Direito e Informação na Sociedade em Rede: atas Direito e Informação na Sociedade em Rede: atas | Page 66
(Lyon, 2010, p. 15). In its review of surveillance practices following the Snowden
affair, the European Parliament inferred that the current programmes enhanced by
technological progress represent a reconfiguration of traditional intelligence, enabling
access to a much larger scale of platforms for data extraction than
telecommunications surveillance of the past, thus entailing a change in the very nature
of these operations. In the United States of America, the NSA has been at the
forefront of efforts to collect and analyse massive amounts of data through its PRISM
Program, and a variety of other data-intensive programs, whose capabilities are likely
to expand (Schmitt, et al., 2013). Similar developments are under way in Europe. The
recently adopted French “Loi sur le Renseignement” provides an additional
illustration of this trend by governments to resort to mass surveillance through
advanced techniques of information retrieval of huge sets of metadata31.
Even if not fully expressed in the recent ruling of the Court of Justice of the EU
on the validity of the Safe Harbour agreement between the EC and the USA
government, Google and Facebook are not only private data miners, but also data
miners that are in a very close relationship to US national security, although not
necessarily to EU national security32. In effect, the collaborative model of big
companies and public authorities is not only based on mandatory disclosure orders
issued by courts or administrative bodies, but also on an indefinite grey area of
voluntary and proactive collaboration furthered by technological opportunities33. The
“collect-everything approach” applied to monitoring and intelligence definitively
connects mass surveillance to big data34.
These developments signal that EU law making regarding personal data
protection is not easily keeping pace with the especially delicate defies of big data.
Yet, strikingly, the EC keeps maintaining that the core principles of the DPD are still
valid and “its technologically neutral character should be preserved”35. Such a belief
in technology neutrality looks puzzling. Indeed, technology neutrality means that the
same regulatory principles should apply regardless of the technology used (Maxwell,
Bourreau, 2014). Yet, the functionalities of big data technologies represent a leap
through in ICT. In these circumstances, it may not be sufficient to simply adapt the
law.
While data mining and data analytics are as such not new practices, the scale of
See the final version of this law at http://www.assemblee-nationale.fr/14/ta/ta0542.asp.
Judgment of the Court (Grand Chamber) of 6 October 2015 (request for a preliminary ruling from the High
Court (Ireland)) — Maximillian Schrems v Data Protection Commissioner (Case C-362/14),
(last accessed 18.03.2016).
33 So the concept of “total surveillance” has been put forward to qualify the way such large-scale processes of
strategic management relying on big data operate today. (Couldry,. Powell 2013, 1-5; Abdo, Toomey, 2013;
Andrejevic, Gates, 2014185-196).
34 Fears have been expressed that these data, collected for fighting terrorism and crime, are used also for tax
evasion, for advantaging some private companies in their contracts and for profiling the political opinions of
groups considered as suspect.
35 Communication from the Commission to the European Parliament, the Council, the Economic and Social
Committee and the Committee of the Regions: A Comprehensive Approach on Personal Data Protection in
the European Union, COM (2010) 609 final, Brussels, 4.11.2010, p. 3. Whereas 13 of GDPR (Final version).
31
32
54