Privacy and security have long been framed as incommensurable concepts that had to be traded off against each other. While such a notion is rather under-complex, it has been quite persistent. In recent years, however, the relation has undergone a transformation and is now either conceived of as a technological issue that is set to be resolved through privacy by design (Leese, 2015), or as a legal question in terms of data protection, thus regulating who is entitled to collect, store, process, and share personal information - and at the same time granting citizens the right to rectification, erasure and blocking, compensation and judicial redress (Gutwirth et al., 2013; Friedewald et al., 2010). Thus, the handling of personal information has ascended to be one of the core issues when thinking about privacy and security, and the data protection regime has become quite powerful (Bellanova, 2014).Such a notion of data protection becomes particularly striking, as across European Union policy discourse on security, interoperability and associated notions of seamless integration, systems-of-systems, and 'plug-and-play' now loom large. With the establishment of manifold databases and information systems such as SIS, VIS, or EURODAC, questions of access and processing of data for the sake of identifying threats and establishing security have come to the fore (Geyer, 2008). Data protection has thus emerged not only to be the forum for discussing privacy and/vs security, but also as a means to govern security. This paper seeks to re-conceptualize data protection as a mechanism for government both for and of security, and attempts to retrace its disciplinary powers through the specific regulations it imposes on actors.
The abstracts and papers on this website reflect the views and opinions of the author(s). UACES cannot be held responsible for the opinions of others. Conference papers are works-in-progress - they should not be cited without the author's permission.