Panel Discussion on the right to privacy in the digital age
27th Session of the Human Rights Council
Palais de Nations, Geneva
12 September 2014
Online privacy is no longer taboo, despite of the secrecy surrounding mass surveillance programmes employed by states and corporations. The right to privacy in the digital age was formally put on the UN agenda in 2013, when the General Assembly Resolution 68/167 of 18 December reaffirmed it as a human right, according to which no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence. The panel discussion held this morning in Geneva was called for in the General Assembly Resolution 68/167, which discussed the report submitted by the United Nations High Commissioner for Human Rights (HR) on the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and/or the interception of digital communications and the collection of personal data, including on a mass scale.
The panel was chaired by H.E. Mr Baudelaire Ndong Ella, President of the Human Rights Council and moderated by Mr Marko Milanovic, Associate Professor at Nottingham University. In her introductory remarks, Ms Flavia Pansieri, UN Deputy High Commissioner for Human Rights, pointed out the dual use of technology - for increasing participation in ways that were not possible before, and also for surveillance, triggering the need for the protection and promotion of the right to privacy in online communications. She welcomed the High Commission’s report and commended it on clarifying the meaning of interference to privacy online, the definition of lawful and unlawful interference, extraterritorial jurisdiction, and the category of people for which the protection applies. International law and human rights law safeguard the right to privacy, yet the role of the private sector needs to be examined more carefully in the implementation of legal provisions and with regard to participation in mass surveillance programmes.
The panellists, Ms Catalina Botero, IACHR Special Rapporteur on freedom of expression; Prof. Sarah Cleveland, Columbia Law School; Mr Yves Nissim, Deputy Chief CSR officer at Orange, former Chair of the Telecommunications Industry Dialogue; and Ms Carly Nyst, Legal Director, Privacy International, agreed on the universality of privacy and on the centrality of its protection as impacting our everyday activities, as it is intertwined with other rights, such as freedom of expression, freedom of association, etc. The discussion focused on the context of surveillance, in both domestic and extraterritorial exercise, recalling the principles of necessity and proportionality. The right to privacy applies to both citizens and non-citizens, and under HR law, states have an obligation to protect all citizens within their territory regardless of their citizenship. The panel found the distinction between meta-data and content data obsolete: it dates back to an an era when one could separate between the letter itself and the envelope it came in, which no longer holds for e-mails, Twitter accounts, etc. In many ways, metadata became more important than the content of the communication. In the analogy with sending a physical letter, metadata would mean recording not only the destination of the letter, but also the postbox it is sent from, the time, the weight, in addition to the location of the recipient, the postbox it is delivered to, the time it is picked up, etc. Different courts around the world have recently passed judgements on the collection of meta-data (Canada, South Korea, etc.). While there is substantial protection in place in international law, domestic regulations lag behind.
In the daily operations of companies handling communication data, as explained by the Orange Deputy Chief CSR officer, domestic laws are key, as the activities performed in the country need to abide by this internal legislation. There is a technical request to keep the data for a limited amount of time for ensuring the quality of the service provided to customers, but there are also requests from governments to hand over the data collected and their use might be unlawful and arbitrary. Transparency needs to be improved for both government requests and private sector practices. A set of best practices in domestic laws was welcomed by several participants.
Echoing many of the voices in the room (both states and civil society organisations), the panellists called for the creation of a dedicated mandate/special rapporteur of the Human Rights Council for online privacy. Several organisations (Council of Europe, Association for Progressive Communication, etc.), pointed out that cooperation with the Internet Governance Forum (IGF) would be beneficial for enhancing the protection of the right to privacy online, in particular as the most recent IGF meeting in Istanbul discussed this matter extensively.
The different contributions from stakeholders to the panel discussion can be read here. A summary report on the outcome of the panel discussion will be submitted to the Human Rights Council at its 28th session.