Head of EU data protection says trading privacy for security is a “false fad”

The European Data Protection Supervisor, Giovanni Buttarelli, who is responsible for ensuring that the machinery of EU government respects the privacy of a citizen's data when processing their data, says that it is time to "move beyond the false fad of discussing security vs. privacy." In an article published on The Mark News site, Buttarelli writes that governments should "focus on implementing laws that take into account privacy rights as well as the indisputable need to fight terrorism."

Buttarelli insists that as European Data Protection Supervisor he is not necessarily "for or against any specific measure that interferes with the right to privacy and involves handling large volumes of personal information," for example through large-scale surveillance. However, he points to a post by the security expert Bruce Schneier that shows, in the US at least, there is little evidence that mass surveillance prevents terrorist attacks.

Schneier explained how, initially, NSA Director General Keith Alexander claimed in 2013 that he had disrupted 54 terrorists plots. A few months later, this was revised down to 13, and then to "one or two." Eventually, the only success that the NSA could point to was the prevention of a San Diego man sending $8,500 to support a Somali militant group.

Although the head of MI5 said in 2013 that 34 terror plots against the UK have been disrupted by the security services and police in the last eight years, we don't know what role mass surveillance played in that. Given the NSA's considerably greater resources, it seems unlikely that GCHQ's programmes are doing much better.

Buttarelli is particularly concerned that the public is being asked by governments to acquiesce in the gathering of highly personal information in the belief that this will minimise real or perceived risks. As he writes: "The result is an increased intrusion into our privacy, which in turn changes the relationship between the individual and the state and the relationship between citizens."

Instead, he says, surveillance should enhance, not undermine, trust in democratic institutions, but in order for that to happen, "Governments need to justify why any massive, non-targeted, and indiscriminate collection of individuals’ data is really needed"—something that the UK authorities have signally failed to do.