Safeguards for Public-Private Surveillance Partnerships

Through our investigative work and the work of our partners around the world, PI has identified a number of issues common to public-private partnerships that involve surveillance technology and/or the mass processing of data. To address these issues, we have defined corresponding safeguards that we recommend for implementation by public authorities and companies who intend to enter into such partnerships.

As states around the world seek to expand their surveillance capabilities and harness the power of data to deliver public services, they are often tempted to use the services of private technology companies – through public-private partnerships (‘PPPs’). The fight against COVID-19, and associated urgency to find answers and solutions, has only increased the perceived need for states to use ‘innovative’ technologies and big data analytics systems developed by companies. But these PPPs are taking on a new form, diverging from traditional public procurement relationships. We observe much more co-dependency between the parties, whereby the state may be developing new systems or processes entirely reliant on the services of one company, and the company may be receiving access to data or other information for use in developing its own services. Beyond a simple “one-off” commercial relationship, these partnerships are often built over courting, promises of attaining perfect truth, and ever more private access to data – often circumventing public procurement rules and impeding on fundamental rights in the process.

The privatisation of public responsibilities can be deeply problematic if deployed without the safeguards required to ensure human rights are not quietly abused. This is particularly true when the systems deployed are used for surveillance and mass processing of personal data. Private companies have been known to play with the limits of what can legally and ethically be done with individuals’ identities and data, without the same level of accountability required of public authorities – a significant affront to fundamental rights when used to deliver a public service.

Through our investigative work and the work of our partners around the world, PI has identified a number of issues common to PPPs that involve surveillance technology and/or the mass processing of data. To address these issues, we have defined corresponding safeguards that we recommend for implementation by public authorities and companies who intend to enter into such partnerships. Classified between principles of Transparency, Adequate Procurement, Accountability, Legality, Necessity & Proportionality, Oversight and Redress, together they seek to uphold human rights and restore trust in the state’s public functions as these increasingly get outsourced to private hands. The safeguards intend to be jurisdiction-blind, so that they can apply as widely as possible across the globe. They are a living document, which we update regularly with new examples of abuse from across the world and of successful advocacy against surveillance partnerships.   

The United Nations Guiding Principles on Business and Human Rights (the ‘UN Guiding Principles’), unanimously endorsed by states through the UN General Assembly in 2011, provide a clear mandate for states and companies alike to step up measures to respect, protect and fulfil human rights and fundamental freedoms, and to extend their responsibilities in this regard, including in the technology industry. The following safeguards outline what PI believes to be a reasonable framework of protections to enforce these responsibilities, and ensure that PPPs do not result in human rights abuses. PI hopes that this outline can help civil society and communities advocate for such a scheme when faced with ubiquitous deployments of technology.

Click through the various sections below to see the safeguards, issues they seek to address, and examples of abuse.

Download a fuller PDF version of the safeguards.

Public-private partnerships and the technologies they deploy are often very opaque, with states and companies withholding excessive information. But transparency is essential to enable scrutiny of the exercise of a state's powers, and is a precondition to any challenge of authority and assertion of
States ought to adhere to certain formal processes for procuring and assessing the services of private companies for delivery of public duties. Through such processes, both the state and the company ought to perform due diligence on each other to ensure they comply with their respective human rights
Accountability requires (1) defining the responsibilities of each party in a partnership - identifying obligations, duties and standards, and (2) designing mechanisms enabling third parties to scrutinise and challenge its consequences.
The use of a private technology or system to deliver public functions must be legal, necessary to achieve a defined goal, and proportionate (any adverse impact on citizens' rights and freedoms must be justified). Any partnership must be able to show that legality, necessity and proportionality
A public-private partnership and the technologies it deploys must be subject to continued independent oversight, to ensure they remain circumscribed to their stated purpose, to detect abuses or resulting harm, and to require redress.
Parties affected by a public-private partnership's technology must have avenues for redress. Redress mechanisms must assign responsibility between the state and the company involved in a partnership, and provide both non-judicial and judicial avenues to raise and resolve adverse human rights impacts