APC welcomes UNGA resolution calling for effective measures to protect right to privacy in the digital age in the face of increasing challenges
, November 2016
The Association for Progressive Communications (APC) welcomes the UN General Assembly’s adoption of the resolution on the right to privacy in the digital age* and expresses appreciation for the leadership by Brazil and Germany. This year’s resolution, the third such UNGA resolution on this topic, was adopted by consensus with over 60 co-sponsors. It adds substantive language on the role of the private sector, which, as the resolution notes, poses a risk to the enjoyment of the right to privacy in the digital age because of its increasing capabilities to collect, process and use personal data.
The resolution addresses both the role of the state and companies themselves. It calls on states to put in place (or maintain) effective sanctions and remedies to prevent the private sector from committing violations and abuses of the right to privacy. This is in line with states’ obligations under the UN Guiding Principles on Business and Human Rights, which require states to protect against abuses by businesses within their territories or jurisdictions. The resolution specifically calls on states to refrain from requiring companies to take steps that interfere with the right to privacy in an arbitrary or unlawful way, which is an important development given the disturbing trend of governments proposing legislation that would require companies to create backdoors, putting the privacy and security of all users at risk. Another disturbing trend that the resolution addresses is the sale or multiple re-sales of personal data, which often happens without the individuals’ free, explicit and informed consent. Use of personal data for purposes other than those for which it was intended can lead to serious abuse and manipulation, impacts on the autonomy and dignity of people, and results in increasing risks for people facing discrimination and vulnerability.
The resolution also calls on states to consider appropriate measures that would enable companies to be more transparent about requests by authorities for access to private user data and information. APC is deeply concerned that states, through both legislative and extralegal measures, are requiring companies to violate and abuse the right to privacy (as well as other human rights), and we underscore that the state’s role is to not only promote and protect rights themselves, but to create an enabling environment where human rights violations by businesses are not tolerated. Transparency from companies on what types of requests they are receiving from the authorities is an important step forward.
With respect to companies, we are pleased that the resolution recalls the responsibility of the private sector to respect human rights, in line with the UN Guiding Principles on Business and Human Rights, and specifically calls on them to inform users about company policies that may impact their right to privacy. The resolution could have gone further to call on companies to provide access to remedy for individuals whose right to privacy has been violated.
The resolution recognises that while all individuals may experience violations and abuses of the right to privacy, women, as well as children and others who are vulnerable and marginalised, are particularly affected by such violations and abuses. It calls on all states to further develop or maintain preventive measures and remedies for such violations and abuses, including those who are particularly affected. It is encouraging that the resolution recognises the gender dimension of this issue. Threats to privacy and the disclosure of personal information, such as the malicious disclosure or distribution of private sexual content through information and communications technologies (ICTs) without consent, can particularly subject women of diverse sexualities and gender identities to significant threats, including violence, harassment, intimidation and silencing both in the offline and online contexts. We hope that this resolution will result in concrete action to recognise, promote and protect women’s right to privacy which takes into consideration existing gender disparity and discrimination and facilitates the realisation of their human rights.
APC sees as a very positive development towards the realisation of economic, social and cultural rights that the resolution links privacy and digital technology to the ability to participate in political, economic, social and cultural life.
Though an intergovernmental process, we are very pleased to see the resolution embracing a multistakeholder approach to addressing challenges to the right to privacy. It recognises that “effectively addressing the challenges relating to the right to privacy in the context of modern communications technology requires an ongoing, concerted multi-stakeholder engagement,” and points to the Internet Governance Forum (IGF) as one important venue for such engagement. Moreover, it encourages informal dialogues around the right to privacy, welcoming the contribution of the Special Rapporteur on the right to privacy to this process.
Looking forward, APC supports the resolution’s suggestion that the Human Rights Council (HRC) consider holding an expert workshop as a contribution to a future report of the UN High Commissioner on Human Rights on this matter. The 2014 workshop held by Office of the High Commissioner for Human Rights (OHCHR) was extremely valuable for advancing the UN’s work around the challenges to the right to privacy in light of technological developments. We encourage the HRC to draw on the expertise of civil society and other stakeholders for such a workshop, which we would like to see lay the groundwork for the eventual updating of General Comment 16 of the Human Rights Committee in light of the challenges to the right to privacy presented by technological developments.
We urge states, the private sector and all other stakeholders to draw on this resolution as guidance for systematically ensuring the full promotion, protection and respect of the right to privacy online and offline.
*NOTE: The resolution was adopted today, 21st November 2016 at the UN General Assembly’s Social, Humanitarian & Cultural Committee (Third Committee). It is expected to be adopted by the plenary of the UN General Assembly in December 2016. Preambular paragraph 28 of the resolution was orally amended to read “Recalling that business enterprises have a responsibility to respect human rights, applicable laws, international principles and standards“.