The governments of Brazil, India, and the United Kingdom must act now to protect people’s digital rights against serious threats. From internet shutdowns to limitations on the use of encryption, developments and proposals in these countries will affect the way internet users around the world exercise their rights to privacy and freedom of expression online.
As part of our response to these threats, Access Now has made three submissions to the 27th session of the Universal Periodic Review (UPR) now underway at the United Nations.
The UPR was established in 2006 by the U.N. General Assembly to ensure the “fulfilment by each State of its human rights obligations.” It is a mechanism to review the human rights record of all U.N. member states every four and a half years, and allow U.N. representatives to make recommendations for improvement. The reviews take place through discussions between the state under review and other U.N. member states, but the process must “ensure the participation of all relevant stakeholders, including non-governmental organizations and national human rights institutions.” That is why NGOs like Access Now work within the UPR to highlight risks to human rights, which states take into consideration during the process.
Access Now’s contributions were developed through our systematic monitoring of threats to digital rights in each of the countries under review, and they highlight the continual challenges of protecting the exercise of human rights online. Below we provide a brief overview of the status and our recommendations for each country.
Brazil
Since its last UPR in 2012, Brazil has emerged as an international model for defending digital rights. In 2014, Brazil approved a ground-breaking civil rights framework for the internet (the “Marco Civil da Internet” or “Marco Civil”). Together with Germany, Brazil also had a crucial role in approving the U.N. Resolution 68/167 on the right to privacy in the digital age. As of 2016, however, a number of initiatives in Brazil have sparked serious concern internationally because they threaten to roll back these advances and harm human rights.
Our Brazil UPR submission highlights, among other issues:
- Brazil’s violation of freedom of expression and access to information through several blanket shutdowns of WhatsApp, and its troubling acquisition of technology that could shut off all or parts of mobile internet;
- Lawmakers’ attempts to limit free speech online with bills that introduce mandatory real name policies, an ill-conceived “right to be forgotten,” and dangerous “notice and stay down” mechanisms.
- Threats to privacy due to Brazil’s acquisition and deployment of mass surveillance technologies in the preparation for hosting international mega events such as the 2014 FIFA World Cup and the 2016 Rio Olympic Games, while demonstrating a lack of transparency and observation of human rights principles.
- The lack of balance in Brazil’s domestic legal framework regarding the protection of privacy, including a mandatory data retention rule and the proposal of several bills to expand its scope and weaken the few existing safeguards for access to retained metadata.
The full submission can be found here.
India
In the last few years there have been several positive developments in India regarding protection of digital rights. A recent decision by India’s Supreme Court advanced the protection of freedom of expression online by establishing that authorities can seek content takedowns only via court orders or government demands, on the strict grounds specified in the constitution. India’s telecom authority has also established rules regarding so-called zero-rating programs. This protects Net Neutrality, increasing competition in telecommunications and among internet platforms, and allowing smaller providers to gain a foothold.
Despite these advances, however, India still faces risks of abuse and violation of the rights to privacy and freedom of expression.
Our UPR submission on India highlights issues including:
- Local authorities in several states and municipalities increasingly imposing internet shutdowns, with a total of eight shutdowns so far this year, and more than 32 since 2015.
- India’s approval of a new legislation to expand government access to personal information by adding vague “national security” grounds for surveillance actions, opening the door to misuse of sensitive personal data and undermining existing legal standards.
- The attorney general engaging in a dispute regarding the existence of a fundamental right to privacy before the Supreme Court of India, despite the court’s rulings over the last three decades that uphold a right to privacy as falling under the fundamental right to life and liberty.
The full submission can be found here.
United Kingdom
Despite the U.K.’s obligations and commitments under several international human rights instruments, the country now faces setbacks to protecting privacy and freedom of expression, jeopardizing progress for digital rights and people’s ability to communicate safely online.
Our UPR submission on the United Kingdom raises concerns including:
- Lawmakers’ push for the Investigatory Powers Bill, which would create ambiguity regarding the secretary of state’s power to regulate encryption that could put limits on how people use, develop, or implement it. As the U.N. Special Rapporteur on Freedom of Opinion and Expression has highlighted, encryption protects the confidentiality and integrity of our online communications, creating a zone of privacy in which to exercise freedom of expression without arbitrary interference or attacks.
- The enforcement of a priori data retention requirements on operators by the U.K., despite a decision by the U.K. High Court that the Data Retention and Investigatory Powers Act of 2014 (DRIPA) violates E.U. law. Notably, the Investigatory Powers Bill, if it is passed, would continue to oblige providers to retain user data.
- The U.K.’s hosting of companies that produce and market invasive surveillance technologies without creating adequate safeguards against abuse. Tools like Gamma’s FinFisher have been exported to authoritarian states with poor human rights records and are used to target activists.
The full submission can be found here.
The UPR process will continue for several months. The countries we submitted recommendations for will be up for review by the UPR Working Group — made up of all 47 member states of the U.N. Human Rights Council — in April/May 2017. A few months after that, the group’s report will be accepted in a plenary session of the Human Rights Council. Until then, Access Now will be monitoring the process and lobbying domestically and at the U.N. to ensure our recommendations are recognized.