magnify
Home Human Rights Archive for category "Right To Privacy/Family Life"

How to Bridge the Gap? Corporate and Government Surveillance Examined at the UN

Published on December 7, 2016        Author: 

On 21 November, the UN General Assembly Third Committee adopted the draft resolution on the right to privacy in the digital age. This came at the same time the UK passed a law (the Investigatory Powers Act) which codified what are arguably the most extreme surveillance powers in the history of any western democracy.

This is the third time the UN General Assembly has adopted a resolution on the topic, and as it did in 2014, the UN has called on all states to review their surveillance legislation, policies, and practices “with a view to upholding the right to privacy by ensuring the full and effective implementation of all their obligations under international human rights law”.

This comes at a time in which governments around the world are adopting laws that give wider surveillance powers to state security agencies, beyond what is permitted under existing human rights law. Just to name a few, Privacy International had documented this trend in a range of countries, including in China, Colombia, France, Kenya, the Netherlands, Pakistan, Poland, Switzerland, and the United Kingdom.

So, which part of effective implementation of human rights law do governments need explained? Read the rest of this entry…

Print Friendly
 
Tags:

12 Years an Asylum Seeker: Failure of States to Deal With Asylum Applications May Breach Applicants’ Right to Respect for Their Private Life

Published on October 26, 2016        Author: 

In its ground-breaking B.A.C. c. Grèce judgment of October 13 2016, the European Court of Human Rights found that Greece violated the right of an asylum seeker to respect for his private life under Article 8 ECHR due to the failure of the Greek authorities to effectively deal with his asylum application. Whilst the facts of the case are outright extraordinary, the overall significance of the case cannot be downplayed. For the first time, the Court accepted that Article 8 ECHR may be breached due to a State’s inactivity in respect of an asylum application.

The applicant, a Turkish national, had been arrested by the Turkish authorities, and after being charged with an offence against the constitutional order on account of his pro-communist and pro-Kurdish convictions, was placed in solitary confinement. Following a 171-days long hunger strike, he was set free. On 15 January 2002, having entered Greece, he applied for asylum, yet the application was dismissed. The applicant brought an appeal against this decision. According to the law in force at the time, decisions upon appeal were made by the Minister for Public Order within a period of 90 days, following an advisory opinion by a ‘Consultative Asylum Committee’. Indeed, the Committee issued an opinion favorable to the applicant on 29 January 2003.

From this date and for a period of 12 years (up until the application before the Court), the Greek state refrained from reaching any decision on the asylum application. The applicant spent these 12 years in Greece as an asylum seeker denied – in accordance with domestic law – the right to vocational education, to obtain a driver’s license, to open a bank account. The Greek authorities, including the Greek police, nonetheless, did not fail to attest on several occasions that the application was pending, thus renewing his asylum applicant’s identification card. In the meantime, the Turkish authorities sought to extradite the applicant to Turkey. Following a legal battle before the Greek courts the extradition request was defeated. One should also add that the applicant’s wife joined him in Greece in 2003 for a period of 9 years, during which a child was born unto the couple. Still, the applicant was deprived of the right to family reunification, and the situation of the couple was only regularised – somewhat – following the issuance of a temporary work permit to the applicant’s wife in 2008. Eventually, she decided to return to Istanbul and the couple divorced. Read the rest of this entry…

Print Friendly
 

UN Human Rights Committee Finds that Ireland’s Abortion Ban Violates the ICCPR

Published on June 13, 2016        Author: 

Last week the UN Human Rights Committee delivered an important decision in Mellet v. Ireland, finding that, as applied to the claimant, the Irish ban on abortion violated several articles of the ICCPR. This was because the ban extended even to pregnancies, like the claimant’s, where the foetus was diagnosed with a fatal abnormality, so that it would either die in utero or shortly after delivery. The claimant was thus forced by Irish law to choose between carrying the baby to term, knowing that it would inevitably die in her womb or immediately after birth, or having to travel to the UK to get an abortion. The claimant chose the latter option, at great personal expense and with a lot of pain and indignity along the way, including having the ashes of her baby unexpectedly delivered to her by courier a few weeks after the abortion.

The Committee was unanimous on the bottom line of the case, which is that the abortion ban, as applied to the claimant, constituted cruel, inhuman or degrading treatment in violation of Article 7 of the Covenant, as well as a violation of her right to privacy under Article 17 of the Covenant. While the reasoning of the Committee is at times laconic (as is unfortunately the norm with its views), the basic idea behind the decision was essentially that even if the claimant’s rights were subject to an implicit or explicit balancing exercise, in light of the fact that her unborn child would inevitably die there was nothing to balance with the intrusions into her own interests. In other words, Irish law forced her to endure significant suffering for no real purpose, since the unborn child would die anyway.

The Committee’s views in this case are thus confined to its specific circumstances; it has not created a right to abortion on demand or asked Ireland to liberalize access to abortion fully, but to (at the very least) create an exception to its ban that would accommodate women in the claimant’s situation. The main problem here is that the Irish abortion ban stems from a constitutional provision, which was interpreted by the Irish Supreme Court as only allowing for an exception if there is real risk to the life, but not to the health, of the mother. Ireland can thus comply with the Committee’s recommendation only if the Supreme Court revisits the issue and carves out another exception, or if the Constitution itself is amended, which requires a popular referendum. In other words, this is one of those rare cases where domestic constitutional provisions as authoritatively interpreted by domestic courts are themselves violative of international human rights law; this does not change anything as a matter of international law, but clearly it creates specific political challenges for compliance (cf. the Sejdic and Finci judgment of the Strasbourg Court). See more on this point in this post by Fiona de Londras on the Human Rights in Ireland blog; this post by Mairead Enright has more analysis of the Committee’s decision.

Read the rest of this entry…

Print Friendly
 

ECHR Jurisdiction and Mass Surveillance: Scrutinising the UK Investigatory Power Tribunal’s Recent Ruling

Published on June 9, 2016        Author: 

Last week, as discussed in a post by Marko Milanovic, the UK Investigatory Powers Tribunal (IPT) ruled that it lacked jurisdiction under the European Convention of Human Rights (ECHR) to adjudicate Article 8 and 10 claims brought by persons “situated outside” of the UK (para. 60). The IPT is a specialised judicial body that hears complaints about surveillance by public bodies, including British security and intelligence agencies. IPT decisions are not subject to direct appeal in the UK. We are therefore likely to see this ruling quickly challenged before the European Court of Human Rights (ECtHR).

Background

The backdrop to this litigation is convoluted. I sketch out the context in this post as I believe it will enrich discussion of the jurisdictional issues which are at the heart of this dispute. In 2013, following the Snowden disclosures, Privacy International, together with nine other NGOs, filed a case before the IPT challenging two aspects of the UK’s surveillance regime. First, the claimants challenged UK access to the communications of persons located within the UK collected by the US National Security Agency (NSA) under PRISM and Upstream. Under PRISM, the NSA collected data from US companies including Yahoo and Google. Under Upstream, the NSA intercepted data in bulk from hundreds of undersea fibre optic cables. Second, the claimants challenged Tempora, the British counterpart to Upstream, under which the Government Communications Headquarters (GCHQ) intercepted data in bulk from over 200 cables landing in the UK.

In February 2015, the IPT found that US-UK intelligence sharing – pursuant to PRISM and Upstream – was unlawful prior to 5 December 2014 because the legal framework governing it was hidden from the public (according to the IPT, that framework was sufficiently disclosed over the course of the proceedings so as to render the sharing of intelligence legal from that point forward). Read the rest of this entry…

Print Friendly
 

UK Investigatory Powers Tribunal Rules that Non-UK Residents Have No Right to Privacy under the ECHR

Published on May 18, 2016        Author: 

In another major development on the surveillance/privacy front, on Tuesday the UK specialized surveillance court, the Investigatory Powers Tribunal, ruled that persons not present within the United Kingdom are not within the jurisdiction of the UK in the sense of Article 1 of the European Convention on Human Rights, and accordingly do not have any of the rights under that Convention (para. 49 et seq). In other words, a person in say France or the United States subjected to surveillance by GCHQ does not have an ECHR right to privacy vis-a-vis the UK, which accordingly has no Convention claim to answer. This is I think the first time that a British court has expressly dealt with extraterritoriality in the surveillance context. The IPT’s reasoning essentially rests on a Bankovic analogy – if you are in say Serbia and the UK drops a bomb on you, the Strasbourg Court has said that you don’t have the right to life. How could you then have the right to privacy if all the UK did was to simply read your email while you were in Serbia?

I have extensively argued elsewhere why that analogy is wrong (as is Bankovic itself), so I won’t belabour that point further (see here and here). It was entirely predictable that the IPT would adopt this restrictive position, which is perfectly plausible under Strasbourg case law (even if fundamentally mistaken). The IPT was correct in ruling, however, that distinctions as to the Convention’s applicability can’t really be made on the basis of whether the person is present is some other Council of Europe state, or is outside the ECHR’s espace juridique altogether. Anyway, the issue of the Convention’s extraterritorial applicability to mass electronic surveillance abroad is one for Strasbourg to decide and (hopefully) fix, and it will have the opportunity to do so in these cases and others. What the Court will do is of course anyone’s guess, because its decision will inevitable have ripple effects on other scenarios, such as extraterritorial uses of lethal force, e.g. drone strikes.

I have also argued, however, that there is particular scenario in which the applicability of the Convention becomes more attractive (or less dangerous as a matter of policy) – when the surveillance actually takes place within the surveilling state’s territory, even if the affected individual is outside it. Imagine, for example, if the UK police searched my flat in Nottingham while I was visiting family in Serbia – surely I would have Article 8 rights, even though I would not be on UK territory when the search took place. Why then should I not have these rights if an email I send while I am in Serbia is routed through my university server in Nottingham and intercepted by GCHQ there? In both cases the intrusion into privacy happens on the UK’s territory, even if I am outside it. In fact, in its judgment the IPT briefly addresses this scenario, if all too briefly and less than convincingly, although I’m not sure that the point was extensively argued.

In any case, the main paragraphs on the jurisdiction issue are below the fold. The judgment also deals with the very important question of standing/victim status, finding that all but six of the 600+ claimants lacked locus standi even under a very low threshold of showing that they are ‘potentially at risk’ from surveillance measures (applying the European Court’s recent Zakharov judgment, para. 171).

Read the rest of this entry…

Print Friendly
 

Silencing the Canary: the lawfulness of the U.K. Investigatory Powers Bill’s secrecy provisions under the ECHR

Published on May 17, 2016        Author: 

Following the Snowden revelations in 2013 concerning the complicity of the tech industry in widespread electronic government surveillance in the U.S., tech companies have individually and collectively become increasingly active as advocates of privacy and free speech rights, culminating in legal challenges to government electronic surveillance.

Since the dropping by the U.S. Department of Justice (DOJ) of its much publicised writ against Apple, which sought to compel Apple to hack the security key code system of the Apple iPhone 5, the battle between tech companies and the DOJ over privacy and encryption in the U.S. has taken another turn.  In April, Microsoft filed a suit in the District Court of Seattle against the DOJ challenging the ‘secrecy order’ provisions (a range of anti-tipping off and gagging powers) under the Electronic Communications Privacy Act (ECPA).

With the Investigatory Powers Bill (IPB), which contains similar secrecy requirements, currently being debated before the U.K. Parliament, the U.S. case provides fair warning of possible human rights challenges tech companies may bring against the U.K. government. This post will consider the implications of the Bill’s secrecy provisions in light of the rights of tech companies under the European Convention on Human Rights (ECHR).

The Microsoft – DOJ claim                                                 

In short, the ECPA allows a U.S. government agency to apply to the Court for a warrant requiring Microsoft, or any other internet company, to hand over their customers’ private data. In addition, an order can be made by the court preventing the company from publicising the fact that they have been required to disclose the data. Read the rest of this entry…

Print Friendly
 
 Share on Facebook Share on Twitter
Comments Off on Silencing the Canary: the lawfulness of the U.K. Investigatory Powers Bill’s secrecy provisions under the ECHR

First Report of the UN Special Rapporteur on the Right to Privacy to the Human Rights Council

Published on March 18, 2016        Author: 

In March 2015, the United Nations Human Rights Council created a new special procedure on the right to privacy, appointing its first Special Rapporteur on the topic, Professor Joseph Cannataci, in July 2015. Last week, the Special Rapporteur presented the Human Rights Council with his first report and engaged in an interactive dialogue with the Council. He also provided an outline of the main features of his report at a side event at the Council organised by Austria, Brazil, Germany, Liechtenstein, Mexico, Norway, Switzerland and the Geneva Academy of International Humanitarian Law and Human Rights with former US Ambassador to the Human Rights Council, Eileen Donahoe as the chair and myself, Carly Nyst and Faiza Patel as panellists (report forthcoming). As a first report, the Special Rapporteur acknowledges that it is still very much ‘preliminary’ (para. 3). At the same time, he provides a detailed outline of the themes he proposes to focus on during his mandate. In this blog, I reflect on the scope of the mandate, the choice of themes and suggest ways in which the Special Rapporteur might develop some of the themes during his mandate.

The Scope of the Mandate

  1. Privacy and Personality across cultures
  2. Corporate on-line business models and personal data use
  3. Security, surveillance, proportionality and cyberpeace
  4. Open data and Big Data analytics: the impact on privacy
  5. Genetics and privacy
  6. Privacy, dignity and reputation
  7. Biometrics and privacy

The number and range of themes identified is ambitious. However, in my view, the Special Rapporteur’s selection strikes a good balance between continuing to prioritise the risks to the right to privacy posed by security and surveillance and taking a wider view of the impact of big data and new technologies on human rights outside of the security context which has not received adequate attention to date. Read the rest of this entry…

Print Friendly
 
Tags:
 Share on Facebook Share on Twitter
Comments Off on First Report of the UN Special Rapporteur on the Right to Privacy to the Human Rights Council

Blockbuster Strasbourg Judgment on Surveillance in Russia

Published on December 7, 2015        Author: 

Last Friday a unanimous Grand Chamber of the European Court delivered a hugely important judgment in Roman Zakharov v. Russia, no. 47143/06, in which it found serious and systematic faults with the Russian legislative framework regulating the surveillance of mobile communications. This is set to be a leading Strasbourg authority on assessing the compliance of surveillance measures with human rights law, a topic we’ve already extensively discussed on the blog. This judgment important for a number of reasons.

First, because a unanimous Grand Chamber reaffirmed much of relatively older or Chamber-based case law, and applied the principles it identified robustly. This provides an important indication that the Court remains acutely aware of the dangers surveillance programs possibly pose to democratic societies, and that it will also scrutinize such programs robustly in the cases shortly coming before it, e.g. against the United Kingdom. I must say that I was particularly struck by how the Russian judge in the Court, Judge Dedov, concluded his concurring opinion with a quote from Edward Snowden – with the added irony of Snowden still continuing his sojourn in Russia, the very country whose regulatory system of surveillance the Court exposed as so sorely inadequate.

Read the rest of this entry…

Print Friendly
 
Tags:

Embedding Human Rights in Internet Governance

In Resolution 56/183 (2001), the UN General Assembly welcomed the creation of an inter-governmental World Summit on the Information Society (‘WSIS’) to address the digital revolution and the increasing digital divide between the global North and South. During the Summit’s two phases (Geneva, 2003 and Tunis, 2005) a common desire and commitment to build a people-centred, inclusive and development-orientated Information Societyemerged. A key objective was therefore to harness the power of information and communications technology (ICT) to secure the realisation of the Millennium Development Goals (MDGs).

A decade on, and against the backdrop of the recent transition from the MDGs to the Sustainable Development Goals (SDGs), a review of the implementation of the WSIS outcomes is underway. Delegations met last week for the Second Preparatory Meeting of the UN General Assembly’s Overall Review of the Implementation of the Outcomes of the WSIS (‘WSIS+10 Review’). The aim of this meeting was to engage member States and other stakeholders to reach a consensus on critical issues, such as the goals of Internet governance, the relationship between WSIS and development and how to address human rights related to ICT. Oral statements and written submissions served as the basis for developing the current Zero Draft into a Second Draft. The WSIS+10 Review will culminate in a High-Level Meeting on 15-16 December, at which an Outcome Document will be adopted.

Treatment of human rights in the Zero Draft is inadequate. A sub-section on human rights is included within Internet governance and there are other brief references scattered throughout the Draft. However, human rights are not presented as a foundational principle of Internet governance, but are rather narrowly confined to issues of freedom of expression and the right to privacy. In this post and in our response to the Zero Draft as part of an ESRC Funded Large Grant on Human Rights and Information Technology in an Era of Big Data, we argue ]for a more systematic approach to human rights in this process, in order to reflect the full scope of the human rights issues raised by the use of ICT and big data.

Opportunities and Challenges Presented by the Use of ICT and Big Data

Technology has the potential to produce an impact on all aspects of society. The use of ICT is becoming essential to the conduct of government operations, to business, and to individuals’ day-to-day lives. ICT and human rights have become inextricably intertwined, and this is set to continue in line with progress towards the Information Society. This interconnectivity means that ICT has concrete human rights implications, which can be both positive and negative. Significantly, however, the full extent of ICT’s human rights implications are not yet known.

The transformative potential of ICT and big data for the protection and promotion of human rights is becoming increasingly apparent. For example, digital platforms have facilitated local and global dialogue between human rights defenders, minorities and other democratic voices, giving rise to the phrase ‘liberation technology’. Analytics and the use of big data can assist in the identification of otherwise invisible forms of vulnerability and discrimination. This information can be utilised to target interventions and to facilitate efficient resource allocation and can therefore be employed to facilitate the achievement of the SDGs. For example, in relation to ‘good health and well-being’ (Goal 3), the adoption of e-health and m-health (where health services are delivered electronically or via mobile devices) can lead to cost-effective access to health care. Equally, the analysis of data drawn from a significant number of electronic health records (big data-based analytics) can be used to identify appropriate treatments and facilitate early intervention, reducing future health care costs. Technological assistance in the identification of vulnerability and discrimination also facilitates ‘reduced inequalities’ (Goal 10), and can assist in tackling the ‘digital divide’.

However, the inappropriate use of ICT and big data has the potential to interfere with the enjoyment of human rights and thereby undermine the opportunities for realising human rights and attaining the SDGs. Read the rest of this entry…

Print Friendly
 
 Share on Facebook Share on Twitter
Comments Off on Embedding Human Rights in Internet Governance

The Growing Importance of Data Protection in Public International Law

Globalization and borderless electronic communication has brought huge benefits to individuals. At the same time, the increased exploitation of personal data by the private sector and reported intelligence gathering of personal data via the Internet have caused widespread international concern. The recent appointment by the UN Human Rights Council of a Special Rapporteur on the right to privacy in the summer of 2015, and the adoption on 18 December 2013 by the UN General Assembly of a resolution on “the right to privacy in the digital age”, demonstrate the growing international interest in data protection rights.

There is a growing need for legal rules protecting the processing of personally-identifiable data, known as data protection, to be anchored more firmly in public international law. The increasing number of regulatory conflicts caused by differing national and regional conceptions of data protection, as illustrated by the judgment of 6 October 2015 of the Court of Justice of the European Union in Maximillian Schrems, should be a wake-up call to the international community in this regard.

Indeed, data protection at the international level remains fragmented and weak, creating risks for individuals and problems for international organizations (such as UN entities and international humanitarian organizations), many of which process large amounts of personal data. Read the rest of this entry…

Print Friendly