This part of the handbook presents questions that can be considered by stakeholders in different surveillance practices. By “surveillance practices”, we refer to the information systems, devices and processes that are used to monitor people and enable their data to be gathered, analysed and applied to individuals or groups of individuals. Stakeholders in surveillance practices comprise those who conduct surveillance: service providers, governments and the consultancies that advise them. Those who seek to regulate or critique those practices, such as policy-makers and civil society organisations, are also stakeholders. The public – often the subjects of surveillance, but also those to whom surveilling authorities are answerable – are considered stakeholders as well.
The questions that follow are designed to alert stakeholders to the potential harms that may arise from surveillance practices so that they can then anticipate, avoid and recover from those harms. In other words, they can influence society’s resilience to surveillance. Such harmful consequences include – but are not limited to – infringement of fundamental rights, economic and environmental harms, and social harms such as discrimination and the erosion of trust. Some questions are generic and applicable across all categories of stakeholders, while others are more specific to particular stakeholder groups. Some questions are focused upon particular systems, whereas others have a more general frame of reference concerning society at large. All stakeholders, and not only those referenced in this handbook, should ask questions about the lawfulness, necessity, proportionality and purpose of surveillance systems. They should also question their impact on society and democratic traditions, and about the measures that can be taken to improve resilience. It is not enough simply to focus on the infringements of surveillance on individual privacy, because the effects of surveillance are felt throughout society.
Any stakeholder can ask the following questions of any information processing system that involves personal data, whether it be an RFID-embedded travel card, a body scanner, an identification system, a data profiling system, an automated number plate recognition (ANPR) system, a location-based service, a CCTV network or a credit scoring system. A surveillance system consists of many components, technological, human and institutional. Asking questions about a surveillance system is most useful before a decision has been taken to proceed with it, as happens in a privacy impact assessment (PIA). However, many questions are also useful when scrutinising an existing system. Reflecting on such questions will help to inform stakeholders about a surveillance system, its individual and social impacts, and its social, political and legal acceptability.
With regard to the existing or planned information processing system, programme, practice or technology:
- What is the purpose of the system?
- Is it really necessary? Is it lawful? Is it proportionate to the envisaged purpose?
- What less intrusive alternatives are available?
- Who will develop, operate and authorise it?
- Who will have access to the data collected by it?
- How long will the collected data be stored? When will the data be deleted? What measures will be put in place to store or transmit the data securely?
- To what extent will stakeholders, including the public, be consulted about it and its effects?
- What external oversight is in place, including a regular, independent, third-party, publicly available audit?
- How will system operators be trained so that they are sensitive to any harmful consequences?
- Does the system enable individuals to be identified? If so, is that necessary? Does it provide individuals with a means to opt out?
- Does the system process “sensitive” personal data? If so, is that necessary?
- Whose interests does the system serve?
- Does the system create identifiable harms, e.g., social, environmental, economic or human rights-related harms?
- If surveillance cannot be avoided or its effects mitigated, how can society be empowered to build capacities to deal with its consequences?
- Have the possible negative impacts and risks of the implementation or continuation of the particular surveillance system been considered? How do these relate to the benefits?