Wim Schreurs

Cogitas, Ergo Sum. The Role of Data Protection Law and Non-discrimination Law in Group Profiling in the Private Sector

This chapter focuses on the legal uncertainty regarding the applicability of data protection law in the case of profiling. This legal uncertainty stems amongst others from the definitions of personal data, data processing and data controller in EU regulations as well as from the possible exclusion of anonymous data from the applicability of data protection law. We will show that it is perfectly possible to construct and apply profiles without identifying the person concerned in the sense of data protection law. We will build our legal analysis gradually upon the three different steps that exist in the construction and application of profiles: the collection of personal data and other information to construct the profile; the construction of the profile upon personal and anonymous data and the application of a group profile to a group or an individual. For each level, we will analyse whether and how data protection law applies. We will use case law and legal doctrine in our analysis. As a result of the legal uncertainty that we find in data protection law, we will then try to find answers in privacy and anti-discrimination law, with a special focus on legislation and jurisprudence in the case of racial and ethnic profiling.

The illusion of security

A fictional scenario of daily life in a world networked with ambient intelligence illustrates the dark side of the technology and the need for appropriate safeguards.

Threats and vulnerabilities

In this chapter, we present a review of threats and vulnerabilities that could afflict society and individuals in the AmI world in the context of the key policy issues of privacy, identity, trust, security and digital divide. We define a threat as the potential for one or more unwanted consequences caused by a circumstance, capability, action or event that could be harmful to a system or person. Threats can be caused naturally, accidentally or intentionally. In essence, a threat is a ubiquitous phenomenon. A vulnerability is a flaw or weakness in a system’s design, its implementation, operation or management that could be exploited to violate the system and, consequently, cause a threat. Vulnerabilities may have different dimensions: technical, functional or behavioural.1

The brave new world of ambient intelligence

This chapter provides an overview of ambient intelligence in order to set the stage for the subsequent identification and discussion of threats, vulnerabilities and safeguards In this chapter, we provide a somewhat high-level description of the key technologies that are crucial to the development and deployment of ambient intelligence. The development and deployment of AmI are being propelled by certain visions of the future, which we reference in this chapter. For the most part, the development and deployment are taking place in a rather structured context composed of visions, scenarios, roadmaps, strategic research agendas, platforms and projects. We highlight the most important of these.

Recommendations for stakeholders

Chapter 5 identified safeguards against the threats and vulnerabilities affecting privacy, identity, trust, security and the digital divide in an AmI world. In this chapter, we offer to particular stakeholders several specific recommendations some of which flow from the safeguards identified above.