The Council today adopted by consensus the resolution on privacy in the digital age, which includes the creation of a new special procedure. Bearing in mind the wide scope of the right to privacy, this SR is sure to be a mega-mandate. The resolution is available here; Privacy International press release here.
As the 28th ordinary session draws to a close this week, the UN Human Rights Council is expected to consider a proposal to create a new UN Special Rapporteur on the right to privacy. The draft resolution, spearheaded by Brazil and Germany and supported by a broad group of states, is the latest of a series of initiatives to bring the right to privacy firmly within the UN human rights agenda.
If established, the Special Rapporteur would provide much-needed leadership and guidance on developing an understanding of the scope and content on the right to privacy, as well as strengthening the monitoring of states and companies’ compliance with their responsibility to respect and protect the right to privacy in their laws, policies and practices. In the last two years, the UN General Assembly, the UN High Commissioner for Human Rights and existing special procedure mandate holders have all recognized the pressing need to provide continuous, systematic and authoritative guidance on the scope and content of the right to privacy, particularly in light of the challenges of modern communications.
Cross-posted on Lawfare.
Following up on my post from last week on the report of the Intelligence and Security Committee (ISC) of the UK Parliament, which inter alia recommended that British law for the first time introduce distinctions between citizens and non-citizens for the purpose of regulating electronic surveillance, I’d like to briefly comment on another relevant development. Amnesty International last week also published the results of a major public opinion poll conducted in 13 countries, in which 15,000 respondents were surveyed on a number of questions regarding surveillance. The upshot of the poll is that there is strong opposition to US mass surveillance programs in all of the countries surveyed, and this is also how Amnesty chose to present the results (Amnesty’s press release is available here; the full results are available here; an analytical piece by Chris Chambers, one of the researchers on the project, is available in The Guardian).
What I found most interesting about the poll are the responses regarding the question whether the permissibility of surveillance should depend on the citizenship of the target. As Chris Chambers explains:
Are people more tolerant of the government monitoring foreign nationals than its own citizens?
Yes. In all surveyed countries, more people were in favour of their government monitoring foreign nationals (45%) than citizens (26%). In some countries the rate of agreement for monitoring foreign nationals was more than double that of citizens. For instance, in Canada only 23% believed their government should monitor citizens compared with 48% for foreign nationals. In the US, 20% believed their government should monitor citizens compared with 50% for foreign nationals. These results suggest the presence of a social ingroup bias: surveillance is more acceptable when applied to “them” but not to “us”.
In every country, people were more tolerant of surveillance directed toward foreign nationals than toward citizens. Illustration: Chris Chambers
We can also look at this ingroup bias in a different way – by specifically counting the number of people who disagreed with government surveillance of citizens while at the same time agreeing with surveillance of foreign nationals. In most countries, fewer than 1 in 4 people showed such a bias, with Sweden showing the least favouritism toward citizens (approximately 1 in 9). However, the US stands apart as having the highest ingroup bias – nearly 1 in 3 US respondents believed their government should monitor foreign nationals while leaving citizens alone.
The US stood out as particularly prone to ingroup bias: favouring surveillance of foreign nationals over citizens. Illustration: Chris Chambers
Cross-posted on Lawfare.
Last week the Intelligence and Security Committee (ISC) of the UK Parliament published its much-anticipated report entitled ‘Privacy and Security: A modern and transparent legal framework.’ The Report followed an extended inquiry into UK agencies’ surveillance practices prompted by the Snowden revelations; while it concludes that the agencies have generally acted within the prescribed legal limits, it also calls for a total overhaul of the UK legislation governing electronic surveillance, which it finds to be fragmented, overly complex and confusing. For helpful overviews of the Report’s main conclusions and recommendations, see Shaheed Fatima and Ruchi Parekh on Just Security, and James Ball in The Guardian.
The ISC’s exoneration of GCHQ et al. was hardly surprising – libertarians and privacy activists have derided its members as having long gone native and being nothing more than a bunch of apologists for the intelligence agencies whom they are supposed to oversee. Liberty’s ShamiChakrabarti thus commented that ‘the ISC has repeatedly shown itself as a simple mouthpiece for the spooks – so clueless and ineffective that it’s only thanks to Edward Snowden that it had the slightest clue of the agencies’ antics,’ while The Guardian’s editorial page a tad more delicately called it the ‘watchdog that rarely barks,’ the ‘slumbering scrutineer’ and a body that ‘searches out nothing.’ So there.
Whatever the intentions behind the Report, and despite the (at times comical) level of redactions in its public version, it is still a useful document. At a minimum, it provides a reasonably clear analytical overview of the legal framework currently regulating the surveillance activities of the British intelligence agencies, as well as the relevant procedures, and provides a helpful comparison point for those looking at the same set of problems in a different system, for instance in the United States or Germany. In this post I will comment critically on some aspects of the Report that I think are especially interesting and deserving of further consideration.
Readers may recall that a couple of years ago I wrote about the story of Stephen Gough, aka the Naked Rambler, a man who has been repeatedly incarcerated in British prisons since 2006 for his refusal to wear any clothing in public. Indeed, he has spent most of that time in solitary confinement, since he could not join the rest of the prison population while refusing to wear clothes. Gough’s behaviour is due to a strongly and sincerely held belief that there is nothing shameful about the naked human body. And while Gough certainly has been obstinate (and has for some unfathomable reason sacrificed his family and other relationships for the sake of this cause), he is not crazy – indeed, his psychiatric evaluations have been stellar.
This case is so interesting precisely because it juxtaposes the expressive interests of a single individual against the preferences of the vast majority of ordinary people, who disapprove of public nudity, and because of the way that the machinery of the state is used to enforce a societal nudity taboo. Indeed, Gough’s case now rambled all the way to Strasbourg. This week, a unanimous Chamber of the European Court of Human Rights rejected Gough’s claims that his freedom of expression and right to private life were violated by his convictions in the UK (app. no. 49327/11).
Last Friday I had the privilege of moderating the panel discussion on the right to privacy in the digital age at the 27th regular session of the Human Rights Council. The video of the panel discussion is available here, and a press release summarizing some of the statements here. OHCHR will be producing a more detailed report on the discussion in due course.
It was a very interesting event, which benefited from four great panelists – Catalina Botero, the special rapporteur on the freedom of expression in the Inter-American system; Sarah Cleveland, professor at Columbia Law School; Yves Nissim, deputy chief of corporate social responsibility at Orange Telecom; and Carly Nyst, legal director of Privacy International. The discussion was lively and interactive, and also benefited from many comments from the floor by states and various NGOs. (Incidentally Dapo will also be moderating a HRC panel discussion next week on drones and counter-terrorism, also with an excellent cast of participants).
There was broad endorsement, from states as well as from the panelists, of the High Commissioner’s important report on the right to privacy in the digital age, with some disagreement on specific issues. The comments from the floor were quite varied in terms of topic, but two big themes were the application of the ICCPR to extraterritorial surveillance (on which see more here), and the quantity and quality of oversight and accountability mechanisms. The panelists and NGOs also called for the establishment of a new special rapporteur on the right to privacy.
The right to privacy in the digital age and the High Commissioner’s report will next be considered by the UN General Assembly at its forthcoming session next month.
In a number of recent cases, French courts refused to give effect to US court decisions that recognized French intending parents as legal parents of children born through surrogacy agreements and to inscribe the foreign filiation into the French civil status registry. In the decisions in Mennesson v. France and Labassee v. France, the European Court of Human Rights (ECtHR) ruled that those refusals violated children’s right to private and family life, protected by article 8 of the European Convention on Human Rights. It dismissed claims based on the breach of parent’s right to private and family life and on violations of article 14 (non-discrimination), article 6-1 (right to a fair trial) and article 12 (right to marry).
This is the first time the ECtHR has considered the question of transnational surrogacy. The decisions tackle some of the vexing issues related to the regulation of the booming global surrogacy market. These issues include ethical and political concerns related to the commodification of the body. Also in question are the definitions of citizenship and parenthood in a context in which the differences between domestic regimes illustrate a variety of cultural and political understandings of filiation and parenthood. This post focuses on the latter set of issues and the legal uncertainties they create.
Readers will recall that in its resolution on the right to privacy in the digital age the UN General Assembly had requested the Office of the High Commissioner for Human Rights to prepare a report for the next GA session on the various issues raised by mass electronic surveillance and the human right to privacy (see here for our previous coverage). An advance edited version of that report (A/HRC/27/37) is now available here. The report is rich, thoughtful and very much pro-privacy in the surveillance context, albeit not in a blind, fundamentalist way. It reaffirms that the right to privacy, as set out in Article 17 ICCPR or Article 8 ECHR, provides a framework within which the legality of surveillance measures needs to be assessed. While it acknowledges the legitimate governmental interests that surveillance may serve, it finds the existing institutional and legal arrangements in many states wanting and in need of further study and reform. Here are some of the highlights:
– It is important to consider linkages with other possible human rights violations, e.g. the collection of intelligence through surveillance that is later used for an unlawful targeted killing (para. 14).
– Interferences with the privacy of electronic communication cannot be justified by reference to some supposedly voluntary surrender of privacy on the Internet by individual users (para. 18).
– Collection of communications metadata can be just as bad in terms of privacy interference as the collection of the content of the communication (para. 19).
– Because of the chilling effect of surveillance: ‘The very existence of a mass surveillance programme thus creates an interference with privacy.’ (para. 20).
In its judgment published on 13 May in the case C-131/12 Google Spain v AEPD and Mario Costeja Gonzalez, the Court of Justice of the European Union (CJEU), Grand Chamber, recognized a “right to be forgotten” with regard to Internet search engine results. Unfortunately, the judgment has important international implications that the Court did not sufficiently consider. In this post, I will put aside the issues of EU data protection law that the judgment raises, and focus instead on its implications for the rights of individuals to use the Internet as a global communications medium. It is important to note that application of the judgment extends beyond particular search engine providers to include any “provider of content which consists in finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily and, finally, making it available to internet users according to a particular order of preference” (paragraph 21), which could include Internet archives, social media, news crawler services, and many other types of online services.
The plaintiff in the case complained to the Spanish Data Protection Agency (DPA) against a Spanish newspaper and Google, stating that a Google search brought up a link to the newspaper containing irrelevant information about him, and requesting that the newspaper be required to remove or alter the pages and that Google be required to remove the data from the search results. The DPA found against Google, which then appealed to the Spanish Audiencia Nacional (National High Court). The Spanish court referred the case to the CJEU. On June 25, 2013, Advocate-General Jääskinen recommended that the Court find that it had jurisdiction over Google; that in its role as a search engine provider, Google was a data processor rather than a controller; and that the EU Data Protection Directive 95/46 does not contain a right to be forgotten that could entitle the plaintiff to have his data deleted from search engine results.
In its judgment, the Court differed in several important points from the Advocate-General’s opinion, and reached the following conclusions:
–Google’s branches in the EU are subject to the national data protection law of the EU member states where they are located, since they are “inextricably linked” to the activities of the Google headquarters in the US by virtue of Google Spain selling advertising space on the search engine provided by Google Inc, even if the actual processing is carried out in the US (paragraphs 42-60).
–Search engines are “data controllers” and as such are independently responsible for the personal data they retrieve, store, and display from websites (paragraphs 21-41).
–Under the Directive, there exists a limited right to have search engines delete material from search results (i.e., a “right to be forgotten”), regardless of whether the material indexed was posted legally or whether it is accurate (paragraphs 62-99). Read the rest of this entry…
The Office of the High Commissioner for Human Rights is now conducting a consultation for the purpose of preparing the High Commissioner’s report pursuant to the UN General Assembly’s resolution on privacy in the digital age. Some of the major privacy/human rights NGOs have now made their submissions public: here is the paper submitted jointly by Privacy International, Access, Electronic Frontier Foundation, Article 19, Association for Progressive Communications, Human Rights Watch, and the World Wide Web Foundation; and here is the submission by the Center for Democracy and Technology. The NGOs argue, inter alia, that Article 17 ICCPR applies to (extraterritorial) surveillance activities and that the bulk collection of communications data is inherently disproportionate.
UPDATE: All of the submissions are now available on the OHCHR website.
Quoting verbatim from the GA’s resolution, the Human Rights Council has also decided to convene a panel on the right to privacy in the digital age at its 27th session, to be held in September. The multi-stakeholder panel is to discuss ‘the promotion and protection of the right to privacy in the digital age in the context of domestic and extraterritorial surveillance and/or the interception of digital communications and the collection of personal data, including on a mass scale, also with a view to identifying challenges and best practices, taking into account the report of the United Nations High Commissioner for Human Rights requested by the General Assembly in its resolution 68/167.’
Readers may also recall that a few months ago I did a series of posts on human rights and foreign surveillance. I’ve since written up a more developed and expanded article based on that series, which takes into account developments as of March 2014, including the Koh memos and the concluding observations of the Human Rights Committee on the US fourth periodic report. The article will be published in the Harvard International Law Journal, and the draft is now available on SSRN. Comments are as always welcome; the abstract is below the fold.