Many of us watched Facebook CEO Mark Zuckerberg testify before the U.S. Congress about the Cambridge Analytica data misuse that affected approximately 87 million Facebook users. It looks like the scandal — and the continued global discussion about the implications of unchecked, opaque corporate data harvesting — could be a watershed moment for privacy advocacy. People are beginning to understand that this kind of non-consensual data collection and exploitation harms our rights and our societies, and that we have to work together to stop it.
But this vital and important conversation about privacy has to go beyond Zuckerberg, Facebook, or even what happens in the corporate sector. While lawmakers call for hearings to take private companies to task, they are often also creating laws and regulations that harm privacy. They justify overbroad, warrantless government surveillance and hacking, authorize excessive data collection and retention, and undermine important privacy-protecting tools like encryption — all under the banner of fighting terrorism or crime, or ensuring cybersecurity.
The United Nations Office of the High Commissioner for Human Rights (OHCHR) is a forum for holding governments to account, and participating in its processes is a way to help bridge the gap between rhetoric and rights. So when the OHCHR called for submissions to its report on “the right to privacy in the digital age” — a direct outcome of U.N. General Assembly resolution 71/199 and Human Rights Council resolution 34/7 — Access Now answered the call. We took part in an expert meeting in Geneva in February, and gathered information to provide input on principles, standards, and best practices for the protection of privacy rights worldwide.
Our submission details developments that weaken and violate individuals’ data privacy, and broadly threaten trust in institutions and systems crucial to financial, social, and political governance. We drew upon the findings from our recent gendered surveillance event at the German Mission to the United Nations in New York, data from our Digital Security Helpline and Grants program, and our policy publications, such as our guidance on government hacking and data protection.
We cover a broad range of issues in our submission. Following are eight key recommendations that may be especially relevant in the policy debates sparked by the Cambridge Analytica scandal and beyond:
- The United Nations and states should protect the right to privacy, a universal and enforceable human right
- Every government should develop a binding framework to ensure the right to data protection, alongside protection and promotion of the right to privacy
- Government mass surveillance should be banned for its unnecessary and disproportionate restriction of a range of human rights
- Surveillance tools, including software and equipment, should not be provided to governments that are likely to use them to undermine human rights defenders like activists and journalists
- Governments should not seek to undermine encryption, for instance through backdoors or weakened standards
- In the use of data-driven technology and biometrics, public and private sector entities should abide by the principles of security, data protection, and privacy by design, and strive at all times for data minimization
- Regulators should put in force frameworks ensuring data protection, privacy, and transparency obligations for security firms and data brokers, who are often unregulated
- Individuals should be afforded legal remedies for measures that impact their right to privacy, including unlawful or arbitrary state surveillance
While consultations at the United Nations can seem disconnected from urgent national and local debate, we are grateful to the core group of states supporting privacy in the digital age at the Human Rights Council and General Assembly for continuing to press for stronger norms and interpretation of the international human rights instruments. Many civil society organizations answered this call for consultation, and we urge others to join the fight at all levels. We expect to see this report by the September session of the Council. Next fall, we hope that Germany, Brazil, and other core group states propose a new General Assembly resolution on privacy, and we will also offer our expertise.
You can read our full submission here.