Liane Colonna. Photo: Stockholm University
Liane Colonna. Photo: Stockholm University

There is a tremendous amount of personal data about EU citizens collected by large transnational technology firms like Google and Facebook which can be transferred to the US government and data mined within the context of American national surveillance programs. In today’s society, characterized by constant and fluid cross-border interaction, particularly via the Internet, it has become a major legal challenges to uphold the high-level of data protection afforded to EU citizens under the European Convention of Human Rights and the European Charter of Fundamental Rights. 

Data mining challenges the legal system of the EU

In her dissertation Liane Colonna explores the technology of data mining and investigates some of its challenges to the legal system of the EU. One such challenge is that EU data protection law requires data controllers to provide a specific, explicit and legitimate purpose to process an individual’s personal data.

“With data mining, there is no way to tell the data subject the purpose of the data processing in advance. The very promise of data mining is to provide a window to the unforeseeable, to ask the questions we never thought to ask”, Colonna explains.

Another problem is the data minimization principle, which requires data controllers to only collect the least amount of personal data as possible and to destroy these data as soon as they can.  This principle is hard to reconcile with data mining because a prerequisite to this dynamic form of data processing is the amassment of huge amounts of data.  Additionally, since the potential benefits of data mining are unpredictable and can grow exponentially with time, there is an interest in storing data for long periods of time. 

Lack rights for EU citizens

In another section of the dissertation Colonna compares the legal framework, which governs surveillance between Sweden and the US. Her conclusion is that EU citizens have a lack of rights concerning the information collected about them, especially when compared to Americans. And, even if EU citizens could rely upon the same privacy safeguards afforded to US citizens under US law and have the same ability to enforce those rights, many of these provisions are nevertheless fundamentally inadequate from a European perspective.

“This is not a case of the pot calling the kettle black: Europeans have all the reason to be upset by the way in which the American government is surveilling them. The European Convention of Human Rights provides for a very high level of data protection, even where issues of national security are at stake”, says Liane Colonna, Department of Law, Stockholm University.

She has a number of suggestions about how to strengthen the privacy protection of citizens of the EU and other jurisdictions. The rules for data transfers and applicable law must be clarified.  Additionally, she suggests that, in a world where globalization and technological innovation make it very difficult for a single jurisdiction to require and to enforce data protection rules, what is truly needed is global governance in the form of a binding international agreement.

“Perhaps the most effective solution would be to adopt an international convention on surveillance”, says Liane Colonna.

Liane Colonna defended her dissertation ”Legal Implications of Data Mining: Assessing the European Union’s Data Protection Principles in Light of the United States Government’s National Intelligence Data Mining Practices” April 28 at Stockholm University. The dissertation is published at Ragulka förlag.