Blog inspired by talks with Esther Hoorn and Melika Nariman
These are interesting times! Reviewing the way we do things in academic research, with the privacy principles in mind, as stated in the GDPR.
What are these principles?
Principles no one can really refute, I assume. The question, however, remains: how to do justice to these principles? The answer to this follows from the nature of the right to privacy; it is not an absolute right, but a fundamental right amongst other fundamental rights.
“The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.” Recital (4) GDPR
This means that in some cases it is acceptable that, for instance, 'threats to public health' or 'national security' are weighed against the privacy rights of individuals.
In the Ebola virus case, for instance, the spread of the disease was reasonably expected only to be contained if the outbreak could be geographically plotted, based on medical information of individuals, thus allowing appropriate measures taken, such as defining quarantined areas. 'Although broad public disclosure of Protected Health Information is limited, HIPAA’s Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to Protected Health Information that is necessary to carry out their health mission.' See also: Tammy Ward Woffenden et al: Balancing Privacy and Public Health during an Ebola Outbreak. ABA Health eSource, Vol. 11 No. 3, November 2014. Source: https://www.americanbar.org/publications/aba_health_esource/2014-2015/november/privacy.html
We learn from the Ebola case the importance of 'balancing' of rights.
How do we balance the right to privacy? Which logic is to be followed? The GDPR states in Article 8:
Article 8 GDPR - Protection of personal data1. Everyone has the right to the protection of personal data concerning him or her.2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.3. Compliance with these rules shall be subject to control by an independent authority.
1. Legitimate interests of controller or 3rd partyfreedom of expressiondirect marketing and other forms of advertisementenforcement of legal claimsprevention of fraud, misuse of services, or money launderingphysical safety, security, IT and network securitywhistle-blowing schemes2. Impact on data subjectActual and potential repercussionsNature of the dataHow the data are processedReasonable expectations data subjectNature of controller vis-à-vis data subject 3. Make provisional balance“Necessary”Least intrusive meansReasonably effective Balance of interests 4. SafeguardsMeasures to ensure that the data cannot be used to take decisions or other actions with regard to individuals.anonymisation techniques, aggregation of dataprivacy-enhancing technologies, privacy by designincreased transparencygeneral and unconditional right to opt-out
Virtue then is a settled disposition of the mind determining the coice of actions and emotions, consisting essentially in the observance of the mean relative to us, this being determined by principle, that is, as the prudent man would determine it. And it is a mean state between two vices, one of excess and one of defect.
Source: Aristotle, The Nicomeachean Ethics, II. vi. 15, 16. Translation by H. Rackham. Harvard University Press. Cambridge, Massachusetts, 1990.
Aristotle illustrates the moral virtue 'courage' as the mean between the vices 'fear' and 'confidence' [II. vii. 2]. He continues, stating that moral actions can only be praised or condoned when they are voluntary acts [III. i. 1] and chosen [III. ii. 2] in a given situation:
by acting in dangerous situations and forming a habit of fear or of confidence we become courageous or cowardly. [II. i. 7]