How to ensure consent is truly informed and freely given in situations where power imbalances arise, as well as cultural barriers and emotional implications? Researchers Georgios Glouftsios, Stefania Milan and Gianclaudio Malgieri tried to answer this question as part of “Data Dilemmas 2021 ”.
Biometrics implies that knowledge of the human body reveals something about the human self. These technologies are not only aimed at establishing the identity of an individual, but they also allow the authorities to access digital files containing various administrative information concerning him. This information can reveal, for example, when and where a migrant applied for asylum, when and where he applied for a visa, etc. The work of Georgios Glouftsios as a postdoctoral researcher at the School of International Studies of the University of Trento led him to the conclusion that the data extracted from the bodies and their links with this administrative information are used to make migrants controllable subjects.
Referring to Simone Browne’s book (Dark Matters: On the Surveillance of Blackness), Glouftsios explains that this kind of obsession with organ control has a long history dating back to the transatlantic slave trade. As Browne shows in his book, hot-ironing slave branding functioned as an early biometric technology: it was a practice by which enslaved people were signified as commodities to be bought, sold, and traded. The mark, in this context, referred to the relationship between the black body and the “owner”. Slavery was an act of rationalization: by making black bodies a commodity, it allowed their dehumanization to insert them into a profit-making system of exploitation.
Today, branding with biometric identification technologies used for border and migration management is of course something else. However, Glouftsios believes that the operating logic is quite similar: non-Europeans are othered because the numerical codes give them a new meaning and a new identity. Codes are used to categorize them as ‘migrants’ and ‘asylum seekers’; they are treated as inherently suspect subjects, not on the basis of their past conduct, but of their non-white, non-European nationality and origin.
In fact, the list of countries whose citizens are required to apply for a visa before traveling to the EU and thus register in the Visa Information System comes mainly from the Global South. As part of the visa application process, these people are required to provide bodily evidence in the form of biometric data, which is stored in pan-European databases used by state authorities to monitor their movements. In the context of migration management, this movement control takes the form of traceability (the State’s ability to predict its movements and bureaucratic traceability first by identification, then digital traces) and confinement (in the purpose of slowing down, intercepting, and redirecting migrants).
There are several biometric databases in Europe. EURODAC (European Fingerprint) registers the fingerprints of asylum seekers – but also of people caught in the act of crossing borders illegally – and helps to determine which Member State is responsible for examining the application. The Visa Information System (VIS) allows EU Member State consulates in countries where asylum seekers live to create digital files for people applying for a visa before they travel to the EU. These records are then consulted to understand whether applicants intend to migrate from Member States after their visas have expired, to assess any security risks they may pose and to verify the validity and authenticity of visas at border crossing points. The future entry/exit system will be able to calculate the length of authorized stay for all migrants who are in the EU, and detect those who no longer have the right to stay.
Other biometric databases are used by law enforcement and are not strictly related to border security and migration management. One of them is the Shengen Information System (SIS II) which collects alerts relating to persons convicted of a criminal offense in one or more Member States as well as to suspects for whom there are reasons to believe that they have been involved or will be involved in criminal or terrorism-related activities.
These databases transform people into veritable “objects of control”. But many migrants rightly rebel and refuse to provide biometrics, sometimes adopting forms of dissent that also include self-inflicted acts of violence – such as burning one’s fingerprints. In these cases, consent is of course difficult to obtain, or it is forced by the use of “good practices”. One of them is counseling, aimed at persuading migrants to give their fingerprints voluntarily. However, if counseling fails, forms of coercion are sometimes employed. Another violent ‘solution’ was the detention of migrants until their fingerprints healed, as documented by Amnesty International .
Another issue related to the collection of data on migrants is highlighted by Stefania Milan, professor of new media and digital culture at the University of Amsterdam and chief researcher of DATAACTIVE project. During the Covid-19 crisis, migrants tended not to show up at hospitals, thus becoming invisible to society and the healthcare system. If they were infected, some of them did not test or seek help, thus not appearing in the official tally of cases. These elements have led to the emergence of racist narratives about how people of African descent “are immune to the virus”. When quantification becomes increasingly important, data and numbers become the central part of stories. The pandemic has highlighted the importance of data power issues and power imbalances in data production. But the problem is also the poverty of data, which leads to a condition of invisibility for vulnerable people.
Alternative forms of consent
The GDPR defines vulnerable persons as those who are not legally competent to give consent to the use of personal data, but it only explicitly refers to children. However, he introduced the idea that vulnerable people may also be those who could suffer adverse consequences if their personal data were to become public. According to Gianclaudio Malgieri, professor of law and technology at EDHEC Business School in Lille, there are two types of vulnerabilities: the first is related to data processing and concerns people who are illiterate or have limited cognitive abilities. The second is vulnerability to the effects of data processing, which may consist of discrimination, manipulation, stigmatization or limitations of fundamental freedoms. Vulnerability is an ambiguous concept with a high risk of stigmatization, because if people are already part of a minority or in a disadvantaged position, defining them as ‘vulnerable’ leads to even more stigmatization.
In general, vulnerable people usually have a stronger need to give their data (to hospitals, reception centers, etc.), but at the same time the risk of manipulation or discrimination is higher for them. If the vulnerabilities involve data illiteracy or restricted freedom to say “no,” the solution is to move away from traditional forms of consent. The consent of incapacitated persons can be obtained in unconventional ways, for example by calling on a psychologist or a mediator (even if, as we have seen, this can sometimes be a form of coercion), but also by asking in different ways. no time, or not just in writing. Another solution is to avoid consent as the legal basis in the first place and choose legitimate or public interest as the legal basis. However, this requires a concrete balancing of interests with the data subject.
Another creative solution proposed by the EDPS (European Data Protection Supervisor) in 2019 is to ensure that people’s real expectations of privacy are known, so consent simply becomes a guarantee to understand their point of view. seen. This only applies to vulnerable subjects in understanding data collection processes, but not to those vulnerable to the effects of data processing (discrimination, manipulation, control, etc.), such as migrants. In the latter cases, consent is essential.
According to the studies and the Milan project, vulnerable people are also those whose work would potentially expose them to threats of all kinds (militants, for example) or those who might not be vulnerable today but might become so the future. The aim of his ‘DATAACTIVE’ project is to treat them as ‘qualified learners’ – people who know a lot about given practices – rather than as ‘sources of data’. A change in the relationship to sources can help solve the problem of power imbalances.