User Privacy in a World of Digital Surveillance

  • Susan Perry
  • Claudia Roda


The previous chapter explored the ways in which human rights law may be extended to the architecture and use of digital hardware, requiring states to protect vulnerable populations from the potentially harmful effects of electromagnetic radiation, as they would for any other type of pollution. The digital systems that comprise the Internet are a rapidly evolving combination of hardware and software that enables instantaneous communication, forming the cornerstone of the ‘new economy’. These systems—the entities that capture, process or further disseminate information—generate reams of personal data that may be tracked by policing systems or sold to a third party without the user’s knowledge. Moreover, governments and the private sector often cooperate to monitor or proscribe online content and user behaviour in the name of public interest or safety. Nonetheless, any action—public or private—explicitly directed at the unauthorized collection or distribution of personal data may violate an individual’s right to privacy. Digital surveillance, like pollution, is carefully circumscribed in law and is subject to the recognition of privacy as a human right. In an age of Big Data, privacy enhancing technologies and privacy-by-design are a critical component in the delivery of technology that enhances democratic dialogue and facilitates human lifestyles, while reinforcing the premise of human rights. This chapter will (1) explain the technology necessary to track citizens for policing and commercial purposes, (2) examine the legal framework that protects user privacy, while still enabling the circulation of information that underpins modern social and economic structures and permits state surveillance in an emergency, and (3) explore new ways of thinking about digital privacy that empower the user to have greater control over his or her personal data, thereby contributing to the reinforcement of democracy itself.


Personal Data Privacy Protection Internet Engineer Task Force Information Security Management Private Information Retrieval 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Acquisti, A., Grossklags, J. (2007). What can behavioral economics teach us about privacy? In Acquisti, A., et al. (Eds.), Digital privacy: Theory, technologies, and practices. Boca Raton, FL: CRC Press, Auerbach Publications.Google Scholar
  2. Agrawal, R. (2002). Why is P3P Not a PET? Electronic privacy information center. Retrived April 28, 2016, from
  3. Assemblée Nationale. (1789). Déclaration des droits de l’homme et du citoyen de 1789. Retrived April 10, 2016, from
  4. Boyle, J. (2008). The public domain. Enclosing the commons of the mind. New Haven, CT: Yale University Press.Google Scholar
  5. Cohen, D., & Wells, J. W. (2004). American national security and civil liberties in an era of terrorism. New York City: Palgrave Macmillan.CrossRefGoogle Scholar
  6. Commission nationale de l’informatique et des libertés. (2012). Vie privée à l’horizon 2020: paroles d’experts, Cahiers IP: innovation et prospective, No. 1.Google Scholar
  7. Council of Europe. (1952). Protocol No. 1 to the European Convention for the Protection of Human Rights and Fundamental Freedoms, E.T.S. 9, 213 U.N.T.S. 262, entered into force 18 May 1954.Google Scholar
  8. Diaz, C., Gürses, S. (2012). Understanding the landscape of privacy technologies. Extended abstract. Information Security Summit 2012.Google Scholar
  9. Electronic Frontier Foundation. (2016a). Net neutrality. EFF. Retrived April 10, 2016, from
  10. Electronic Frontier Foundation. (2016b) Why Metadata Matters. EFF. Retrived April 10, 2016, from
  11. European Commission. (2015) Data protection Eurobarometer Factsheet. Retrived October 15, 2015, from (home page).
  12. FaberNovel. (2014). GAFAnomics: New economy, New Rules, LinkedIn Corporation. Retrived October 15, 2015, from
  13. Finn, R., Wright, D., & Friedewald, M. (2013). Seven types of privacy. In S. Gutwirth, Y. Poullet, et al. (Eds.), European data protection: Coming of age? Dordrecht: Springer.Google Scholar
  14. Fitzgerald, B., Shi, S., Foong, C., & Pappalardo, K. (2011). Country of origin and internet publication: Applying the Berne Convention in the digital age. Journal of Intellectual Property (NJIP) Maiden Edition, 38–73.Google Scholar
  15. Foucault, M. (1977). Discipline and punish: The birth of the prison. New York: Vintage Books.Google Scholar
  16. Froomkin, M. (2015, October 23–26) Legal (and political) aspects of designing privacy-enhanced digital personae. Presented at the Amsterdam Privacy Conference 2015.Google Scholar
  17. Fraunhofer Institute (2016). SHORE™—Object and face recognition. Fraunhofer Institute for Integrated Circuits IIS. Retrived April 28, 2016, from (home page).
  18. Gandomi, A., & Haider, M. (2015). Beyond the hype: Big data concepts, methods, and analytics. International Journal of Information Management, 35(2), 137–144.CrossRefGoogle Scholar
  19. Gershman, J. (2016, February 17). Apple v. Justice Department: Politicians and activists take sides on encryption order. Law Blog. The Wall Street Journal. Retrived April 30, 2016, from (home page).
  20. Greene, J., Barrett, D. (2016, April 15–7). Microsoft sues US on secret searches. The Wall Street Journal.Google Scholar
  21. Gurses, S., Troncoso, C., & Diaz, C. (2015, October). Engineering privacy by design reloaded. Presented at the Amsterdam Privacy Conference 2015.Google Scholar
  22. Gutierrez, E. (2004). Privacy implications of nanotechnology. Electronic privacy information center. Retrived April 28, 2016, from (home page).
  23. Harper, R. (Ed.). (2014). Trust, computing and society. London: Cambridge University Press.Google Scholar
  24. Hoepman, J. H. (2014). Privacy design strategies. In Cuppens-Boulahia, N., et al. (Eds.), ICT Systems security and privacy protection. IFIP Advances in Information and Communication Technology (p. 428, pp. 446–459).Google Scholar
  25. Hoeren, T. (2014). Big data and the ownership in data. Recent developments in Europe. European Intellectual Property Review, 12, 751–754.Google Scholar
  26. House of Representatives. (2011–2012). Stop Online Piracy Act, 112th Congress, 2nd Session, H.R. 3261, The Library of Congress. Retrived March 13, 2016, from (home page).
  27. Internet Engineering Task Force. (2016). IETF. Retrived April 10, 2016, from (home page).
  28. Internet Privacy Engineering Network. (2016). IPEN objectives. Retrived April 10, 2016, from
  29. Internet Society. (2012). Global internet user survey 2012, ISOC. Retrived March 30, 2016, from (home page).
  30. International Organisation for Standardisation. (2016). ISO/IEC 27001—Information security management, ISO. Retrived March 30, 2016, from
  31. International Telecommunication Union. (2016). The world in 2015: ICT facts and figures. Retrived March 5, 2016, from (home page).
  32. Internet Architecture Board. (2013). Privacy considerations for internet protocols. Internet Engineering Task Force, RFC 6973, July. Retrived April 10, 2016, from
  33. Internet Society (2016). Internet society mission statement. Retrived April 30, 2016, from
  34. Lessig, L. (2004). Free culture. How big media uses technology and the law to lock down culture and control creativity. New York: Penguin.Google Scholar
  35. Lindell, Y. (2010). Anonymous authentication. Journal of Privacy and Confidentiality, 2, 35–63.Google Scholar
  36. Loi no. 78-17. (1978). Relative à l’informatique, aux fichiers et aux libertés, JORF du 7 Janvier 1978, p. 227.Google Scholar
  37. Morozov, E. (2013, October 22). The real privacy problem. MIT Technology Review, p. 23.Google Scholar
  38. Office of the High Commissioner for Human Rights. (1988, April 8). CCPR general comment no. 16: Article 17 (Right to Privacy) The right to respect of privacy, family, home and correspondence, and protection of honour and reputation. Adopted at the Thirty second Session of the United Nations Human Rights Committee.Google Scholar
  39. Office of the High Commissioner for Human Rights. (2014, June 30). The right to privacy in the digital age. Report presented at the Twenty-seventh Session of the United Nations Human Rights Council, A/HRC/27/37.Google Scholar
  40. Nissenbaum, H. (2011). A contextual approach to privacy online. Daedalus, 140(4), 32–48.CrossRefGoogle Scholar
  41. Organisation for Advancing Open Standards for the Information Society. (2016). Oasis consortium. Retrived April 10, 2016, from (home page).
  42. Peng, K. (2014). Anonymous communication networks: Protecting privacy on the web. Boca Raton, FL: CRC Press, Auerbach Publications.CrossRefGoogle Scholar
  43. Pew Research Internet Project. (2013). Anonymity, privacy and security online. Pew Research Center. Retrived April 10, 2016, from
  44. Popsecu, M., Baruh, L. (2015, October 23–26). Consumer surveillance and risk of harm in the age of big data: An ethical analysis. Presented at the Amsterdam Privacy Conference 2015.Google Scholar
  45. Posner, R. (2013, April 28). Privacy is overrated. New York Daily News.Google Scholar
  46. Troncoso, C. (2015). Privacy-preserving tools to support privacy-by-design. Security Engineering Forum. Retrived January 30, 2015, from
  47. United Nations General Assembly. (1948). Universal Declaration of Human Rights, G.A. res. 217 A (III), adopted by the U.N. Doc. A/810, 10 December.Google Scholar
  48. United Nations General Assembly. (1966). International Covenant on Civil and Political Rights, G.A. res. 2200A(XXI), 21 U.N. GAOR Supp. (No. 16) at 52, U.N. Doc. A/6316, 999 U.N.T.S. 171, entered into force 23 March 1976.Google Scholar
  49. United Nations Secretary-General Hammarskjold. (1955, July 1). Annotations on the text of the draft International Covenants on Human Rights, UN Doc. A/2929.Google Scholar
  50. Vaidhyanathan, S. (2001). Copyrights and copywrongs: The rise of intellectual property and how it threatens creativity. New York: New York University Press.Google Scholar
  51. Warren, S., & Brandeis, L. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.CrossRefGoogle Scholar
  52. World Wide Web Consortium. (2016). Platform for privacy preferences (P3P) Project, W3C. Retrived April 29, 2016, from
  53. Wright, D., & Friedewald, M. (2013). Integrating privacy and ethical impact assessments. Science and Public Policy, 40, 755–766.CrossRefGoogle Scholar


  1. Court of Justice of the European Union. (2014). Judgment in Joined Cases C-293/12 and C-594/12, Digital Rights Ireland, 8 April.Google Scholar
  2. Court of Justice of the European Union. (2014) Judgment in Case C-131/12, Google v. Costeja González, 13 May.Google Scholar
  3. Court of Justice of the European Union. (2015) Judgment in Case C-362/14, Maximillian Schrems v. Data Protection Commissioner, 6 October.Google Scholar
  4. United States Court of Appeals, Second Circuit. (2015) American Civil Liberties Union v. James Clapper, Docket No. 14-42-CV, decided 7 May.Google Scholar
  5. United States District Court, Western District of Washington at Seattle. (2016) Complaint for declatory judgment. Microsoft v. U.S. Department of Justice, DWT 29162898v13 0025936-002444, 14 April.Google Scholar

Copyright information

© The Author(s) 2017

Authors and Affiliations

  • Susan Perry
    • 1
  • Claudia Roda
    • 1
  1. 1.American University of ParisParisFrance

Personalised recommendations