New York, 24 October, 2016
Mr. President, Ladies and Gentlemen,
It is with great honour that I address this Assembly, for the very first time, in my capacity as United Nations Special Rapporteur on the right to privacy.
Since my appointment about one year ago, I developed a 10-point action plan which I presented in my first report to the Human Rights Council in March 2016 (see A/HRC/31/64, para. 46). The feedback received on the 10-point action plan was very positive. Hence, I will keep working on these issues and aim at presenting tangible results produced in cooperation with all stakeholders during the course of the mandate.
The experience gathered through the first 12 months of working on the mandate as well as in monitoring recent developments in the area have made it clear that some issues demand even more swift and decisive responses than others, and the first set of five priorities has thus been identified. I plan to take appropriate action and present outcomes from investigation into these priority areas in separate thematic reports.
Supported by many actors from civil society and other stakeholders committed to the cause, my team and I have been able to set in motion multiple activities. These areas have been carefully identified and will now be dealt with in the form of Thematic Action Streams (TAS). In this first phase of activity, five TAS have been created, one for each of the following priorities: Big Data and Open Data; Security and Surveillance; Health Data; Personal data processed by corporations; and “A better understanding of Privacy”. It is intended that each of these action streams will develop its own momentum while also interacting with other TAS and enable me to prepare a thematic report at the point where the investigation and debate within a specific TAS is mature.
The methodology I have chosen is one which contemplates the setting up of a TASk force — some would call this a Working Party (WP) — composed of highly experienced and unpaid volunteers. There would thus be one WP for each of the five TAS, which would be expected to work on assisting me in researching and drafting a thematic study which would later form the subject of a report to the Human Rights Council or the General Assembly, to be presented during the period 2017-2018.
There was never any doubt that Security and Surveillance would be high on the list of my priorities. The complexity of the area, bringing together as it does interests from both law enforcement agencies and security and intelligence services, intersecting with the activities of a number of large corporations, has meant that it has been necessary to start by breaking the subjects to be tackled into smaller subsets, with the main emphasis throughout being on identifying and reinforcing privacy safeguards and remedies. The first major initiative taken in this sector was to create the International Intelligence Oversight Forum (IIOF2016).
The first edition of the Forum, which was held in Bucharest on the 11th and 12th of October 2016, saw the participation of some two dozen oversight agencies, parliamentary committees and intelligence services. Several themes emerged during the Forum and were discussed, such as: respect for fundamental human rights, a need for standardization and professionalization of oversight activities, safeguards without borders and remedies across borders, accountability and transparency, good and bad practices and the need for more fora in which a high-level discussion can be held.
The Forum, which was a successful start, should enable the collective identification of challenges to privacy and freedom of expression in the gathering of intelligence as well as best practices which could assist me and all the stakeholders in identifying better safeguards and remedies.
Hence, it is planned to make IIOF a regular annual event which would result in constant input into the mandate’s reports, recommendations and other initiatives. Currently, options for venues for the 2017 event are being reviewed and I would like to take this opportunity to invite countries who wish to engage with the mandate to host the event being organized in early November of every year.
I would like to publicly thank those many United Nations Member States which have engaged with this exercise so far, especially the four Intelligence Oversight Committees of the Romanian Senate and Parliament. Thanks are also due to the European Union Agency for Fundamental Rights, which was supporting the event in various ways.
I am building on the engagement with leading corporations achieved through previous and ongoing projects and especially with the European Union-supported Managing Alternatives for Privacy, Property and Internet Governance (MAPPING) project in order to continue to examine the privacy impact of the growing use of personal data by the corporate sector.
Some of this work is also relevant to government surveillance activities and is expected to lead to a joint consultation on the matter with civil society in an event to be organized on 15 and 16 February 2017, co-organized by the Special Rapporteur mandate holder and the MAPPING project. Thanks are due to a number of leading companies, including Microsoft, Google, Facebook, Apple and Yahoo!, as well as the Global Network Initiative, which have continued to engage with the Special Rapporteur’s mandate as well as the MAPPING project in a very welcome manner.
All other stakeholders are welcome to join this process at the appropriate time and the Special Rapporteur invites expressions of interest in this matter, as in all other TASk initiatives.
One of the longer-term initiatives taken by the Special Rapporteur is the TASk Force focused on “A better understanding of Privacy”. The intention is that, of the current set of five priorities, this TASk Force will report last, and certainly no earlier than 2018, since several other consultation events are expected to be needed in various regions, including Africa, Asia, Australia, Europe and South America.
This TASk Force has already started gathering evidence on concepts such as the relationship between privacy and an overarching fundamental right to the free development of personality. It is expected that its activities would constitute an ongoing process which would inform as well as learn from the findings of all the other TASk Forces set up by the Special Rapporteur. It is also one of the TASk Forces which devotes considerable attention to the relationship between privacy and other fundamental rights such as freedom of expression and freedom of (access to) information.
Preliminary discussions with Human Rights Watch as early as September 2015 developed a momentum which led to the organization of the first event by this TASk Force, entitled “Privacy, personality and flows of information” in New York on 19 and 20 July 2016. This two-day, behind closed doors, event filled a 90-seat conference room to capacity and was held thanks to the generosity and combined efforts of Human Rights Watch; the Brennan Center for Justice at the New York University School of Law; Global Freedom of Expression at Columbia University; the MAPPING project; the Department of Information Policy and Governance of the University of Malta; and STeP, the Security, Technology and e-Privacy Research Group at the University of Groningen in the Netherlands. Thanks are also due to the Government of Germany for providing the mandate holder with some of the funds which supported worldwide participation in this event.
This event successfully served as a pilot for a new series of events which will deal with the same subject and will be organized on all continents to consolidate as many views as possible. Therefore, while the planning for the next event, has already started, I would like to hereby invite any parties interested in supporting, hosting and participating in such events in the near future to contact me directly.
I have focused on three main substantive issues in my report: 1) The right to remain silent in the digital age; 2) some recent developments in the area of data retention and mass surveillance as well as 3) more recognition of the relationship between the fundamental right to privacy and its connection with the development of personality. Allow me to elaborate on the first two issues for a moment.
In my report I have referred to two high profile cases: Apple vs FBI which has to be understood in connection with a horrible Terror attack in San Bernadino, California as well as a recent US-American Supreme Court ruling in the case Riley v. California.
The very characteristics of a mobile phone which make it such a special repository of personal data, also make it the most obvious tool which could totally and effectively undermine the right to silence, which has been gradually recognized in various jurisdictions since the sixteenth century and which in the United States is recognized as the Fifth Amendment. Put simply, in many jurisdictions around the world — but not all — an accused person has the right to avoid self-incrimination by remaining silent during criminal proceedings against him or her.
Yet a judicial warrant to access data held on a phone could effectively breach that right. The accused — hitherto not a compellable witness — may have the right to remain silent, but his or her phone could speak volumes about the most private of his or her thoughts, interests and actions. I next seek to work with other Special Rapporteurs to further investigate and report back on this matter.
Despite the rulings of numerous national constitutional and regional human rights courts, it is observed that there is an increased tendency for governments to promote more invasive laws for surveillance, which often allow for the thinly disguised permanent mass surveillance of citizens.
In my report, I have been reflecting on the situation in the United Kingdom and Germany in as much detail as the word-limits allow. While I can understand the anxiety induced by the recent spate of attacks in different countries across the world, I continue to look at these two countries for leadership in the field of privacy and data protection. In that spirit, I would like to extend an offer to them to work with the mandate to produce a new law and adequate oversight regime which would serve as an example of best practice globally. The UK is to be commended for, over the past twelve months, significantly improving its proposals to strengthen the oversight mechanisms for surveillance but the Investigatory Powers Bill currently being debated in the UK House of Lords retains potential for huge areas of improvement especially in areas such as bulk surveillance, bulk equipment interference, other forms of bulk acquisition of personal data and encryption.
It is deeply concerning that stable and progressive liberal democracies like Germany last Friday voted for a new law on the activities of one of their security services, which legalize practices that seem unnecessary and/or disproportionate for a large number of national and international experts, civil society and corporations. I am particularly disappointed by provisions in national laws which discriminate against citizens of foreign states. Art 12 of the UNDHR and Art 17 of the ICCPR do not state that the right to privacy is a right which is only enjoyed by the citizens of one’s own state. I very strongly maintain that the right to privacy of every citizen of the world should be safeguarded in laws governing surveillance and that the distinction between one’s own citizens and “foreigners” is useless in practice and not in compliance with the principles of the universal right to privacy. Moreover, while the very constitutionality of the new German law is already being challenged, it would appear that the lack of independence of the new oversight authority being introduced in Germany would prima facie not meet the standards being set down in the latest revisions of European law on the matter. So here again we have a new law where the ink is not yet dry but which clearly requires significant improvement in order to properly respect the right to privacy.
At this point in time I have made it a top priority to further gather evidence from and build bridges between all stakeholders in order to enable nation states and regional organisations to make the right choices in issues such as the encryption and confidentiality of communication, purpose limitation and effectiveness of measures, bulk surveillance and deployment of the appropriate resources for independent and effective oversight of the activities of Intelligence Services and Law Enforcement Agencies.
Mr. President, Ladies and Gentlemen,
In my first full year in office, I have visited 14 countries during 20 trips undertaken for my mandate. These have included visits to countries as geographically far apart as Australia, Brazil, New Zealand and the United States, as well as 10 European States. Although technically speaking these were “informal” country visits, on many occasions they included the full array of engagements carried out during traditional official visits of the Special Rapporteur, including meetings with ministers, ministry officials, intelligence services, oversight agencies, data protection commissioners, law enforcement, civil society and leading corporations. In an overwhelming number of cases, I was received in a very positive manner. The next 12 months will also include at least two and possibly three official country visits, all tentatively scheduled, at least one each on three different continents (Europe, Africa and Latin America).
I draw your attention to the fact that I have launched a system of structured consultations around the world. Civil society, individuals, governments, corporations and other stakeholders have registered their interest in various privacy-related topics by writing and/or requesting meetings, most of which were granted. These meetings have made it possible to construct lists of stakeholders in various sectors and to use these lists to invite stakeholders to meetings around the world.
I thank you for your attention and look forward to a fruitful and constructive dialogue about the issues I have raised in my report.