Skip to main content

2017 | Book

Privacy, Data Protection and Cybersecurity in Europe


About this book

This book offers a comparative perspective on data protection and cybersecurity in Europe. In light of the digital revolution and the implementation of social media applications and big data innovations, it analyzes threat perceptions regarding privacy and cyber security, and examines socio-political differences in the fundamental conceptions and narratives of privacy, and in data protection regimes, across various European countries. The first part of the book raises fundamental legal and ethical questions concerning data protection; the second analyses discourses on cybersecurity and data protection in various European countries; and the third part discusses EU regulations and norms intended to create harmonized data protection regimes.

Table of Contents

Introduction: Privacy, Data Protection and Cybersecurity in Europe
The Conceptual and Factual Field
Our introduction consists of four steps. In the first, we prepare the field by defining and discussing the core concepts of this book—privacy, data protection and cybersecurity. All three issues come with a distinct research tradition, but in the digitised society, these issues increasingly overlap, which arguably necessitates a fresh scientific approach. In the second step, we try to disentangle the complex net of interests and dynamics around these issues by proposing an actor-based approach, distinguishing three ideal-types of actors: citizens/users, the business sector and the state which we understand as forming a triangular relationship, a “ménage a trois”, where all interests are also related to collective societal values such as security, efficiency, equality and trust. This concept is hardly novel, but it allows us to identify a distinct social science perspective on privacy and data protection as politically contested issues—a perspective which is currently largely missing in the literature. It also offers a framework for comparative studies, as for example societies can be expected to direct their regulatory efforts towards different balances of interests. In the third step, we focus particularly on cybersecurity and suggest on the basis of a literature review that discourse studies offer an interesting avenue for comparative study, advancing new research that goes beyond technicalities and connects cybersecurity with broader societal factors as identified above. In the fourth step, the introduction concludes with a brief overview of the individual contributions that we have organized in three sections.
Max-Otto Baumann, Wolf J. Schünemann

Fundamental Issues of Privacy and Data Protection

Spain: The Right to Be Forgotten
The Right to Privacy and the Initiative Facing the New Challenges of the Information Society
The right to be forgotten appeared on the internet scene with the judgment of the European Court of Justice on Mario Costeja v. Google Spain (May 2014). Despite the controversy raised by this resolution, the right to be forgotten is actually a new expression of the European system of protection of personal data. The chapter aims to show the development of the right to be forgotten in Spain and, in this process, the relevance of the two main Spanish cases, Mario Costeja v Google Spain and Les Alfacs v Google Spain which represent both the personal aspects and corporate interests in the right to be forgotten.
Ana Azurmendi
Harvesting Social Media for Journalistic Purposes in the UK
The Balance Between Privacy Rights and Freedom of Expression
Social media have been shown to have the potential to broaden the scope of public communication and public sphere processes. In repressive societies or contexts, they can function as an alternative public sphere challenging the mainstream; but it also allows citizens in open, democratic societies to participate more actively in these processes. At the same time, established mainstream media institutions retain a dominant position in the public sphere. This chapter explores the relationship between editorial policies, guidelines and regulations in the UK, with a special focus on the use of social media as sources in domestic local news coverage. These codes govern everyday journalistic practice and hence shape individual journalists’ behaviour in relation to sourcing. A tension arises out of the juxtapositioning of a journalist’s right to freedom of expression and an individual’s expectation of privacy.
Bernhard Gross

Discourses on Cybersecurity and Data Protection in Comparative Perspective

Analysing the French Discourse About “Surveillance and Data Protection” in the Context of the NSA Scandal
Methodological Reflections and Results in Terms of Content
In June 2013, the secret actions of the American National Security Agency (NSA) got revealed by Edward Snowden. After that, the European states began discussing the concept of data protection and the legality of keeping people from other nations under surveillance. As this provoked a political crisis, the partnership with the USA was called into question. This chapter will focus on the specific characteristics of the French perception of the NSA affair and the reactions to it. By the aid of qualitative and quantitative linguistic methods, the European and American discourse actors will be analysed as well as the way in which they shape the various facets of the discourse. The corpus, which was built for this analysis, consists of French newspaper articles from both print press and online platforms.
Verena Weiland
Solving the Surveillance Problem
Media Debates About Unwanted Surveillance in Finland
This chapter examines the way surveillance is discussed in the leading Finnish newspaper Helsingin Sanomat after the revelations made by former NSA-contractor Edward Snowden. In 2013, Snowden provided journalists with documents that revealed the unexpected extent of surveillance conducted by security agencies such as the NSA. Drawing on Critical Discourse Studies and a Foucauldian view of discourse, this article understands media discussions following the Snowden revelations as discursive struggles where the legitimacy and future of surveillance are being constructed and debated. The article examines the ways the media formulates solutions to the problems posed by surveillance, and explores the way they contribute to the overall discursive struggle. The solutions appearing in the data are categorised into two main categories, next step solutions and direct solutions. Overall, it is concluded that solutions play a minor role in the news coverage as they tend to appear briefly and rarely as subjects of debate. This means that solutions do not make a substantial contribution to the discursive struggle over surveillance and, furthermore, leads to an understanding of surveillance as a practice that is difficult to change.
Minna Tiainen
The Unshaken Role of GCHQ
The British Cybersecurity Discourse After the Snowden Revelations
Extensive surveillance practices that were revealed by Edward Snowden sparked debates about appropriate state behavior in cyberspace. The governments of the US and UK faced harsh criticism following the first revelations in June 2013. Disclosed documents and statements from Edward Snowden suggested that the British GCHQ acted even less restrained than its American counterpart. Those developments nevertheless didn’t lead to more limitations of surveillance capabilities in Britain. Quite the contrary, the Government legalised some of the revealed practices with the Investigatory Powers Act. This chapter therefore addresses the following question: how was it possible for GCHQ’s surveillance practices to remain stable after the Snowden revelations? In order to answer this question a role theoretical analysis of the domestic processes of role contestation and role stabilisation is conducted. It is argued that the continuity of surveillance practices is best understood by looking at the historical experiences the Britons have made with their intelligence agencies.
Stefan Steiger
The Ambiguous Relation Between Privacy and Security in German Cyber Politics
A Discourse Analysis of Governmental and Parliamentary Debates
Edward Snowden’s revelations regarding the NSA surveillance activities globally reignited debates on the tension between freedom and security. Within those debates, the issues of cybersecurity and data protection are oftentimes part of the same meta-narrative even as they represent differing aspects in the question of how much freedom must be relinquished in order to guarantee a state’s security. This chapter sets out to disentangle the discourses of cybersecurity and data protection in German governmental and parliamentary discourse post-Snowden. To achieve this, we analysed both government and parliamentary documents using the Sociology of Knowledge Approach to Discourse (SKAD). Aside from a meta-narrative of cyber anxiety, we found that problem definitions are used in governmental and parliamentary discourse on cybersecurity and data protection in very similar ways. The frames and narratives regarding proposed solutions offer distinctions, as parliamentary speakers tend to emphasise the importance of privacy and data protection over cybersecurity.
Katharina Dimmroth, Wolf J. Schünemann

Europeanisation: Centre and Periphery

Protecting or Processing?
Recasting EU Data Protection Norms
The European Union is well-known for its high levels of data protection and concern about the effects of data sharing on individuals’ privacy. The 1995 Data Protection Directive (95/46/EC) established clear norms that have guided the development of data protection laws at the national level. However, these principles have often been tested by advances in the field of law enforcement, where personal data has increasingly been processed for the purpose of fighting crime. This tension has become more problematic with the advent of the Treaty of Lisbon, which has ‘constitutionalised’ data protection as a fundamental right in Article 16 of the Treaty on the Functioning of the European Union (TFEU) and Article 8 of the Charter of Fundamental Rights. This chapter explores to what extent the tension between data protection and data processing has been solved in the process of recasting the former provisions for the protection of personal data. The ‘package approach’ to the reform process has managed to improve the coherence of data protection in the private and the public sectors, but the tensions between privacy and security remain—especially in the law enforcement domain.
Ariadna Ripoll Servent
Lithuania and Romania to Introduce Cybersecurity Laws
Attaining Information Security at the Cost of Individuals’ Rights
While the proposal for a Network and Information Security Directive (NIS Directive) was still entangled in the legislative process, EU member states started adopting cybersecurity laws. These laws largely follow the philosophy of the NIS Directive and aim at establishing a culture of security across operators of essential services and digital service providers, including providers of banking, energy, transport, financial infrastructure, health and drinking water. These laws are often based on key legal principles, such as non-discrimination and proportionality. However, the compatibility of the newly adopted laws with the human rights framework enshrined in EU treaties as well as in the Council of Europe conventions is subject to discussion. Following this observation, this chapter reflects on the legislative processes and substantive provisions of cybersecurity laws in Lithuania and Romania. An in-depth analysis of the recent developments in the two countries and of the interaction between national and European Union legal frameworks unveils several inconsistencies in the application of EU data protection principles. In analysing regulatory and legal issues concerning cybersecurity policy, the chapter employs two different approaches to examine Lithuanian and Romanian cybersecurity laws. The first approach entails an analysis of these laws as “good regulation”, following up on the concept of the regulatory scholars Robert Baldwin and Martin Cave. The second approach considers the scope of potential limitations which the two cybersecurity laws can impose on human rights. These findings will be complemented by questions which require further research from a social science point of view.
Lina Jasmontaite, Valentina Pavel Burloiu
Privacy, Data Protection and Cybersecurity in Europe
Wolf J. Schünemann
Max-Otto Baumann
Copyright Year
Electronic ISBN
Print ISBN