The right to privacy and the United Nations
The right to privacy had previously been side-lined and largely unaddressed within the UN human rights monitoring mechanisms, despite being upheld as a fundamental human right in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights (ICCPR). Beyond the ICCPR General Comment No.16: Article 17 (Right to Privacy) in 1988 and the 2010 report of the UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, the right to privacy was hardly referenced within the UN human rights mechanisms. This lack of attention changed in 2013, due to the Snowden revelations, which created significant political momentum to address the practices of mass surveillance facilitated by modern communications technologies.
Privacy International and its International Network of partners, as well as other civil society organisations, used the opportunity created by the opening of this debate to push for safeguards on the right to privacy and accountability for states and (increasingly) companies which are failing to comply with their human rights obligations and responsibilities.
What we did
To address the lack of attention towards the protection, promotion and respect of the right to privacy, since 2013, Privacy International has been engaging in various UN human rights monitoring mechanisms as a means of integrating references and recommendations on the right to privacy within these processes.Firstly, we needed to address the lack of a dedicated mechanism to protect the right to privacy within the UN Human Rights Council. Privacy International led the civil society’s campaign for the creation of a UN Special Rapporteur on the Right to Privacy in the digital age. The campaign was successful and the Human Rights Council created this mandate in March 2015 (and renewed it in 2018.)
Secondly, we aimed at maintaining political support for the promotion of the right to privacy and building consensus about the limits that existing human rights law impose on state surveillance. We campaign for an incremental build up of resolutions to address the current concerns about the right to privacy in the digital age. These resolutions adopted almost annually by the General Assembly and the Human Rights Council, represent the international community consensus on the right to privacy. They contain significant recommendations on states and they increasingly address the role of companies.
For example, the March 2017 resolution of the UN Human Rights Council builds on the language of previous UN resolutions:
- Recognising that metadata can reveal information as sensitive as content data;
- Expressing concerns about the human rights consequences of data mining and profiling;
- Recommending states to address the “harm from the sale or multiple resale or other corporate sharing of personal data";
- Calling on states not to limit access to encryption technologies and anonymity tools.
Thirdly, we provided, very often together with our partners, the Universal Periodic Review (UPR) mechanism and the UN Human Rights Committee with country reports documenting our concerns on the laws and practices surrounding state surveillance, protection of personal data, exploitation and vulnerability of data by governments and companies. We followed up on our written submissions with briefings of UN experts and diplomats when they met in Geneva to discuss country of concerns.Since 2013, we provided submissions to the UPR and the Human Rights Committee on the following countries: Argentina, Australia, Austria, Belgium, Colombia, Denmark, Estonia, France, India, Italy, Hungary, Kenya, Kazakhstan, Macedonia, Morocco, New Zealand, Pakistan, Paraguay, Poland, Rwanda, South Africa, Sweden, Tanzania, Thailand, Tunisia, Turkey, United Kingdom, Uzbekistan, Venezuela, and Zimbabwe.
For example, the Human Rights Committee:
- raised concerns about Colombia’s “broad definition of what is public space, which includes the electromagnetic spectrum, and that all information and data collected in public spaces are subjected to public and free access by the Police.”
- called on Italy to “review the regime regulating […] hacking of digital devices […] with a view to ensuring (a) that such activities conform with its obligations under article 17 including with the principles of legality, proportionality and necessity, (b) that robust independent oversight systems over surveillance, interception and hacking, including by providing for judicial involvement in the authorization of such measures in all cases and affording persons affected with effective remedies in cases of abuse, including, where possible, an ex post notification that they were subject to measures of surveillance or hacking”.
- confirmed that intelligence sharing must be regulated by law in full conformity with human rights and, in reviewing Pakistan’s compliance with article 17 of the International Covenant on Civil and Political Rights, the Committee expressed concerns about the provision in the 2016 Prevention of Electronic Crimes Act, which allows “the sharing of information and cooperation with foreign governments without judicial authorization or oversight”.
- expressed concern about the wide scope of the data retention in South Africa and recommend the state to revoke or limit “the requirement for mandatory retention of data by third parties.”
- called the UK (and other countries) to ensure that “any interference with the right to privacy complies with the principles of legality, proportionality and necessity, regardless of the nationality or location of the individuals whose communications are under direct surveillance”.
Fourthly, PI developed tools to promote engagement with UN human rights mechanisms on the right to privacy. In 2016 we published a guide for civil society organisations on how to submit concerns about the right to privacy at the UN. In 2017 we produced an international guide to international law and surveillance, which provides a compendium of recent jurisprudence and recommendations by international and regional bodies and experts.
What we learned
Thanks to the work of civil society organisations and UN human rights experts over the last few years, the right to privacy will remain a key focus of UN human rights bodies. However, UN human rights mechanisms have yet to develop comprehensive recommendations and guidelines on the right to privacy. As key examples, the Human Rights Committee general comment on Article 17 is 30 years old, the Special rapporteur on the right to privacy has yet to come up with concrete, detailed recommendations.
There is an urgent need for these authoritative interpretation of existing human rights law as the gap between the recommendations of human rights bodies and the laws and practices of states is growing. This is particularly so in the context of the spate of new surveillance legislation which seek to legitimise mass surveillance despite being declared unlawful by human rights bodies.
While we welcome the important steps taken within UN reporting mechanisms, we remain concerned that on many occasions our concerns remain unheard. Moving forward, Privacy International will continue to strategically engage with the diverse opportunities offered by these mechanisms to ensure that current failures of these countries to protect, uphold and respect the right to privacy are known and documented.
Further, other parts of the UN have yet failed to reflect on the human rights challenges posed by the “digital age”. In the context of combating terrorism for example, the UN Security Council adopted a resolution that seems to advocate for surveillance measures which are at odds with human rights, as interpreted by the Human Rights Committee and other expert bodies.