The much awaited report of the Office of the United Nations High Commissioner for Human Rights on the right to privacy in the digital age was released last week. Hopefully, this will finally put an end to the arguments that privacy only becomes a concern at the point of use. As the report states:
Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association.
And, when it comes to the issue of mandatory data retention, the starting point is that it “appears neither necessary nor proportionate”. (So, while not ruling out the possibility that, in some circumstances, a data retention law may be both necessary and proportionate, the report makes it clear that OHCHR is not convinced that this is indeed the case with existing surveillance programs.)
The report goes on to emphasize that interference with individuals’ rights is only permitted under international law if it is neither arbitrary nor unlawful. This requires at a minimum:
- legality (sufficiently accessible, clear, precise, safeguards);
- necessary for a legitimate objective;
- “some chance of” achieving the objective; and
- proportionate and the least intrusive means.
Furthermore, the essence of individuals’ rights must not be rendered meaningless.
Moreover, these principles apply regardless of the nationality or location of the individuals subject to surveillance. Significantly,
Mass or “bulk” surveillance programmes may … be deemed to be arbitrary, even if they serve a legitimate aim and have been adopted on the basis of an accessible legal regime
if they are, for example, not necessary or proportionate.
The principles and conclusions outlined in the report should come as no surprise as they are inherent in international law and obligations. However, what recent events have demonstrated is that that concepts such as “necessary”, “proportionate” and “reasonable” used to determine whether an exemption or lower level of protection is justified need to be revisited. Further, the standard that the international community should apply is not one of strict legality, but rather what is legitimate, just and fair.
The Internet Society will be following the progress of this report closely as it is presented to the United Nations Human Rights Council at its 27th session and to the General Assembly at its 69th session.
You can download the Internet Society’s submission to the OHCHR consultation for this report at: http://www.internetsociety.org/wp-content/uploads/2021/01/ISOC-OHCHR-submission-2014.pdf