Abstract/Summary

This study asks: how has European Union (EU) law protected privacy in the context of data surveillance used by the EU to address terrorist threats? It argues that the manner in which privacy is protected has a profound impact on the interests that privacy serves to protect -importantly, having a private sphere free from intrusion where the individual can think, express, explore and act; interests that are crucial for human dignity, autonomy and the maintenance of a democratic society. It conceptualises the different notions of privacy derived from legal and philosophical theorists and underscores that privacy harm can result from intrusion into the private sphere. The study adopts De Hert and Gutwirth's view that privacy is an opacity tool, acting to shield the private sphere by prohibiting interference. Privacy is thus distinguished from data protection; the latter serving as a transparency tool to regulate power and manage interferences. The thesis outlines the legal framework for the protection of privacy in the EU, critically evaluating the influence of data protection frameworks. The study asserts that data surveillance threatens privacy because it intrudes into the private sphere of the individual, monitoring and tracking activities and communications in a systematic, indiscriminate manner. It uses two case studies of air passenger profiling and data retention to study how privacy has been protected. The central thesis is that the approach taken to protecting privacy in the EU data surveillance context has largely been framed through the prism of data protection. In view of the different goals that data protection serves, the study finds that a data protection approach to privacy's protection has led to the proceduralisation of privacy, legitimising and bureaucratising intrusions into the private sphere so long as data collected are adequately secured. The implications are that interferences with the private sphere are de facto legitimised and data surveillance accommodated.