Privacy in the Age of Permanent Exceptions

As the post–World War II order begins to fray, there seems to be a plethora of apocalyptic visions, predicting dramatic ruptures about the future of the world. We are told to prepare for collapse, for war, for permanent instability. And perhaps what is most unsettling is that this uncertainty no longer feels temporary. It feels structural.

A global pandemic barely ends when a full-scale war erupts in Europe. Cyber threats, terrorism, climate emergencies, and the constant invocation of national security blur into one another. Each crisis arrives with urgency and moral weight. Each demands immediate action. And almost every time, the same thing happens in the digital sphere: more data is collected, surveillance powers expand, and privacy norms are quietly loosened — just for now, we are told.

The problem is not that governments act when people are in danger. In many cases, they have little choice. But the harder question is what happens next. Or more precisely: what happens when there is no clear moment that feels like “after.”

Measures that were introduced as temporary rarely disappear once the emergency fades. In practice, they almost never do. They turn into systems, routines, and eventually expectations. Over time, the exception stops feeling exceptional at all.

This concern is not new. Political theorists have warned about it for decades. Carl Schmitt described the state of exception as a moment when normal legal limits are suspended in the name of necessity. That suspension, however troubling, was meant to be temporary and expected to return to ordinary law once the crisis is over. What feels different today is that this return never comes.

In the digital age, the exception does not simply interrupt governance; it reshapes it. Crisis-driven data practices slide into everyday administration, often without anyone being able to point to the exact moment when the shift occurred. The question is no longer how to protect privacy during emergencies. It is how to prevent emergencies from quietly redefining what privacy is allowed to mean in the first place.

COVID and the Normalization of Urgency

The COVID-19 pandemic made this dynamic impossible to ignore. Governments and technology companies rolled out contact-tracing systems, expanded data sharing, and relied heavily on location and proximity data to manage public health risks. Much of this was acceptable and often genuinely intended as temporary and proportionate. Lives were at stake and speed mattered.

Measures that were introduced as temporary rarely disappear once the emergency fades.

But COVID did more than introduce new tools. It changed habits. Under pressure, data was collected first, and rules were negotiated later. Even where privacy safeguards were built into these systems, the broader context, the emergency procurement, the fast-track decision-making, and the limited oversight made rollback difficult. Once the infrastructure was created, it was no longer just a technical question to dismantle it. In some cases, it was framed as politically risky, even irresponsible.

What remained after the pandemic was not a single app or database. It was something more subtle and more dangerous - a precedent. Large-scale data extraction could now be framed as care, responsibility, and even solidarity. Once societies adjusted to higher levels of visibility, the old baseline of privacy did not simply reappear. It withdrew, quietly, without much public debate.

This pattern was not confined to one country. Across Western democracies, pandemic-era data powers expanded state access to health, mobility, and behavioral information. Legal safeguards often remained on paper. But COVID showed how easily exceptional measures could slide into ordinary governance. In this sense, the permanent exception is not regional. It is structural.

Security, Preparedness, and the Absence of an Endpoint

If public health emergencies make surveillance feel protective, national security emergencies make it feel inevitable. Since the early 2000s, threats have increasingly been framed not as isolated events, but as permanent conditions: terrorism, cyberwarfare, foreign interference, hybrid conflict. When danger is described this way, emergency measures rarely come with clear end dates.

The United Kingdom offers a telling illustration. Over time, expansive interception powers, long-term data retention, and the growing use of biometric tools such as live facial recognition have slipped into day-to-day legal and policing practice. Most people encounter these measures only indirectly, if at all. They are debated, regulated, and formally overseen, yet they rarely strike us as something extraordinary. Taken together, they show how permanent preparedness expands the state’s visibility into everyday life not through a single dramatic shift, but through steady, almost unremarkable accumulation.

What makes this form of exception so durable is precisely this lack of closure. Privacy rights are not openly abolished. They are postponed until the threat wanes. But when the threat is defined as continuous, postponement quietly turns into permanence.

War as Accelerator

War intensifies these dynamics further. Contemporary conflicts function as testing grounds for advanced surveillance capacities, from AI-assisted intelligence analysis to biometric identification and large-scale data integration under the banner of counter-terrorism.

Ukraine offers a particularly clear illustration, not as a political accusation, but as a structural case. Civilian digital infrastructure such as the Diia platform, originally designed to deliver public services, was rapidly adapted to wartime needs: identity verification, aid distribution, citizen reporting. These adaptations were necessity-driven responses to existential threats. Few would seriously question their legitimacy in that context.

The concern lies elsewhere. History suggests that tools developed under extreme pressure rarely remain confined to the moment that produced them. Once absorbed into state capacity, they tend to remain available for law enforcement, political monitoring, or broader forms of social governance, long after the original justification faded. Ukraine is not unique in this respect. It simply makes the trajectory visible in compressed time.

Why the Exception Stays

The transformation of temporary surveillance into permanent infrastructure is not accidental. It follows a familiar pattern.

Institutional inertia plays a central role. Once agencies acquire new data capabilities, they become embedded in budgets, workflows, and performance expectations. Arguments of necessity gradually give way to arguments of efficiency and efficiency is remarkably difficult to challenge.

Technology itself reinforces this dynamic. Systems built for crisis response are almost always dual-use. A platform designed to trace infections can be redirected to monitor protests. Tools developed for military intelligence can migrate into civilian policing. The architecture remains in place, waiting for the next justification.

And finally, there is public fatigue. Continuous crisis wears societies down. Each emergency lowers resistance. Privacy is rarely lost in a single dramatic moment. It erodes through a series of small, reasonable concessions, each framed as temporary, each harder to reverse than the last. Eventually, the exceptional no longer feels alarming. It starts to feel normal.

What This Leaves Us With

Privacy is not a technical preference or a bureaucratic detail. It is the space that allows people to live without constant anticipation of judgment and to organize without permanent visibility, to exist without being endlessly legible to power.

In the age of permanent emergencies, privacy is no longer something that is openly taken away. It is something we are asked to postpone indefinitely.

If every emergency is treated as exceptional, accountability never fully returns. When emergency becomes governance, freedom becomes conditional. The challenge of our time is not to manage crises more efficiently, but to ensure that crisis itself does not become the organizing principle of digital life.