What is the state of online privacy in 2016? What are the key policy issues related to privacy? What are the steps that can be taken within the UN context to help ensure our right to privacy?
These are a few of the many points addressed by Joseph A. Cannataci, the UN Special Rapporteur on the Right to Privacy (SRP), in his first report released on 9 March.
As we mentioned before, in recent years, many governments and NGOs have been pushing for the creation of a dedicated UN Special Rapporteur for privacy in the digital age, in part as a reaction to public disclosures of the existence of certain governmental mass surveillance programs. This new position in the UN Human Rights Council is also a direct follow-up to a UN General Assembly Resolution 69/166 from December 2014 that asked the Council to consider the creation of such a mandate.
According to Mr. Cannataci, his first report is a preliminary foray into the topic. The report covers a wide range of issues that the SRP considers are key, listed in no particular priority order as of yet. In the next few months, he intends to consult further with a wide range of stakeholders and to dive more specifically into the key issues he has identified. This is when the core of the discussion is likely to happen.
Below are a few of the priorities that the SRP lists in his report:
Focus on “what” and “why” privacy (before going to the “how”): One of the key priorities will be to get back to basics and define privacy in a way that reflects universal values and that can translate across cultures. The SRP will also get back to the fundamental question of why privacy should be protected. He considers privacy is not an end in itself, rather an enabler of personality, dignity and self-determination. It is only when these elements are addressed that he will explore any gaps in mechanisms to protect privacy (assuming there is political will to address such gaps).
Taking rights in conjunction rather than in opposition: “privacy and security” instead of “privacy vs. security”: Joint action and discussions are already underway with the Special Rapporteur for Freedom of Expression in order to explore opportunities for joint action about this aspect during 2016-2017.
Security, surveillance: As expected, an important focus of the SRP’s mandate and report relates to the effects of security measures and surveillance practices on privacy. He identifies several examples of legislation that, according to him, “legitimise the use of certain privacy-intrusive measures by security & intelligence services (SIS) and law enforcement agencies (LEAs)”. This should trigger some debate in the next few months.
The importance of technical safeguards: The SRP stresses that the safeguards and remedies available to citizens cannot be purely legal or operational, and that he intends to engage with the technical community “in an effort to promote the development of effective technical safeguards including encryption, overlay software and various other technical solutions where privacy-by-design is genuinely put into practice”. This is important.
“State of the Union“: The current report includes an overview of what the SRP considers as key current privacy issues, including good and bad practices in the field. It focuses particularly on the current IP Bill in the UK, but also mentions the recent adoption of a policy of no encryption-backdoors in the Netherlands, among other cases. An overview of current privacy practices will become an annual exercise of his mandate.
7 key thematic areas identified for his mandate, to be prioritized throughout consultations.
• Privacy and personality across cultures
• Corporate online business models and personal data use
• Security, Surveillance, proportionality and cyberpeace
• Open Data and Big Data analysis: impact on privacy
• Genetics and privacy
• Privacy, dignity and reputation
• Biometrics and privacy
And there is much more, including the need for cross-border remedies and safeguards, reflection on the risks related to the commodification of personal data, up to considerations of “cyberpeace”.
The report covers a wide range of issues and is worth exploring. We can expect that the SRP will be active in the Internet governance space and will want to engage with all stakeholders of the Internet ecosystem, including civil society, the technical community, business and of course governments.
The Internet Society will continue to follow closely this process and to offer a bridge for our community’s input in the Special Rapporteur’s mandate. Please watch our human rights page for more information over the months ahead.
Image credit: Perspecsys Photos CC BY SA