Foreign Surveillance and Human Rights, Part 5: The Substance of an Extraterritorial Right to Privacy

Written by

This post is part of a series: Intro, Part 1, Part 2, Part 3, Part 4.

Between Utopia and Apology, Universality and Effectiveness

My previous posts have all dealt with the threshold question of whether individuals subject to surveillance overseas should be entitled to human rights in the first place. This post will deal with the substance of the right to privacy in this context, if the right is found to apply. Though my main focus has been on the threshold question of extraterritorial application, and though that question is conceptually distinct from the substantive content of any given right, there is a direct connection as a matter of policy between the inquiries on jurisdiction and on the merits. The more difficult, complex or politically controversial the merits question of whether the substantive right has been violated, the greater the temptation to say that the right simply does not apply. Courts in particular frequently resort to dismissing cases in limine even while furtively casting an eye on the merits, in order to avoid grappling with the merits openly. One cannot really reduce arbitrariness in resolving threshold questions without looking at what the consequences of doing so would be down the line.

I have argued in that regard that the case law on the extraterritorial application of human rights treaties, particularly that of the European Court, straddles a Koskenniemian divide between universality and effectiveness. On one hand we want to follow the moral logic of universality and protect human beings no matter where they are located; on the other we see the enormous practical and political difficulties of doing so. An expansive approach to extraterritoriality can thus be criticized as utopian, as presenting a normative vision which has nothing to do with the real world, whereas a restrictive approach can be dismissed as pure apology for unbridled, arbitrary and limitless exercise of state power which we would never accept domestically.

A persuasive argument regarding the threshold of extraterritorial application hence must also look at the substance and attempt to strike a better balance between universality and effectiveness. It must provide states and courts with sufficient flexibility in the extraterritorial context and not impose unrealistic burdens and restrictions with which they could never comply. Resistance to extraterritorial application flows in large part from the fact that most human rights case law was built in times of normalcy, and the fear that applying this case law to external situations would be rigid and inflexible. However, most human rights, including privacy, analytically employ balancing tests that can be used less strictly if this is justified by the circumstances. (Compare this, for example, with the rigidity of the US Fourth Amendment warrant requirement for searches and seizures, which even in the domestic context leads to narrow interpretations of what is a search or seizure).

But even though the human rights framework can and should be applied more flexibly in the external context, it must not be applied so flexibly that it ceases to have any impact or compromises the integrity of the whole regime. Not only would there be no point in applying human rights extraterritorially if they brought nothing new to the table, but watering them down too much would only serve to enhance the apology critique. Finally, we must produce rules that are reasonably clear and predictable, which is what I have tried to do with my third model of jurisdiction.

What This Means in Practice

I thus think that Ben Wittes is absolutely right when he argues that those advocating for an extraterritorial right to privacy need to explain what ‘such a global right of privacy [would] look like and how [it would] interact with the espionage activities of, say, every country in the world that does foreign espionage.’ But this does not mean that the privacy advocates have to come up with a complete extraterritorial privacy blueprint, replete with ready-made, fully-fledged solutions for every concievable problem.

Rather, just as in the domestic context, the fleshing out of an extraterritorial right to privacy will happen in an iterative process. Even domestically this process is not restricted to litigation, but also includes dialogue between the executive and the legislative branch, and within each branch, under public scrutiny. Internationally this process involves an even greater multiplicity of actors, from governments and international organizations to human rights bodies, NGOs, academics and activists.

In other words, developing a right to privacy externally is fundamentally no different from developing it internally, except that the latter project has had a significant head-start. In doing so, the normative starting point should be the same. The same factors that we consider relevant internally would be relevant externally, be it the type of data being collected, the purpose the data will be used for, the type and quality of oversight mechanisms, and the clarity and predictability of the legal framework. But while the starting point would be the same, the end result need not be if the differences between the internal and external settings so warrant.

For instance, restricting the use of surveillance internally more than externally can be justified by the state having alternative tools at its disposal in the domestic context to achieve the same ends. Similarly, although she would like anyone be entitled to respect for her right to privacy, this does not mean that Angela Merkel could not be lawfully spied upon. This is so not because she would in the eyes of the interfering state be a foreign citizen, or because her privacy would intrinsically be less valued, but because she is the head of a foreign government and the countervailing state interest in knowing what she is up to would be that much stronger when compared to an ordinary person. Yet should would still be entitled to some protection – one could not for instance violate the most intimate areas of her individual autonomy, e.g. by collecting data about her sex life with the purpose of blackmailing her.

In developing an external right to privacy we would draw upon domestic experiences and the already rich case law of national and international courts and human rights bodies, be it the judgments of the German Constitutional Court on dragnets or the European Court’s decisions on DNA databases. The European Court has already dealt with several mass surveillance cases (in a generally rather deferential way), upholding the surveillance programs in some cases, and requiring improvements in others. The intelligence world did not come crashing down.

Opinions will obviously differ on the specifics. Some will naturally incline towards more protection for privacy both internally and externally, as e.g. UN Special Rapporteur Frank La Rue in an excellent recent report, while others will favour the pursuit of national security interests. But my general point is I think hard to dispute: some rights, some oversight, some accountability, are better than having no rights, no oversight, and no accountability.

Print Friendly, PDF & Email

Leave a Comment

Comments for this post are closed

Comments

Jordan says

November 29, 2013

And so?

Christopher Kuner says

November 29, 2013

A few quick comments on the series of five posts on the extraterritorial right to privacy:
--We all owe Marko a huge debt for these insightful posts, which illuminate many difficult issues. These posts make an important contribution to the effort to develop a theoretical framework for extraterritorial application of the right to privacy.
--This is obviously a blog dealing with public international law, and it is natural that the posts deal mainly with issues involving the relation between States (i.e., intelligence surveillance). However, there are many other legal issues involving the extraterritorial application of privacy rights that have nothing to do with action by the State, and that pose policy and legal issues that are at least as complex as those involving things like bugging the phone of the German chancellor. For example, if an individual in the EU (where data protection is a fundamental right) seeks out a web site in the US, should EU data protection rights also apply to the individual’s interaction with the web site? These types of issues arise very commonly and are just as deserving of our scholarly attention.
--There is a large body of material in data protection law stretching back over decades dealing with the extraterritorial application of data protection that those of you in the public international law community should take into account when dealing with these issues. I have discussed a number of them in my recent book for OUP on regulation of transborder data flows.
--There is an important distinction between the right to data protection and the right to privacy, which are closely related by not identical; for example, I think of the processing of metadata as an area where the right to data protection is implicated more than the right to privacy. Analysis of extraterritorial application needs to distinguish between these two rights.
--Finally, while those of us in the data protection community can learn a lot from those of you who are scholars of public international law, I like to think that we also have something to bring to the discussion as well. I look forward to continuing the discussion!