Recognition of Privacy in UN Human Rights Mechanisms
[Photo By Ludovic Courtès - Own work, CC BY-SA 3.0]
Last update: 14 December 2022
What is the problem and why it is important
Until the early '10s, the right to privacy had been sidelined and largely unaddressed within the UN human rights monitoring mechanisms, despite being upheld as a fundamental human right in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights (ICCPR).
Beyond the ICCPR General Comment No.16: Article 17 (Right to Privacy) in 1988 and the 2010 report of the UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, the right to privacy was hardly referenced within the UN human rights mechanisms. This lack of attention changed in 2013, due to the Snowden revelations, which created significant political momentum to address the practices of mass surveillance facilitated by modern communications technologies.
Privacy International (PI) and its international network of partners, as well as other civil society organisations, used the opportunity created by the opening of this debate to push for safeguards on the right to privacy and accountability for states and (increasingly) companies which are failing to comply with their human rights obligations and responsibilities.
As technology advances, there is an urgent need for UN human rights mechanisms to continue responding and incorporating current developments to ensure that existing human rights standards' authoritative interpretations reflect and address them. We need to ensure that a human rights approach is always followed when implementing technological developments.
What we did and what we achieved
To address the lack of attention towards the protection, promotion and respect of the right to privacy, since 2013, Privacy International has been engaging in various UN human rights monitoring mechanisms as a means of integrating references and recommendations on the right to privacy, including data protection, within these processes.
As a first step, we needed to address the lack of a dedicated mechanism to protect the right to privacy within the UN Human Rights Council. Privacy International led the civil society’s campaign for the creation of a UN Special Rapporteur on the Right to Privacy in the digital age. The campaign was successful and the Human Rights Council created this mandate in March 2015 (and renewed it in 2018.)
Second, we aimed at maintaining political support for the promotion of the right to privacy and building consensus about the limits that existing human rights law impose on state surveillance. We campaigned for an incremental build up of resolutions to address the current concerns about the right to privacy in the digital age. These resolutions, adopted almost annually by the UN General Assembly and the UN Human Rights Council, represent the international community consensus on the protection of the right to privacy. They contain significant recommendations on an expanding arrays of issues from state surveillance, to the use of biometrics technologies and artificial intelligence and they increasingly address the role of companies.
For example, the October 2021 resolution of the UN Human Rights Council builds on the language of previous UN resolutions and is informed by subsequent developments. In particular, it:
- recognises that metadata can reveal information as sensitive as content data;
- recognises that the use of artificial intelligence can pose serious risks to the right to privacy, in particular when employed for identification, tracking, profiling, facial recognition, behavioural prediction or the scoring of individuals;
- recommends states to ensure that facial recognition technologies by public and private actors do not enable arbitrary or unlawful surveillance, including of those exercising their right to freedom of peaceful assembly; and
- calls on states not to limit access to encryption technologies and anonymity tools.
Third, we provided, very often together with our partners, the Universal Periodic Review (UPR) mechanism and the UN Human Rights Committee with country reports documenting our concerns on the laws and practices surrounding state surveillance, protection of personal data, exploitation and vulnerability of data by governments and companies, as well as the impact of identification measures on specific groups, such as transgender people or people on the move. We followed up on our written submissions with briefings of UN experts and diplomats in Geneva to discuss country specific concerns. Since 2013, we have been providing submissions on countries such as Argentina, Australia, Austria, Belgium, Colombia, Denmark, Estonia, France, India, Italy, Hungary, Kenya, Kazakhstan, Macedonia, Morocco, New Zealand, Pakistan, Paraguay, Philippines, Poland, Rwanda, South Africa, Sweden, Tanzania, Thailand, Tunisia, Turkey, United Kingdom, Uzbekistan, Venezuela, and Zimbabwe.
These submissions contributed to the creation of a significant body of findings and recommendations by the UN, highlighting when states fell short of their human rights obligations.
For example, the Human Rights Committee:
- raised concerns about Colombia’s Police Code definition of "public areas in a very broad sense that includes the electromagnetic spectrum, and by the fact that all the information and data gathered in public areas are considered to be in the public domain and to be freely accessible"
- called on Italy to “review the regime regulating […] hacking of digital devices […] with a view to ensuring (a) that such activities conform with its obligations under article 17 including with the principles of legality, proportionality and necessity, (b) that robust independent oversight systems over surveillance, interception and hacking, including by providing for judicial involvement in the authorization of such measures in all cases and affording persons affected with effective remedies in cases of abuse, including, where possible, an ex post notification that they were subject to measures of surveillance or hacking”.
- confirmed that intelligence sharing must be regulated by law in full conformity with human rights and, in reviewing Pakistan’s compliance with article 17 of the ICCPR, the Committee expressed concerns about the provision in the 2016 Prevention of Electronic Crimes Act, which allows “the sharing of information and cooperation with foreign governments without judicial authorization or oversight”.
- expressed concern about the wide scope of the data retention in South Africa and recommend the state to revoke or limit “the requirement for mandatory retention of data by third parties.”
- called the UK (and other countries) to ensure that “any interference with the right to privacy complies with the principles of legality, proportionality and necessity, regardless of the nationality or location of the individuals whose communications are under direct surveillance”.
[All the above can be found in PI's guide to international law and surveillance.]
Fourth, PI developed tools to promote civil society's engagement with UN human rights mechanisms on the right to privacy. In 2016, we published a guide for civil society organisations on how to submit concerns about the right to privacy at the UN. In January 2022, we published the third edition of PI's guide to international law and surveillance, which provides a compendium of recent jurisprudence and recommendations by international and regional bodies and experts. The Guide isn’t just aimed at lawyers. It aspires to be a handy reference tool for anyone engaging in campaigning, advocacy, and scholarly research, on these issues.
Fifth, PI is increasingly engaging with other thematic-focused human rights bodies and experts, including the UN Special Rapporteur on extreme poverty and human rights, the UN Special Rapporteur on contemporary forms of racism, racial discrimination, xenophobia and related intolerance, and the UN Working Group on the use of mercenaries. PI is bringing expertise by presenting submissions to relevant calls and by organising joint events.
What we learned
Thanks to the work of civil society organisations and UN human rights experts over the last few years, the right to privacy will likely remain a key focus of UN human rights bodies.
However, UN human rights mechanisms have to continue monitoring developments, develop comprehensive recommendations and guidelines on the right to privacy to put pressure on all actors (governments and companies in particular) to take necessary steps to comply with their obligations and responsibilities.
New technologies keep advancing in an unprecedented pace. The laws and practices of states and companies keep evolving, challenging the respect and protection of the right to privacy and other human rights. While we welcome the important steps taken within UN human rights mechanisms, we remain worried that they are on occasion slow in responding to ongoing developments and on many occasions our concerns remain unheard. As a key example, the UN Human Rights Committee General Comment 16 on the right to privacy is 30 years old.
Further, parts of the UN have yet failed to reflect on the human rights challenges posed by the “digital age”. In the context of combating terrorism for example, the UN counter-terrorism mechanisms, including the UN Security Council, promote the widespread use of technologies such as biometrics, which are at odds with human rights, as interpreted by the UN Human Rights Committee and other expert bodies.
What are we going to do
As technology continue to develop and carry significant risks for privacy, autonomy and the exercise of human rights in general, there needs to be more guidance to be provided by the human rights mechanisms in order to better fulfill their mandates of monitoring compliance with human rights obligations, respond to abuses and provide remedies to victims.
Moving forward, Privacy International will continue to strategically engage with these mechanisms to ensure that current failures of states, companies and other actors to respect, uphold, and protect the right to privacy are known and documented.