In the world of digital technologies, which are developing at an uncontrollable pace every day, the right to privacy is becoming essential, while violations and limitations of this right are becoming increasingly common. The right to privacy is a fundamental human right guaranteed by international conventions and agreements, including the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights of 1966, as well as the European Convention on Human Rights and Fundamental Freedoms from 1950. On the other hand, as stipulated by Article 4 of the European Convention, the right to privacy, being a relative human right, can be limited if such limitation is in accordance with the law or necessary for the protection of “national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, the protection of health or morals, or the protection of the rights and freedoms of others.”
Privacy vs Security
The guaranteed right to privacy of individuals is increasingly being challenged by the widespread practice of establishing biometric video surveillance of public spaces (smart surveillance), which simultaneously collects and processes biometric personal data of individuals under surveillance. Moreover, the implementation of smart video surveillance is often justified by the necessity to protect the public from crime and potential disorder, and to protect the fundamental rights and freedoms of citizens, even though this type of surveillance directly intrudes on one of the fundamental human rights – the right to privacy. In the context of maintaining national, civil, and cyber security, biometric video surveillance typically performs monitoring and preventive functions in the fight against cybercrime and other attacks on the state’s critical infrastructure. Biometric surveillance is becoming an increasingly common solution in countries such as China, the United Kingdom, Germany, and some Western Balkan countries (such as Serbia in 2020 – *“Thousand Cameras Project”, Montenegro in 2023).
The use of these technologies in securing public spaces is conditioned by the lawfulness, transparency, and proportionality of the processing of biometric personal data. Real-time facial recognition biometric surveillance technology is based on the assumption that all citizens are potential criminals: their movements and encounters are recorded, which seriously intrudes on the right to privacy. Biometric surveillance of public spaces, especially when combined with available metadata on interactions between citizens, can provide alarming amounts of information on the movement, habits, and personal characteristics of monitored individuals, representing a serious threat to privacy. Any smart surveillance system of public areas must be lawful and proportionate, with minimal limitations on the right to privacy and measures to prevent possible abuse.
Nevertheless, smart biometric surveillance is not infallible in its assessments and data collection, which has resulted in an increasing number of false positive identifications of individuals from public spaces with those from criminal records, inevitably leading to serious limitations or violations of citizens’ fundamental rights and freedoms. Biometric video surveillance of public areas, in combination with appropriate AI tools, is increasingly used for so-called predictive policing — i.e., the forecasting and prevention of criminal activities. For instance, a recent study by the New York University Law Review, which investigated 13 federal jurisdictions across the United States, found that predictive policing systems in these jurisdictions exacerbated existing discriminatory practices in law enforcement.
Due to the misuse of personal data through unlawful or unauthorized collection, storage, or handling, significant human rights and freedoms may be violated, including: the human right to freedom of religion, freedom of expression, freedom of sexual orientation, the right to the presumption of innocence, and the right to be protected from discrimination on any grounds, or based on affiliation with any political, religious, or other social group. On the other hand, collected biometric data, being sensitive in nature, are especially vulnerable to abuse, particularly when they are not stored under technical conditions required by international standards, or when they are processed, stored, or handled by individuals who are untrained or unauthorized to deal with sensitive personal data.
Ethics in Personal Data Management
Any form of collection, processing, or management of personal data must be conducted in accordance with the principles of data ethics — which entail lawful and fair treatment of all forms of use and management of personal data. At the same time, there is a fundamental need to protect human dignity and the fundamental right to privacy, especially in the context where personal data are increasingly subject to misuse and unauthorized possession or distribution. This is a consequence of the fact that personal data are becoming increasingly valuable in the marketplace (as evidenced by numerous cases). Ethical management of personal data requires the establishment of an adequate and objective balance between the protection of citizens’ right to privacy and the need to use collected data for legitimate purposes.
