New UN resolution on the right to privacy in the digital age: crucial and timely
The rapid pace of technological development enables individuals all over the world to use new information and communications technologies (ICTs) to improve their lives. At the same time, technology is enhancing the capacity of governments, companies and individuals to undertake surveillance, interception and data collection, which may violate or abuse human rights, in particular the right to privacy. In this context, the UN General Assembly’s Third Committee adoption on 21 November of a new resolution on the right to privacy in the digital age comes as timely and crucial for protecting the right to privacy in light of new challenges.
As with previous UN resolutions on this topic, the resolution adopted on 21 November 2016 recognises the importance of respecting international commitments in relation to the right to privacy. It underscores that any legitimate concerns states may have with regard to their security can and should be addressed in a manner consistent with obligations under international human rights law.
Recognising that more and more personal data is being collected, processed, and shared, this year’s resolution expresses concern about the sale or multiple re-sales of personal data, which often happens without the individual’s free, explicit and informed consent. It calls for the strengthening of prevention of and protection against such violations, and calls on states to develop preventative measures, sanctions, and remedies.
This year, the resolution more explicitly acknowledges the role of the private sector. It calls on states to put in place (or maintain) effective sanctions and remedies to prevent the private sector from committing violations and abuses of the right to privacy. This is in line with states’ obligations under the UN Guiding Principles on Business and Human Rights, which require states to protect against abuses by businesses within their territories or jurisdictions. The resolution specifically calls on states to refrain from requiring companies to take steps that interfere with the right to privacy in an arbitrary or unlawful way. With respect to companies, it recalls the responsibility of the private sector to respect human rights, and specifically calls on them to inform users about company policies that may impact their right to privacy.
The resolution notes that violations and abuses of the right to privacy increasingly affect individuals and have particular effects on women, children and vulnerable or marginalised communities. It links the right to privacy with the exercise of freedom of expression, as well as participation in political, economic, social, and cultural life, a framing that challenges increasing identification of security and surveillance by governments and corporations.
Since the UN General Assembly’s first resolution on this issue in 2013, in reaction to the Snowden revelations, its approach has evolved from a largely political response to mass surveillance to addressing more complex challenges around data collection and the role of the private sector. These are encouraging developments, and have already brought about some positive change, including the establishment of a UN Special Rapporteur on the right to privacy. But more work is needed to implement the resolutions, especially the calls on states to improve their laws and practices with respect to the their surveillance practices. Like all UNGA resolutions, this is non-binding and unless states take their commitments seriously and civil society applies pressure, there is a risk that these resolutions remain just words on paper.
Looking forward, the resolution suggests that the Human Rights Council (HRC) consider holding an expert workshop as a contribution to a future report of the UN High Commissioner on Human Rights on this matter. Practically speaking, this means the issue is bounced back to the HRC in Geneva, which will decide when and under what terms to hold the workshop. Expert workshops can be an excellent way to discuss challenging and complex issues outside the highly politicised confines of UNGA or the HRC, so should this workshop happen, it has the potential to be a valuable opportunity to work through some of the thorny issues around privacy in the digital age, of which there is no shortage.