IDP2015 (VII). E.J. Koops: Physical and Online Privacy: fundamental challenges for level frameworks to remain relevant

Notes from the 11th Internet, Law and Politics Congress: Regulating Smart Cities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 2-3 July 2015. More notes on this event: idp2015.

Physical and Online Privacy: fundamental challenges for level frameworks to remain relevant.
Prof. Dr. E.J. Koops. Professor of Regulation & Technology (Tilburg Institute for Law, Technology, and Society)

Is it legal, or should it be allowed to:

  • Scan homes with termal equipped drones in search of hemp domestic plantations?
  • Take a snapshot of a stranger, google them, recognize their faces, peek at their social networking profiles and start a conversation with them on their preferences?
  • Track people inside shops with wifi-tracking, analyze their movements in the shop and thus place advertising on the counter?

Conceptual history of locating privacy:

  • The body (habeas corpus): physical privacy.
  • The home: physical privacy + private space.
  • The letter: physical privacy + closed ‘space’ between homes.
  • The telephone: ‘closed’ ‘space’ between homes.
  • Mobile phone: ‘closed’ ‘space’.
  • The computer: protecting data, not spaces.
  • The cloud: loss of location.

The home evaporates. There is a lot of information that now one can access without entering a home. And, usually, looking inside without entry is allowed. Same happens now with technology and digital data. The public space is increasingly becoming privacy-sensible: increased traceability, increased identifiability (face recognition, augmented reality)…

And with the trend to improve body functions through implants and prosthesis, the body itself sort of becomes a “public space” as its data (including brain stimuli) can be exported out of the body.

It is increasingly difficult to draw the technical distinction between traffic data and content of communications, particularly on an Internet context. The distinction, indeed, is becoming less relevant, as traffic data are also increasingly privacy-sensitive (location, profiling).


  • Data protection law cannot give individuals control over their data.
  • Too much confidence in the controller/regulator: the law is becoming too complex.
  • Regulating everything in one statutory law: impossibility for comprehensiveness.

What is privacy?

  • The right to be let alone.
  • Controlling information about oneself.
  • Freedom from judgement of others.
  • Freedom from unreasonable constraints.
  • Depends on the context.

More information


11th Internet, Law and Politics Conference (2015)