UN expert calls for international law and multilateral treaties for balancing privacy rights and security requirements
The risk of privacy intrusion created by bulk acquisition of data should be proportional to the effectiveness of the measure in reducing in terrorism risk.
The United Nations Special Rapporteur on the right to privacy (SRP), Joseph Cannataci presented a report focusing on “First approaches to a more privacy-friendly oversight of government surveillance” to the Human Rights Council on March 8. The report looks at recent trends and developments in the area of government surveillance and its interaction with the right to privacy.
The report stresses the importance of evidence-based ’proportionality’, that is the risk of privacy intrusion created by the bulk acquisition of all kinds of data including metadata as well as content should be proportional to the effectiveness of the measure in reducing in the risk of terrorism. It goes on to highlight a growing tendency to indulge in “gesture-politics” by certain governments, capitalising on ‘disproportionate though understandable fear’ that electorates may have in the face of the threat of terrorism. Wishing to be seen doing something about security, expensive, privacy-intrusive powers could created or existing practices legalised, without demonstrating that this is either a proportionate or indeed an effective way to tackle terrorism,
The data collected is vulnerable to cyberattacks by hostile governments or organised crime and potential abuse by governments themselves in certain situations.
The report reiterates that everyone, everywhere deserves the right to privacy, irrespective of colour, creed, national or ethnic origin, political philosophy or sexual orientation.
To ensure that the rights are not breached, and associated freedom of expression and association are not curtailed, the structure of accountability and transparency within governmental organizations carrying out surveillance need to be clear. It also needs to be clear why a particular set of data is being collected, what is the purpose the analysis and which purposes are not legal. Enforcement of these mechanisms needs to be embedded within the authorities carrying out surveillance and it needs to be clear who is accountable for compliance. External checks can be imposed through oversight authorities with access to domain knowledge, resources and access to relevant information.
In the report, the SRP proposes complementing domestic measures with multilateral agreement enshrined in international law, akin to the systems in place in spaces such as spaces” as diverse as maritime law, space law, atomic weapons, chemical weapons etc.
The complexity of data flows across traditional sovereign boundaries poses an altogether new class of challenges. There is an existing Cybercrime Convention, which has been signed by 25% of the UN’s member states. But it deals only with the criminal justice sector. It does not deal with national security nor surveillance carried out in the name of national security.
An international authority, like the one proposed, would be able to grant the equivalent of an international surveillance warrant or international data access warrant (IDAW) that would be enforceable in cyberspace. This would also clarify the situation for companies operating data centres internationally. They would face an international data access warrant issued on grounds of reasonable suspicion under clear international law and not need to worry about any one state overstepping its boundaries.
The report concludes saying,"However difficult for it to be brought about, it is not impossible, indeed it is both plausible and reasonable that a significant number of states would eventually coalesce around a legal instrument which would regulate surveillance and protect privacy in cyberspace. This would be good for citizens, good for governments, good for privacy and good for business."
There are several reports, reflecting Thematic Action Streams, scheduled to be released during the next four years, till 2021. Later this year, in October, a report on “Big Data & Open Data” is going to be presented to the General Assembly.
Read the complete report here.