are not condoned because they happen to take place within a home. But because a home is granted a special measure of protection, trespassing by third parties and especially the police and judicial authorities is strictly regulated.

Essential for opacity tools is their normative nature: through these tools the (constitutional) legislator takes the place of the individual as the prime arbiter of acts that infringe on liberty. Through such tools the legislator enacts hard or clear norms. Choices about the way liberty interests and other interests should be balanced are made in an abstract way.

2. Channelling power through transparency tools
The second set of tools foresees means of control of powers by the people, by controlling bodies and by the other state powers. These tools intend to compel government and private actors to "good practices" by focusing on the transparency of governmental or private decision-making, which is indeed the primary condition for an accountable and responsible form of governance. The system of checks and balances, for example, installs the mutual transparency of state powers. The controllability and accountability of government by the citizens implies free and easy access to government information, the enactment of swift control and participation procedures, the creation of specialised and independent bodies to control and check the doings of government, and so on.

3. Distinguishing both
The tools of opacity are of a different nature than the tools of transparency. Opacity tools embody normative choices about the limits of power, while transparency tools come into play after these normative choices have been made, in order still to channel the normatively accepted exercise of power. While transparency tools are thus directed towards the control and channelling of legitimate uses of power; opacity tools are protecting the citizens against illegitimate and excessive use of power. Opacity tools are determining what is in principle out of bounds of government and private actors and, hence, what is deemed so essentially individual that it must be shielded against public and private interference. Transparency tools take into account that the temptations of abuse of power are huge and empower the citizens and special watchdogs to have an eye even on the legitimate use of power: they put counter powers into place. On the one hand there is a regulated acceptance; on the other there is a prohibition rule, which is generally subject to exceptions.

These differences appear very clearly if we look at the articles 7 and 8 of the Charter of Fundamental Rights of the European Union (incorporated in the draft constitution of the European Union)

Article 7 : "Everyone has the right to respect for his or her private and family life, home and communications".

Article 8 : "Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data that has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority".

These two articles very well express the difference between the two sort of tools.
Art. 7 provides a good example of an opacity tool because it limits the possible interferences with the individuals’ private and family life, home and communications. In a more general way it protects the individuals’ privacy (or autonomy). It is normative and prohibitive (although of course these prohibitions are not absolute) : the rule is a ’no’, but exceptions under a number of conditions are thinkable.
Art. 8 provides a good example of a transparency tool because it organises the channelling, control and restraint of a power practice, namely the processing of personal data. Data protection legislation regulates, and does not prohibit the processing of personal data. It guarantees control, openness, accountability and transparency of the processing of personal data. Wim Schreurs will discuss data protection again, later on today). In general data protection does not have a prohibitive nature. The rule is a ’yes’, but under conditions. Under the current state of affairs, data controllers (actors that process data) are recognised to have a right to process data relating to others. Hence, data protection is pragmatic of nature: it assumes that private and public actors need to be able to use personal information and that this must be accepted for societal reasons.

VII. Privacy as an opacity tool, data protection as a transparency tool

We can thus distinguish privacy protection as an opacity tool and data protection as a transparency tool.

Privacy protects the individual autonomy against steering and ensures the non-interference in individual matters. It protects the individuals’ right to be different and their autonomy to engage in relationships, their freedom of choice, their autonomy as regards - for example - their sexuality, health, personality building, social appearance and behaviour, and so on. It draws principled normative and often prohibitive limits to interferences with these values But precisely because privacy is also relational and contextual, it is not an absolute value. It can be derived from when balanced against other interests (for example rights of others, law enforcement, public health, and so on). This can be done on a case to case basis (case law applying art. 8 ECHR , for example) or, mainly, by legislation, e.g. in law enforcement and criminal procedure (which then are transparency tools, regulating a regrettable but necessary interference with privacy).

As already said, data protection legislation can mainly be seen as a transparency tool because, in principle, it allows the processing of personal data under the conditions of specific procedural safeguards to promote meaningful accountability and to provide individuals with an opportunity to contest inaccurate or unlawful record holding practices. Transparency tools are the default tools in all areas of personal data processing.
It must be said however that data protection is not only a transparency tool, it also sometimes provides for opacity rules, setting normative limits and prohibitions. To give just one example : a prohibitive rule, a prohibition to process data, applies to “sensitive data” (data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual preference). The underlying motive is that the processing of these sensitive data bears a supplementary risk of discrimination. The prohibition is nonetheless never absolute but derogations are (in principle) only possible in strictly defined circumstances, for example for reasons of national security. Thus : the default position of data protection is transparency, but it also provides for opacity rules

Hence, opacity and transparency tools are complementary legal tools. Both tools pre-suppose each other. It is thus up to the legislator acts to consider both tools and to identify the kind of tools necessary for a given problem, especially with regards to technological developments. How much of what tool is necessary and when?

Furthermore, it should be stressed that the two approaches do not exclude each other. They of course depend on policy choices, which can be revised and adapted. As a result, an option for the transparency approach (regulating instead of prohibiting) can after some time and practice eventually show that the opacity approach is preferable (and vice versa) or that a better balance between approaches should be devised. In reality one will rarely find legal solutions based exclusively upon one tool. A blend of the two approaches will generally be preferable since a solid legal framework should be both flexible (transparency) and firmly anchored in intelligible normative choices (opacity). A good example of such balancing of approaches is given in the Directive 2002/58/EC on privacy and electronic communications of 12 July 2002 (supra). This Directive puts an end to the long lasting controversy regarding direct marketing by explicitly adopting an opt-in system which inherently implies the prohibition of unsolicited marketing mail unless the user explicitly requests to receive it. In this example it becomes clear how the model of channelling business practices (transparency) is supplemented by the limiting model of a negative obligation (opacity) after due consideration and debate. Another example is provided by the numerous national bills on the use of DNA-samples in criminal matters. Although the processing of DNA-samples, from the perspective of data protection (Directive 95/46/EC), is in fact an ordinary application of processing of personal data, the riskfullness of the matter explains why states supplement general data protection bills with specific prohibitive bills on DNA.

Of course what precedes raises the question the of choice of tools to apply to (new) facts and concerns. When will opacity (privacy) be called upon, when will transparency (data protection) apply? How to combine the tools appropriately, especially when faced with new problems, such as today the insistence of various government initiatives on security or the development of new technologies ?

VIII. Back to detectable or correlated or traceable humans

I think we now dispose of a conceptual framework to deal with the correlated humans from a legal perspective both in a concrete/descriptive way and in a more abstract /prospective way.

1. Application of the existing legal framework
As regards the first point we can look at the existing legal framework of privacy and data protection and its application to this cloud of detections/traces surrounding the individual Westerners. I will not dwell upon this, because this would take us too far in legal analysis and I know Wim Schreurs will tackle this issue as well. But just a few remarks.

Data protection regulations do apply to the detections/traces which are typical for the correlated/detectable human. That is because in data protection the complex question "is this a privacy issue?" is replaced by a more neutral and objective question "are personal data processed?". If we look at the broad legal definitions of both the concept of "personal data" (information about an identifiable person) and of "the processing" the conclusion is easy to make: data protection rules do apply even to the mere automatic collection of personal data. As such, data protection is a general framework for all kinds of automatic collection of personal data: the written word, sounds, images, DNA can be understood as personal data falling under the scope of data protection. This implies that a number of rules (see appendix for an overview) are already applicable, with the default transparency position that the processing (thus "collection") of data is allowed if it fulfils a number of conditions. However: as we said already, some data protection rules are opacity rules and foresee prohibitions. E.g. sensitive data may not be processed unless exceptional rule apply which might imply that image processors and video surveillance fall under this regime because images of a person contain information on racial or ethnic origin, health or religion of a person. Another opacity rule is that secret means are in principle forbidden : there must be openness of the processing.

For us, the conclusion is that data protection law does not take into account the fact that detections have not yet acquired a precise meaning, that they are asignifiantes at the moment of automatic collection or registration. It applies because the legislator (rightly in my opinion) sensed that the existence as such of these correlatable clouds of detections in themselves are a threat for things we do care for, for values which are at the core of the DCS. But the legislator did not in a principled way prohibit the detections and the collection of traces: it submitted these activities to tranparency rules. So : pertaining to our correlated/traceable human some political/institutional choices have already been made.

In other words (and this has been written after our Rotterdamian discussions) it can be said that data protection laws, which were elaborated from the nineteen seventies on, provided a legal response to the questions raised by the developments we tried to grasp by the concept of correlated or detectable human, namely the mere but pervasive collection of indeterminate detections, of donn?es asignifiantes. This also attests a redistribution of the legal approaches to these issues: prohibitive opacity rules still apply to "measurements" which are the result of stratifications or prestructured questionings in data protection, e.g. as regards sensitive data (because these data bear an immediate potential of discrimination). The channeling transparency rules of data protection on the other hand apply to the indeterminate "detections". It is interesting, I think, to note that the invention of data protection, next to privacy, is perfectly contemporary to the increasing potential of (re)tracing and detecting.

2. Prospective account : What should be protected through opacity or privacy tools and what should be protected through transparency tools?

Which brings us to the second point : a prospective/abstract look at the switch between opacity and transparency. What should be protected through opacity or privacy tools and what should be protected through transparency tools? What is, in a democratic constitutional society, so essential that it must be as a rule shielded from interference by others (public and private actors)? Which aspects of individual life in an open society must be protected against openness and transparency ? Where should ad hoc balancing be replaced by categorical balancing?

The answers to these questions must be formulated in reference to the basic features of the DCS, or maybe, as Isabelle puts it, they should be formulated in terms of what we do care for (privacy). From this perspective opacity/privacy rules should guarantee these aspects of an individual’s life which embody the conditions for his/her autonomy (or self-determination, or freedom, or "personal sovereignty"). This is the case because it is precisely this autonomy that grows and fuels both one’s participation in the civil and political life and the fact that one develops a personality and a social/relational life. Privacy (or opacity) should thus protect what lies behind the persona, the mask that makes an individual a legal person (cf. anonymity). It must preserve the roots of the individual autonomy against outside steering, against disproportionate power balances, precisely because such interference and unbalanced power relations.

Firstly, opacity tools might be needed with respect to the set of values protected through the inviolability or sanctity of the home. People need places were they can rest and come to terms with themselves in a sphere of trust and security, in an environment where they experience "ontological security". A place where family life is possible. Such places represent a private territory, a sanctuary; they imply intimacy, anonymity and a possibility of solitude. The protection of the home is one of the oldest human rights and nowadays it is still enshrined in international human rights law and in national constitutions. For these legislations home is where the house is, or by extension, the car, the caravan, .... Their concepts are referring to the material/physical home. But, indeed, "being at home" means more than being in a certain physical environment, it means also feeling at ease, comfortable. In French the concept of "home" can also be translated by chez soi which is actually expressive from our point of view. It is the chez soi that a DCS respects and values (contrary to totalitarian states): the idea that one can be with him/herself without outside interference in order to "manage" his/her relational, civil and political life as a free being. In a certain sense it is precisely this chez soi that lies protected behind the mask of legal personality. Values protected by the inviolability of the home therefore might thus also need protection outside the material house, and especially in the "digital world".
Secondly, tools of a prohibitive nature are obviously required when other firmly rooted (in tradition or in law) human rights are at stake, such as the right to have correspondence and the content of communication protected (cf. supra). Disregard of these rights has brought legislation in the United Kingdom giving the employer almost absolute discretion for monitoring destinations and control of e-mail send by employees. This stands in full contrast with the approach followed in Belgium where concerns about the right to have correspondence respected has inspired a regulation whereby the employer can check on the destination and on other data about the telecommunication, but not check on the content of the communication.
Thirdly, as already said, opacity exist within the framework of data protection, e.g. in the case of sensible data or in the case of decisions regarding individuals taken solely on the basis of automatic profiling. Indeed, the additional danger here is linked to possible discriminatory effects of such practices.
Finally, a need for opacity can be drawn from the function of human rights to promote and encourage citizenship. When certain law enforcement tactics threaten aspects of human behaviour vital to the formation of the free and equal citizen, a prohibitive logic will impose itself.

Having tentatively set out some touchstones for identifying issues that demand a privacy/opacity legal approach, it is more easy to point out what, at the other side of the switch, will fall under the data protection/transparency legal approach. We are tempted to answer: in principle, all forms of processing of personal data that do not demand categorical balancing by the (constitutional) legislator on basis of the guidelines identified in the foregoing. In reality this rest category may well have a considerable dimension, especially in horizontal relations where the existence of unequal power relations should not be taken as a starting point. In all cases where consent (still) plays an important role, it can be assumed that the guidelines for the opacity approach are not met. Individual responsibility, consent and ad hoc balancing are sufficient, but indispensable conditions for meeting the requirements of a constitutional state. A contrario, this implies that secret processing of personal data must be prohibited, since this secret or unknown character renders the mise en oeuvre of transparency tools or data protection impossible. Informed consent is a conditio sine qua non for subsequent controls on data processing. There is little room for a policy based on the full liberty of processing data. Transparency tools are the default tools in all areas of data processing. Because this processing of data is always intertwined with power relationships, a DCS must foresee rules that permit to channel this power, namely rules of transparency and accountability, viz. data protection rules.

Appendix : Basics of data protection

The basic practices or principles of data protection are spelled out in the international legal data protection texts produced by institutions such as the Organization for Economic Cooperation and Development (OECD), the Council of Europe , the UN and the European Union. Each of these organizations produced what has become a classic basic data protection instrument, respectively the OECD Guidelines, the Treaty 108 and the Data Protection Directive. The EU has also included the right to data protection in the European Charter of Fundamental Rights.

The OECD Guidelines take the form of a short document that contains no more than a listing of the data protection principles. These principles are: 1. the collection limitation principle; 2. the data quality principle; 3. the purpose specification principle; 4. the use limitation principle; 5. the security safeguards principle; 6. the openness principle; 7. the individual participation principle; 8. the accountability principle . These principles apply to all personal data, whether in public or private sectors. Data protection does not focus specifically on the instruments used for surveillance or processing, but only looks at the object of these actions, namely personal data: whenever there is processing of such data, the data protection principles apply.

National data protection laws in general provide for a series of rights for individuals such as the right to receive certain information whenever data are collected, the right of access to the data, and if necessary, the right to have the data corrected, and the right to object to certain types of data processing. Also, these laws generally demand good data management practices on the part of the data controllers and include a series of obligations: the obligation to use personal data for specified, explicit and legitimate purposes, the obligation to guarantee the security of the data against accidental or unauthorized access or manipulation, and in some cases the obligation to notify a specific independent supervisory body before carrying out certain types of data processing operations. These laws normally provide specific safeguards or special procedures to be applied in case of transfers of data abroad.

References

Paul De Hert and Serge Gutwirth, "Making sense of privacy and data protection. A prospective overview in the light of the future of identity, location based services and the virtual residence" in IPTS, Security and Privacy for the Citizen in the Post-September 11 Digital Age. A prospective overview. Report to the European Parliament Committee on Citizens’ Freedoms and Rights, Justice and Homme Affairs (LIBE), July 2003, IPTS-Technical Report Series, EUR 20823 EN, p. 111-162. See also : ftp://ftp.jrc.es/pub/EURdoc/eur20823en.pdf

Paul De Hert and Serge Gutwirth, "Veiligheid en grondrechten. Het belang van een evenwichtige privacypolitiek" in E.R. Muller (red.), Veiligheid. Studies over inhoud, organisatie en maatregelen, Alphen aan den Rijn, Kluwer, 2004, 587-631

Paul De Hert and Serge Gutwirth, "Privacy, data protection and law enforcement. Opacity of the individual and transparency of power", 2004, 31 p. (to be published)