Issue link: https://maltatoday.uberflip.com/i/1187474
16 maltatoday | SUNDAY • 24 NOVEMBER 2019 INTERVIEW We talk a lot about 'data protection' and 'the right to privacy'… but we are also living in an age when technology enables vast amounts of personal data to be collected and processed by others. There are unprecedented opportunities to mine that data for all sorts of purposes. So… have we sacrificed our privacy completely? Not completely. We are still in time to apply intelligent reme- dial measures. But I think we need to place the issue in con- text first. Data protection law was born in the early 1970s; it became standardised across Europe in 1981, with the Council of Eu- rope's Convention of Data Pro- tection – normally referred to as 'Convention 108'. Looking back, what we see is an evolu- tion. There was a first wave of data protection laws, arising from the awareness that: 'com- puters can handle personal data; let's try to make sure that they do so within a well- thought-out regime'. That regime is represented by the principles of Convention 108: which is today considered as a global standard for data protection. By 1996, the prin- ciples of data protection law had become part of the acquis comunautaire. So all the 10 en- largement countries, including Malta, that joined the EU in 2004 had to take those princi- ples on board in their national legislation. However, it was still at the level of a European Directive; which means that member states had room to manoeuvre; they were free to interpret and adapt those principles to their own legal systems. So by around 2011, after 10 years of implementing that directive, we had 28 different countries all with their own, different data protection laws. That presents a problem to industry: especially large com- panies which want to make investments in European coun- tries. They would have to deal with the Belgian law, French law, German law, and so on. What was needed, basically, was a one-stop shop… But all those early data protection laws predated the Internet: which, by definition, is a supranational network that transcends legal boundaries and jurisdictions… That's what I'm getting to. Convention 108 predates not only the Internet, but also the first IBM computer, the first Apple Mac, the first laptop… not to mention the first Smart- phone, by a very long time. But let's lay down the legal chronol- ogy, before turning to the tech- nology evolution. Basically, the need for a one- stop shop resulted in the 1996 directive becoming the General Data Protection Regulation of 2016: which, unlike a directive, has to be implemented to the letter in all member states. At first it was going to be all- encompassing; but after objec- tions by a number of member states, the police and criminal justice system were hived off. Those are now subject to a dif- ferent regime; and while it re- flects the same principles of GDPR, it is still at European directive level. All the same, the so-called 'Police Directive' does for the police and criminal jus- tice, what GDPR does for eve- rything else. But we have to qualify what is meant by 'everything else': while GDPR covers medical data, insurance data, the data retained by the State for social security purposes… it does not apply to national security and defence. This is because nation- al security is a reserved matter. The EU has no competence; it is up to each member state. But the Council of Europe does have competence; and Article 11 of Convention 108 lays down what each signatory country must do to ensure data protection at national security level. But there is still the question of whether any of these entities – the EU, the Council of Europe – actually has jurisdiction over the worldwide web… When it comes to govern- ing the Internet, jurisdiction is, in fact, the major headache. To give an example: if Raphael Vassallo writes an article in a website based in Malta; but he offends someone who is based in the UK… where is the con- flict resolution? Also, there are several other activities taking place on the Internet which nobody really wants to talk about: such as es- pionage, security, etc. In fact, my own position as UN special rapporteur was cre- ated after the Snowden revela- tions. People were incensed by all the 'snooping around' that was being done by govern- ments – not just the Americans and the British; they just hap- pened to be the ones who were outed – so the UN took the de- cision to set up a mechanism to safeguard freedom of expres- sion, freedom of association, and so on. At first, when the position was set up in 2015, the main Our mobile phones are monitoring us, warns UN Special Rapporteur on Data Protection, Prof. JOE CANNATACI. But our privacy can still be protected through a system of legal checks and balances Are you being surveilled? Raphael Vassallo Raphael Vassallo rvassallo@mediatoday.com.mt