Protection of Privacy and Data Protection in Aviation Security

Enerstvedt, Olga Mironenko

doi:10.1007/978-3-319-58139-2_2

Olga Mironenko Enerstvedt⁴

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 37))

1217 Accesses

Abstract

As discussed, the notions of privacy and data protection are central for this research. In order to analyse the impact of a particular aviation security measure on privacy and data protection and particular consequences in the Special Part, it should be explained how the terms “privacy” and “data protection” will be used in this research, how they are connected and how the interests that they denote are regulated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 99.00; Price excludes VAT (USA)

Softcover Book: USD 129.99; Price excludes VAT (USA)

Hardcover Book: USD 199.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
See Bygrave. Data privacy law: an international perspective (2014) pp. 23–26.
2.
Ibid. p. 26.
3.
See Chap. 4.
4.
See, e.g. Privacy Law and Business. EU Commissioner Vĕra Jourová says protection of personal data more than a “European” fundamental right. http://www.privacylaws.com/Int_enews_30_10_15 (30 Oct 2015) and Cline. Global CRM Requires Different Privacy Approaches (2005).
5.
Newman. Protectors of privacy: regulating personal data in the global economy (2008) pp. 8–9.
6.
See Special Part.
7.
Agreement between the USA and the EU on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offences. As of September 2015, negotiations on this agreement were finalized. http://europa.eu/rapid/press-release_MEMO-15-5612_en.
8.
Kovaleva. Informational Law of Russia (2007) p. 14.
9.
Bygrave. Privacy and Data Protection in an International Perspective. In: Scandinavian Studies in Law (2010) p. 189.
10.
For more detail on data privacy laws across Asia see Greenleaf. Asian Data Privacy Laws: Trade & Human Rights Perspectives (2014).
11.
Aristotle. Politics ([ca. 330 BC], 1983).
12.
Bygrave. Privacy Protection in a Global Context–A Comparative Overview. In: Scandinavian studies in law. Vol. 47 (2004) p. 323.
13.
Nissenbaum (2010) p. 2.
14.
See Chap. 3 – the concept of human rights.
15.
Schneier (2008) p. 63.
16.
Warren and Brandeis. The Right to Privacy. In: Harvard Law Review. Vol. 4 (1890) p. 193.
17.
Finn [et al.] Seven types of privacy. In: European data protection: coming of age (2013) p. 3.
18.
Pavesich v. New England Life Insurance Co. Supreme Court of Georgia, 122 Ga. 190; 50 S.E. 68; 1905 Ga., 3 March 1905.
19.
Solove. Understanding privacy (2008c) p. 1.
20.
Bygrave. Data protection law: approaching its rationale, logic and limits (2002) pp. 128–129.
21.
See, e.g.; Moor. The ethics of privacy protection. In: Library Trends. Vol. 39 (1990) p. 69; Tavani. Philosophical theories of privacy: Implications for an adequate online privacy policy. In: Metaphilosophy. Vol. 38 (2007) p. 2; Solove (2008c).
22.
Tavani (2007) pp. 9–10.
23.
Solove (2008c).
24.
Warren and Brandeis (1890) pp.193, 205.
25.
Tavani (2007) p. 5.
26.
Gavison. Privacy and the Limits of Law. In: Yale LJ. Vol. 89 (1979) p. 428.
27.
Solove (2008c) p. 18.
28.
Gavison (1979) pp. 421, 428–436.
29.
Posner. The economics of justice (1983) p. 268.
30.
Solove (2008c) p. 22.
31.
Westin. Privacy and freedom (1970) p. 7.
32.
Fried. Privacy In: Philosophical dimensions of privacy (1984) p. 209.
33.
Solove (2008c) p. 25.
34.
Ibid. p. 34.
35.
Inness. Privacy, intimacy, and isolation (1992) p. 140.
36.
Tirosh and Birnhack. Naked in Front of the Machine: Does Airport Scanning Violate Privacy? In: Ohio State Law Juornal. Vol. 74 (2013) p. 1301.
37.
Tirosh and Birnhack (2013) p. 1268.
38.
Finn et al. (2013) p. 6.
39.
Ibid. p. 3.
40.
Ibid. p. 4.
41.
It is believed that four types were first categorized by Clarke. Introduction to Dataveillance and Information Privacy, and Definitions of Terms (1997).
42.
Joinson and Paine. Self-disclosure, privacy and the Internet. In: The Oxford handbook of Internet psychology (2007) p. 241.
43.
Burgoon [et al.] Maintaining and restoring privacy through communication in different types of relationships. In: Journal of Social and Personal Relationships. Vol. 6 (1989) p. 132.
44.
Joinson and Paine (2007) p. 241.
45.
Finn et al. (2013) pp.8–10.
46.
Raab. Effects of surveillance on privacy, autonomy and dignity In: Deliverable D1.1: Surveillance, fighting crime and violence (2012a) p. 261.
47.
Finn et al. (2013) p. 26.
48.
Nissenbaum. Privacy as contextual integrity. In: Wash. L. Rev. Vol. 79 (2004) pp. 154–155.
49.
Badii [et al.] Visual context identification for privacy-respecting video analytics (2012) p. 366.
50.
Tirosh and Birnhack (2013) p. 1267.
51.
See Leander v. Sweden, No. 9248/81, 26 March 1987; Kopp v. Switzerland, 13/1997/797/1000, 25 March 1998; Amann v. Switzerland, No. 27798/95, 16 February 2000.
52.
Nissenbaum (2004) p. 154–155.
53.
Zoufal. “Someone to watch over me?” Privacy and governance strategies for CCTV and emerging surveillance technologies (2008) p. 46.
54.
Leese. Blurring the dimensions of privacy? Law enforcement and trusted traveler programs. In: Computer Law & Security Review. Vol. 29 (2013) p. 485.
55.
Scarfo. Biometrics: achieved assured authentication in the digital age. In: Aviation Security International. Vol. 20 (2014) p. 35.
56.
Department of Homeland Security. Privacy Impact Assessment for the DHS CCTV Systems (2012b).
57.
United States v. Dionisio, 410 U.S. 1, 14 (1973), 22 January 1973.
58.
Woodward. Privacy vs. Security: Electronic Surveillance in the Nation’s Capital (2002) p. 3.
59.
EPIC. EPIC Framework for Protecting Privacy & Civil Liberties If CCTV Systems Are Contemplated. https://epic.org/privacy/surveillance/epic_cctv_011508.pdf, 2008.
60.
Application No. 44647/98, 28 Jan 2003.
61.
Article 29 Data Protection Working Party Opinion 4/2004 on the processing of personal data by means of video surveillance (2004).
62.
Home Office. Surveillance Camera Code of Practice (2013).
63.
Leese (2013) p. 483.
64.
Carli. Assessing CCTV as an Effective Safety and Mangement Tool for Crime-solving, Prevention and Reduction (2008) p. 11.
65.
COPRA. Aviation Security Research Roadmap (2013) http://www.copra-project.eu/Results_files/D5.1%20Copra%20Aviation%20Security%20Roadmap%20V1.0_download.pdf.
66.
Woodward (2002) p. 3.
67.
Zoufal (2008) p. 10.
68.
Badii et al. (2012) p. 367.
69.
Zoufal (2008) p. 46.
70.
Gallagher. CCTV and human rights: The fish and the bicycle? An examination of Peck v. United Kingdom (2003) 36 EHRR 41. In: Surveillance & Society. Vol. 2 (2002) p. 271.
71.
Bygrave (2004) p. 327.
72.
Increasing Resilience in Surveillance Societies (IRISS). Deliverable D2.3: The Legal Perspective (2013). p. 47.
73.
Wright et al. (2015) p. 290.
74.
Badii et al. (2012) p. 366.
75.
Wright et al. (2015) p. 290.
76.
Raab (2012a) p. 261.
77.
Ibid.
78.
Solove (2008c) p. 74.
79.
Data and information are used as synonyms in this research.
80.
Schneier. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (2015).
81.
Bygrave (2014) p. 26.
82.
Kitchin. Big Data, new epistemologies and paradigm shifts. In: Big Data & Society 1.1 (2014) p 2.
83.
Schneier (2008) p. 61.
84.
Kovaleva (2007) p. 11.
85.
Joined Cases C-92/09 and C-93/09 Volker und Markus Schecke GbR and Hartmut Eifert v. Land Hessen, 9 Nov 2010, § 48.
86.
C-101/2001, Lindqvist, 6 Nov 2003, §§ 82–90; C-73/07, Satamedia, 16 December 2008, § 50–62.
87.
De Hert. The data protection framework decision of 27 November 2008 regarding police and judicial cooperation in criminal matters–A modest achievement however not the improvement some have hoped for. In: Computer Law & Security Review. Vol. 25 (2009) pp. 403–404.
88.
Article 4(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). In force 24 May 2016, shall apply from 25 May 2018.
89.
See Council of Europe. Data Protection. Compilation of Council of Europe texts (2010) p. 23.
90.
Bygrave (2014) p. 165.
91.
Raffel. Intelligence and Airports. In: FBI Law Enforcement Bulletin. Vol. 76 (2007) p. 2.
92.
See Chap. 6.
93.
Article 29 Data Protection Working Party. Opinion 4/2007 on the concept of personal data (2007).
94.
Grant. Data protection 1998–2008. In: Computer Law & Security Report. Vol. 25 (2009). p. 45.
95.
Article 29 Data Protection Working Party (2007) section III.
96.
Durant v. FSA [2003] EWCA Civ 1746, Court of Appeal (Civil Division) decision of Lord Justices Auld, Mummery and Buxton (8 December 2003).
97.
R v. Rooney [2006] EWCA Crim 1841 (12 July 2006), § 13.
98.
Joined Cases C-141/12 and C-372/12, YS v Minister voor Immigratie, Integratie en Asiel and Minister voor Immigratie, Integratie en Asiel v M and S. 17 July 2014, §§ 38 and 48.
99.
Dynamic IP addresses refer to situations in which a new address is assigned to each computer every time it connects to the Internet.
100.
Clifford and Schroers. Personal data and dynamic IPs – time for clarity? 23 Jan 2015. http://blogs.lse.ac.uk/mediapolicyproject/2015/01/23/personal-data-and-dynamic-ips-time-for-clarity/.
101.
Esayas. The role of anonymisation and pseudonymisation under the EU data privacy rules: beyond the ‘all or nothing’ approach. In: European Journal of Information Technology and Law. Vol. 6 (2015) p. 2.
102.
C-101/2001, Lindqvist, 6 Nov 2003, § 98.
103.
Article 29 Data Protection Working Party (2007).
104.
E.g. in Russia.
105.
Tanti-Dougall. Cyber security in aviation: legal aspects. In: Aviation Security International. Vol. 21 (2015) p. 14. See also Asllani and Ali. Securing information systems in airports: A practical approach. In: ICITST (2011).
106.
See below and Sect. 2.3.
107.
Increasing Resilience in Surveillance Societies (IRISS) (2013) p. 32.
108.
Gellert. The legal construction of privacy and data protection. In: Computer Law & Security Review. Vol. 29 (2013). p. 526.
109.
Bygrave. Data protection pursuant to the right to privacy in human rights treaties. In: International Journal of Law and Information Technology. Vol. 6 (1998). p. 1.
110.
Gellert (2013) p. 525.
111.
Increasing Resilience in Surveillance Societies (IRISS) (2013) p. 32.
112.
Rechnungshof decision, C-465/00 of 2003, §91.
113.
See, e.g. General Comment 16, issued 23.03.1988 (UN Doc A/43/40, 181–183; UN Doc CCPR/C/21/Add.6; UN Doc HRI/GEN/1/Rev. 1, 21–23). For more details, see Bygrave (1998) p. 1.
114.
Gellert (2013) p. 530.
115.
Increasing Resilience in Surveillance Societies (IRISS) (2013) p. 32.
116.
Adopted by General Assembly resolution 217 A (III) of 10 December 1948. UDHR is not a treaty itself, it was explicitly adopted for the purpose of defining the words “fundamental freedoms” and “human rights” in the United Nations Charter, which is binding on all 153 member states.
117.
Adopted by General Assembly resolution 2200A (XXI) of 16 December 1966, was opened for signature on 19 December 1966, entry into force 23 March 1976.
118.
The OECD member countries are: Australia, Austria, Belgium, Canada, Chile, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the UK and the USA. The EU takes part in the work of the OECD.
119.
OECD. 2013 OECD Privacy Guidelines. http://www.oecd.org/internet/ieconomy/privacy-guidelines.htm.
120.
OECD. Privacy Expert Group Report on the Review of the 1980 OECD Privacy Guidelines, 2013.
121.
OECD Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (2013) (OECD Privacy Framework 2013).
122.
OECD. 2013 OECD Privacy Guidelines. http://www.oecd.org/internet/ieconomy/privacy-guidelines.htm.
123.
Ibid.
124.
See more detail in Bygrave (2014) pp. 51–53.
125.
Members include Australia, Brunei, Canada, Chile, China, Hong Kong, China, Indonesia, Japan, Korea, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, Philippines, the Russian Federation, Singapore, South Korea, Taiwan, Thailand, the USA and Vietnam.
126.
Bygrave (2014) p. 76.
127.
Bygrave (2010) p. 200.
128.
See Chap. 4.
129.
ICAO Document 9944 – Guidelines on Passenger Name Record (PNR) data of 2010 (ICAO PNR Guidelines).
130.
IATA Recommended Practice 1701a, 2011 (PNRGOV).
131.
EOS. Position Paper on EU policies on privacy and data protection and their impact on the implementation of security solutions. September 2010.
132.
Security Industry Association. Privacy Framework https://www.securityindustry.org/SiteAssets/GovernmentRelations/gr-privacy-framework.pdf (Last modified 28 March 2014).
133.
Convention for the Protection of Human Rights and Fundamental Freedoms signed at Rome on 4 November 1950, effective 3 September 1953.
134.
Charter of Fundamental Rights of the European Union, proclaimed on 7 December 2000, entry into force from the date of entry into force of the Treaty of Lisbon on 1 December 2009, Official Journal of the European Union (2010/C 83/02), 30 March 2010. The Treaty on European Union (TEU) Article 6(1) (Official Journal of the European Union (C 83/13), 30 March 2010) provides it “same legal value” as EU’s Treaties thus it is legally binding. However, the CFREU applies only if and to the extent that EU member states implement or enforce EU law over their respective national laws.
135.
Clarke. What’s Privacy? Prepared for a Workshop at the Australian Law Reform Commission on 28 July 2006. Version of 7 August 2006. http://www.rogerclarke.com/DV/Privacy.html.
136.
S and Marper v. the United Kingdom, No. 30562/04 and 30566/04, 4 Dec 2008, §66.
137.
Kilkelly. The right to respect for private and family life. In: Human Rights Handbook, Council of Europe (2001) p. 42.
138.
Campbell v. the United Kingdom, No. 13590/88, 25 March 1992, §33.
139.
Malone v. The United Kingdom, No. 8691/79, 2 Aug 1984, §64.
140.
Kilkelly (2001) p. 25.
141.
The details about applying these criteria in general will be discussed in Chap. 5.
142.
Consolidated Version of the Treaty on the Functioning of the European Union, Official Journal of the European Union (C 83/47), 30 March 2010.
143.
Hijmans. Recent developments in data protection at European Union level (2010) p. 220.
144.
Ibid.
145.
FRA. Data Protection in the European Union: the role of National Data Protection Authorities (2010a) p. 18.
146.
ETS No.108, 28 Jan 1981 (Entry into force: 1 Oct 1985).
147.
ETS No. 181 (Opened for signature on 8 November 2001).
148.
Hijmans. Shortcomings in EU data protection in the Third and the Second Pillars, Can the Lisbon Treaty be expected to help. In: Common Market Law Review. Vol. 46 (2009) p. 1489.
149.
The Consultative Committee of the Convention for the protection of individuals with regard to automatic processing of personal data [Ets No. 108], Modernisation of Convention 108: new proposals, T-PD-BUR(2012)01Rev2_en, Strasbourg, 27 April 2012.
150.
Ad hoc Committee on data protection of the Council of Europe (CAHDATA), Abridged Report, Strasbourg, 3 Dec 2014.
151.
Bygrave (2014) p. 53.
152.
It applies to the EEA member states which are not members of the EU (Norway, Lichtenstein and Iceland). The DPD was incorporated into the 1992 Agreement on the EEA (Decision of the EEA Joint Committee No 83/1999 of 25 June 1999 amending Protocol 37 and Annex XI (Telecommunication services) to the EEA Agreement; OJ L 296/41, of 23 Nov 2000).
153.
See DPD Article 3(2), Recital 16. The exclusions and limitations of DPD are based on the pre-Lisbon so-called three “pillar” structure of the EU. The First Pillar governed the regulation of the common market, where the EU acquired a lot of power, and the Member States had lost a lot of power. The Second (common foreign and security policy) and the Third Pillars (the area of police and judicial cooperation) applied to defence and other types of foreign policy and fighting crime and protecting against internal security threats like terrorism. The EU had powers in these areas, but it was limited by Member States preserving national sovereignty (see the Maastricht Treaty: Treaty on European Union, 7 February 1992, OJ C 191, 29 July 1992.)
154.
See more details in Hijmans (2009).
155.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). In force 24 May 2016, shall apply from 25 May 2018.
156.
Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.
157.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. In force 5 May 2016; EU Member States have to transpose it into their national law by 6 May 2018.
158.
Hijmans (2010) p. 223.
159.
EDRi-gram 13.24, 16 December 2015, https://edri.org/edri-gram/13-24/.
160.
Article 29 Data Protection Working Party. Opinion 01/2014 on the application of necessity and proportionality concepts and data protection within the law enforcement sector (2014a).
161.
See more details: European Commission. Security Scanners. http://ec.europa.eu/transport/modes/air/security/aviation-security-policy/scanners_en.htm.
162.
Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
163.
Proposal for a Regulation of the European Parliament and of the Council establishing a Registered Traveller Programme, COM (2013) 97 final – 2013/0059 (COD), Brussels, 28 Feb 2013.
164.
E.g., European Committee on Legal Co-operation Report containing guiding principles for the protection of individuals with regard to the collection and processing of data by means of video surveillance (2003); Recommendation CM/Rec(2010)13 of the Committee of Ministers to member states on the protection of individuals with regard to automatic processing of personal data in the context of profiling (23 November 2010); Recommendation No.R(91) 10 on the communication to third parties of personal data held by public bodies (9 September 1991), Recommendation No.R(87) 15 regulating the use of personal data in the police sector (17 September 1987), etc.
165.
Council of Europe (2010) p. 50.
166.
Privacy International. European Privacy and Human Rights (2011).
167.
Cunningham. Big Brother is watching EU: As the US moves towards privacy reform, Europe enacts sweeping new spying powers, 20 May 2015, http://www.politico.eu/article/eu-privacy-surveillance-us-leads-act/.
168.
Ibid.
169.
Clarke (2006).
170.
Blackburn. Britain’s unwritten constitution. 2015. http://www.bl.uk/magna-carta/articles/britains-unwritten-constitution.
171.
Increasing Resilience in Surveillance Societies (IRISS) (2013) p. 57.
172.
Ibid. p. 47.
173.
Grant (2009) p. 49.
174.
See Bichard Inquiry, Final Report regarding problems of police understanding the DPA rules (2004), http://dera.ioe.ac.uk/6394/1/report.pdf.
175.
Study European Privacy and Human Rights by Privacy International (2010), the Electronic Privacy Information Center (EPIC) and the Center for Media and Communications Studies (CMCS), funded by the European Commission’s Special Programme “Fundamental Rights and Citizenship”, 2007–2013. Page 810.
176.
Privacy International (2011).
177.
Information Commissioner’s Office. In the picture: A data protection code of practice for surveillance cameras and personal information (2014).
178.
UK Department for Transport. Code of Practice for the Acceptable Use of Security Scanners in an Aviation Security Environment (2015a).
179.
Bartle and Vass. Self-Regulation and the Regulatory State: A Survey of Policy and Practice. The University of Bath (2005) p. 1.
180.
Study European Privacy and Human Rights by Privacy International (2010), the Electronic Privacy Information Center (EPIC) and the Center for Media and Communications Studies (CMCS), funded by the European Commission’s Special Programme “Fundamental Rights and Citizenship”, 2007–2013. Page 806.
181.
Killock. Legal challenge to UK Internet surveillance. 10 March 2013. https://www.privacynotprism.org.uk/news/2013/10/03/legal-challenge-to-uk-internet-surveillance.
182.
Cunningham (2015).
183.
Kingdom of Norway’s Constitution of 17 May 1814.
184.
Act of 21 May 1999 No 30 relating to the strengthening of the status of human rights in Norwegian law (the Human Rights Act).
185.
Bygrave and Aarø. Privacy, Personality and Publicity – An Overview of Norwegian Law. In: International privacy, publicity and personality laws (2001) p. 340.
186.
Bygrave (2010) pp. 172–173.
187.
Act of 14 April 2000 No. 31 relating to the processing of personal data.
188.
Regulation of 15 December 2000 No. 1265 on the processing of personal data.
189.
Act of 29 May 2010 No. 16 regarding the processing of personal data by the police and the prosecutors.
190.
Act of 20 June 2014 No. 43.
191.
Teknologirådet and Datatilsynet. Persovern – tilstand og trender (2014) p. 42.
192.
Datatilsynet, Technologies. https://www.datatilsynet.no/Teknologi/.
193.
Privacy International (2011).
194.
Statewatch. Police testing surveillance drones in Oslo. 26 October 2013. http://www.statewatch.org/news/2013/oct/drones-police-oslo1.htm.
195.
Bygrave (2010) p. 191.
196.
The Fourth Amendment to the Bill of Rights in the U.S. Constitution (1791).
197.
Schmerber v. California, 384 U.S. 757 (1966), 20 June 1996, page 384 U.S. 767.
198.
Woodward (2002) p. 3.
199.
Kornblatt. Are emerging technologies in airport passenger screening reasonable under the fourth amendment. In: Loy. LAL Rev. Vol. 41 (2007) pp. 393, 396.
200.
United States v. Epperson, 454 F.2d 769, 771 (4th Cir. 1971), 7 February 1972.
201.
Gilmore v. Gonzales, 435 F. 3d 1125 – Court of Appeals, 9th Circuit 2006, 26 January 2006, 1137–39.
202.
Sima Prods. Corp. v. McLucas, 612 F.2d 309, 312–13 (7th Cir. 1980), 3 January 1980.
203.
United States v. Aukai, 497 F.3d 955–963 (9th Cir. 2007), 10 August 2007.
204.
EPIC v. DHS, 653 F.3d 1 (D.C. Cir. 2011), 15 July 2011.
205.
Brenner. Fourth Amendment in an Era of Ubiquitous Technology, The. In: Miss. LJ. Vol. 75 (2005) p. 3.
206.
Ibid. pp. 82–83.
207.
Privacy Act of 1974, 5 U.S.C. § 552a (2000).
208.
E.g. Fair Credit Reporting Act 1970, Right to Financial Privacy Act 1978, Health Insurance Portability and Accountability Act 1996.
209.
Clarke (2006).
210.
According to the Act, “private area” is the naked or undergarment clad genitals, pubic area, buttocks, or female breast of an individual (§1801 (3)).
211.
Department of Homeland Security. Privacy Impact Assessment Update for TSA Advanced Imaging Technology (2011).
212.
Department of Homeland Security (2012b). However, this PIA concerns CCTV at DHS’ facilities rather than CCTV in airports.
213.
Manny. Personal privacy—transatlantic perspectives: European and American privacy: commerce, rights and justice—part II. In: Computer Law & Security Review. Vol. 19 (2003) p. 4.
214.
Pawlak. Made in the USA? The Influence of the US on the EU’s Data Protection Regime. In: Brussels, CEPS (2009) p. 3.
215.
Section 222 (a) of the Homeland Security Act of 2002. 6 U.S.C. 142.
216.
Steinhardt. The EU-US PNR Agreement – A Legal Analysis of Its Failures. 26 December 2011. http://www.papersplease.org/wp/2012/01/03/the-eu-us-pnr-agreement-a-legal-analysis-of-its-failures/.
217.
Bygrave (2004) p. 328.
218.
Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.
219.
Maximillian Schrems v. Data Protection Commissioner, Case C-362/14, 6 Oct 2015, § 106.
220.
This incorporates Fair Information Practice Principles to govern public-sector processing of personal data in commercial contexts. See more details in Bygrave (2014) p. 115.
221.
EPIC Alert, Volume 22.21, 11 Nov 2015, http://www.epic.org/alert/epic_alert_22.21.html
222.
Constitution of the Russian Federation of 12 December 1993.
223.
Article 23 (1) incorporates the right to the inviolability of private life, personal and family secrets, and the right to protection of honour and good name. Here and further, the English translation of the Constitution is done by Garant-Service. http://www.constitution.ru/en/10003000-01.htm.
224.
Article 23 (2) provides the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages; only in relation to this paragraph, the Constitution determines possible limitations (“Limitations of this right shall be allowed only by court decision.”). Article 22 provides the right to freedom and personal immunity. The right to inviolability of home is enshrined as a separate right (Article 25); no one shall have the right to get into a house against the will of those living there, except for the cases established by a federal law or by court decision. The right to access the documents and materials directly affecting rights and freedoms is provided by Article 24 (2). Article 24 (1) stipulates that “the collection, keeping, use and dissemination of information about the private life of a person shall not be allowed without his or her consent”. According to Article 21, “human dignity shall be protected by the State. Nothing may serve as a basis for its derogation. No one shall be subject to torture, violence or other severe or humiliating treatment or punishment. No one may be subject to medical, scientific and other experiments without voluntary consent”.
225.
Tsadykova. The constitutional right to privacy (2007) Abstract.
226.
For a more detailed overview of Russian data protection law, see Enerstvedt. Russian PNR system: Data protection issues and global prospects. In: Computer Law & Security Review. Vol. 30 (2014).
227.
Federal law of 19 December 2005 N 160-FZ On ratification of the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data.
228.
Federal law of 27 July 2006 N 152-FZ On personal data.
229.
Federal law of 27 July 2006 N 149-FZ On information, information technologies, and the protection of information, Presidential decree of 6 March 1997 N 188 On approval of the List of confidential information (stipulates that the latter covers personal data, with a few exceptions), Resolutions of Government, etc.
230.
E.g. Labour Code of 30 December 2001 N 197-FZ (Chapter 17), Tax Code of 31 July 1998 N 146-FZ (Art. 84), Federal law of 27 December 1991 N 2124-1 On mass media, Federal law of 12 August 1995 N 144-FZ On operational-search activities, etc.
231.
Federal Law of 7.05.2013 N 99-FZ On Amendments to certain legislative acts of the Russian Federation in connection with the adoption of the Federal Law On ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, and Federal Law On Personal Data.
232.
Chernova. We protect personal data through multi-stakeholder approach. In: Personal data (2013).
233.
Yakovleva. New technologies and human rights (2012) p. 12.
234.
§2 of Resolution of Government of 16 March 2009 N 228 About Federal service for supervision in the sphere of telecom, information technologies and mass communications.
235.
Kovrigin. Total non-compliance with data protection law in Russia (2012) http://can-work.ru/index.php/neews/press-tsentr-kompanii/145-law-on-personal-data-if-it-works.
236.
Izmailova. Privacy in civil law: the law of the UK, the USA and Russia (2009) Abstract, and Omelchenko and Kosterina. Private life: a sociological perspective (2005) http://www.pgpalata.ru/reshr/privacy/deb_02.shtml.
237.
Soldatov and Borogan. Russia’s Surveillance State (2013) http://www.worldpolicy.org/journal/fall2013/Russia-surveillance.
238.
Huey. When This Stuff Gets Personal! A Response to the Moscow Airport Bombing 27 January 2011 (2011b), http://www.noquarterusa.net/blog/55860/when-this-stuff-gets-personal-a-response-to-the-moscow-airport-bombing/.
239.
Izmailova (2009) Abstract.
240.
See Beroeva. Who and how do they steal databases? In: Komsomolskaya Pravda 2006.
241.
Carli (2008) p. 11.
242.
Kovaleva (2007) p. 11.

Table of Legislation and Other Legal Texts

International

OECD Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 11 July 2013 (OECD Privacy Framework 2013)
Google Scholar

European Union

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DPD).
Google Scholar

UK

Data Protection Act 1998.
Google Scholar

Reference Books and Articles

Badii, Atta et al. “Visual context identification for privacy-respecting video analytics”. Multimedia Signal Processing (MMSP), 2012 IEEE 14th International Workshop on. IEEE, 2012.
Google Scholar
Bygrave, Lee A. “Data protection pursuant to the right to privacy in human rights treaties”. International Journal of Law and Information Technology 6 (1998): 247–84.
Article Google Scholar
Bygrave, Lee A. “Privacy Protection in a Global Context – A Comparative Overview”. Scandinavian studies in law 47 (2004): 319–48.
Google Scholar
Bygrave, Lee A. “Privacy and Data Protection in an International Perspective”. Scandinavian Studies in Law, ISSN 0085-5944 (2010): 165–200.
Google Scholar
Bygrave, Lee A. Data privacy law: an international perspective. Oxford: Oxford University Press, 2014.
Book Google Scholar
Carli, Vivien. Assessing CCTV as an Effective Safety and Mangement Tool for Crime-solving, Prevention and Reduction. International Centre for the Prevention of Crime, 2008.
Google Scholar
Clarke, Roger. “What’s Privacy?” Prepared for a Workshop at the Australian Law Reform Commission on 28 July 2006. Version of 7 August 2006. http://www.rogerclarke.com/DV/Privacy.html
Cunningham, Brian. “Big Brother is watching EU: As the US moves towards privacy reform, Europe enacts sweeping new spying powers”. 20 May 2015. http://www.politico.eu/article/eu-privacy-surveillance-us-leads-act/
Finn, Rachel et al.”Seven types of privacy”. In: European data protection: coming of age. Springer Netherlands, 2013: 3–32.
Google Scholar
Gavison, Ruth. “Privacy and the Limits of Law”. Yale LJ. 89 (1979): 421–471.
Article Google Scholar
Gellert, Raphaël and Serge Gutwirth. “The legal construction of privacy and data protection”. Computer Law & Security Review 29 (2013): 522–30.
Article Google Scholar
Grant, Hazel. “Data protection 1998–2008”. Computer Law & Security Review 25.1 (2009): 44–50.
Article Google Scholar
Hijmans, Hielke and Alfonso Scirocco. “Shortcomings in EU data protection in the third and the second pillars. Can the Lisbon Treaty be expected to help”. Common Market Law Review 46.5 (2009): 1485–1525.
Google Scholar
Hijmans, Hielke. “Recent developments in data protection at European Union level”. ERA Forum. Vol. 11. No. 2. Springer-Verlag, 2010.
Google Scholar
Izmailova, N.S. Privacy in civil law: the law of the UK, the USA and Russia. Moscow, 2009.
Google Scholar
Joinson, Adam N. and Carina B. Paine. “Self-disclosure, privacy and the Internet”. The Oxford handbook of Internet psychology (2007): 237–252.
Google Scholar
Kilkelly, Ursula. “The right to respect for private and family life”. In: Human Rights Handbook, Council of Europe, 2001.
Google Scholar
Kovaleva, Natalia. Informational Law of Russia. Moscow: Dashkov and K., 2007.
Google Scholar
Leese, Matthias. “Blurring the dimensions of privacy? Law enforcement and trusted traveler programs”. Computer Law & Security Review 29 (2013): 480–90.
Article Google Scholar
Nissenbaum, Helen. “Privacy as contextual integrity”. Wash. L. Rev 79 (2004): 119.
Google Scholar
Nissenbaum, Helen. Privacy in context. Stanford, Calif., 2010.
Google Scholar
Privacy International. European Privacy and Human Rights, 2011.
Google Scholar
Raab, Charles. “Effects of surveillance on privacy, autonomy and dignity”. Deliverable D1.1: Surveillance, fighting crime and violence. Increasing Resilience in Surveillance Societies (IRISS) (ed.), 2012a.
Google Scholar
Schneier, Bruce. Schneier on security. Indianapolis, Indiana, 2008.
Google Scholar
Solove, Daniel. Understanding privacy. Cambridge, 2008c.
Google Scholar
Tavani, Herman T. “Philosophical theories of privacy: Implications for an adequate online privacy policy”. Metaphilosophy 38 (2007): 1–22.
Article Google Scholar
Tirosh, Yofi and Michael Birnhack. “Naked in Front of the Machine: Does Airport Scanning Violate Privacy?” Ohio State Law Journal 74 (2013): 6.
Google Scholar
Warren, Samuel and Louis Brandeis. “The Right to Privacy”. Harvard Law Review 4 (1890): 193–220.
Article Google Scholar
Woodward, John D. Privacy vs. Security: Electronic Surveillance in the Nation’s Capital. Rand, 2002.
Google Scholar
Wright, David et al. “Questioning surveillance”. Computer Law & Security Review 31 (2015): 280–92.
Article Google Scholar
Zoufal, Donald. “Someone to watch over me?” Privacy and governance strategies for CCTV and emerging surveillance technologies. Naval Postgraduate School, Monterey CA, 2008.
Google Scholar

Reports and Other Resources

Council of Europe (2010) Data Protection. Compilation of Council of Europe texts. Strasbourg, 2010.
Google Scholar
EPIC (2008) EPIC Framework for Protecting Privacy & Civil Liberties If CCTV Systems Are Contemplated, 2008.
Google Scholar
Increasing Resilience in Surveillance Societies (IRISS) (2013). Deliverable D2.3: The Legal Perspective, 2013.
Google Scholar

Download references

Author information

Authors and Affiliations

Aviation and ICT Law Consulting, Langhus, Norway
Olga Mironenko Enerstvedt

Authors

Olga Mironenko Enerstvedt
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Enerstvedt, O.M. (2017). Protection of Privacy and Data Protection in Aviation Security. In: Aviation Security, Privacy, Data Protection and Other Human Rights: Technologies and Legal Principles. Law, Governance and Technology Series(), vol 37. Springer, Cham. https://doi.org/10.1007/978-3-319-58139-2_2

Download citation

DOI: https://doi.org/10.1007/978-3-319-58139-2_2
Published: 20 September 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58138-5
Online ISBN: 978-3-319-58139-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics