Ambient Intelligence: Legal Challenges and Possible Directions for Privacy Protection

Introduction

The central question(s) of this study could be formulated as follows: which (new?) privacy issues have been raised by the recent developments of intelligent computing, especially by those used for security purposes? And, therefore, which safeguards can be drawn?

It is possible to specify the main questions into the following sub-questions: a) are there any conceptual and juridical changes with regard to the right(s) of privacy related to the ICT developments of the last decades? b) Is the current legislation appropriate for covering the new challenges of AmI and which are, possibly, the main enforceability issues? c) What kind of solutions can be suggested (legal – new/old – technical measures, both)? d) What is the European policy on this issue (and, in particular, is the adoption of the Lisbon Treaty going to introduce relevant changes)?

Finally, a general question could be posed on the role of the law in a ‘democratic society,’ as it is facing the new technologies threatening for fundamental rights (for instance, should the law protect the individual against such threats or ignore them)?

If, on the one hand, the new developments promise to make people’s lives more comfortable or more secure (Cook et al., 2009), on the other hand, complex issues arise in terms of fundamental rights and freedoms - among which, the right to privacy- traditionally protected, although in different ways, by the Constitutions of the EU Member States (Leenes et al., 2008). In this sense, privacy could also be seen as an example of those fundamental rights that are challenged by new technologies, “the process of which is faster and more difficult to regulate compared to traditional technologies” (Boisson de Chazournes et al., 2009). In particular, serious concerns for privacy (and related rights) of the individuals seem to arise from the increasing diffusion of devices allowing the ‘mobility’ and also the remote identification and control of items, persons and interests, due to their stronger capability to invade into the private sphere and their general ‘reluctance’ to be subjected to legal restraints (Dix, 2005).

It might be helpful to start this paper with a brief overview of the recent developments in AmI technologies in order to identify, besides the opportunities they promise, the threats they pose to privacy and data protection right(s), after having briefly considered the doctrinal evolution of the legal concept of privacy and having analyzed the related legal sources.

It will be useful, for this purpose, to consider, on the one hand, i) the ‘adequacy’ of the legal principles and requirements, acknowledged by the European Data Protection Regulation, to ensure legal safeguards for individuals (enforceable in Courts) and, on the other hand, ii) their practical applicability: a basic requirement of the Data Protection, such as the consent, is difficult or even impossible to be put in practice in AmI environments, where sophisticated technologies operate often without the subject’s intervention.

Since the main legal concerns about privacy and data protection arise from the use of new technologies for purposes that may conflict with those of privacy (for example, in order to protect free speech, marketing or security aims), it is worth considering the legitimacy and the necessity of this kind of measures, as well as their proportionality according to the current legal framework (particularly, human rights law and EU data protection law) and their jurisprudential interpretation.

In exploring the main current European regulation, a short account of the legal grounds granted to privacy protection by the Lisbon Treaty will be given (e.g., the binding value of the Charter of Fundamental Rights of Nice). Finally, the paper wishes to contribute to the debate on the opportunity to achieve a legislative reform in the field and, possibly, on the criteria to be adopted for balancing privacy and other ‘opposed’ rights (e.g., security).