Privacy International's submission to the UN report on the application of the UNGPs to tech companies

Privacy International submitted its input to the forthcoming report by the UN High Commissioner for Human Rights (HCHR) on the practical application of the UN Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, to be presented at the 50th session of the Human Rights Council in June 2022.

Our submissions address the systemic lack of transparency and accountability of the technology industry, in particular in its relationships with governments and authorities. We recommend concrete measures to ensure human rights standards are applied and upheld in the activities of technology companies, and when their products and services are used by governments for surveillance and public decision-making.

Key advocacy points

In summary, PI recommends the HCHR report:

  • highlights the systemic lack of accountability of this industry, national authorities’ slow or non-existent enforcement of privacy laws against its exploitative practices, and its relations with governments
  • reasserts the need for states to implement strong safeguards against abuses of surveillance technology;
  • asserts the need for transparency over the use of data analytics in public sector decision-making, and calls for strict safeguards around their use;
  • calls for public authorities to conduct individual human rights risk and impact assessments (HRIAs) as well as data protection impact assessments (DPIAs) during any surveillance technology procurement process, in addition to companies conducting Human Rights Due Diligence (HRDD) on any prospective state client’s end-use of their technology;
  • asserts that public authorities should not systematically use surveillance and data processing systems deployed for private purposes and/or data derived from these systems;
  • reasserts the obligation to consider legality, necessity and proportionality every time a technology is proposed for use by public authorities;
  • asserts the need for tech companies to provide transparency over their technologies and to make their algorithms auditable, and for states to mandate such transparency when these technologies are used to deliver public functions;
  • recommends that a use policy is developed to govern a public authority’s use of a particular technology;
  • reasserts that contracts between public authorities and tech companies must point to redress mechanisms for complaints handling and enforcement of sanctions for abuses or violations of human rights;
  • asserts the need for courts to always remain accessible despite the existence of independent regulators;
  • reaffirms that outsourcing of surveillance powers to private companies does not absolve states of their human rights obligations.