Q3/2018 - UN Human Rights Council (UNHRC)

At the 39th session of theUN Human Rights Council held in Geneva in September 2018, Internet-related issues were not in the limelight. But the agenda included a discussion of a report titled "Right to Privacy in the Digital Age" by the new UN High Commissioner for Human Rights, Michelle Bachelet Jeria, former President of Chile..

• The Office of the UN High Commissioner on Human Rights is the leading entity on human rights in the system of the United Nations, with a staff of 1,300 at two offices in Geneva and New York. The High Commissioner is appointed by the UN General Assembly and operates independently of the UN Human Rights Council (HRC). However, the High Commissioner submits reports and comments both to the HCR and to the 3rd Committee of the UN General Assembly.
   
• The 2018 Report of the Office of the United High Commissioner for Human Rights on the "Right to Privacy in the Digital Age" gives an overview in 61 paragraphs of the trends and developments concerning the protection of the right to privacy against the background of the latest technological developments. The "right to privacy" is enshrined both in the Universal Declaration of Human Rights (UDHR) of 1948 (Article 12) and the United Nations International Convenant on Civil and Political Rights of 1966 (Article 17). It constitutes the obligation of governments to protect the privacy of all individuals.
   
• However, the provisions of Article 17 of the United Nations Convention on Human Rights are very general and allow a broad, sometimes divergent interpretation, in particular with regard to potential limitations, which are justified under international law, for example for the protection of national security and public order or in the interests of law enforcement and hazard prevention. More specific regulations, as they exist in many countries in the form of national data protection laws or a constitutional fundamental right such as the right to informational self-determination, have never been developed within the framework of the UN. There is also no UN convention comparable to the new EU General Data Protection Regulation (GPDR).
   
• After theSnowden revelations in 2013, voices were raised demanding to give greater weight to the protection of privacy also within the framework of the UN. A German-Brazilian initiative at the UN General Assembly led to the creation of the position of a "Special Rapporteur on the Right to Privacy in the Digital Age mandated by the UN Human Rights Council (HRC)" in 2015. The Maltese Professor Joseph Cannataci was appointed Special Rapporteur and has since undertaken extensive activities. This includes the idea of drafting a new international convention on data protection. In particular, Cannataci calls for an instrument under international law against mass surveillance. Cannataci has presented these proposals in several sessions of the UN Human Rights Council, mentioned them in his reports to the UN General Assembly and has repeatedly referred to the new European General Data Protection Regulation (GDPR). So far, however, the proposals have been received with great reserve, discussed controversially and have not been reflected either in resolutions of the UN Human Rights Council or in resolutions of the UN General Assembly. Especially the USA rejects a new instrument on data protection under international law.
   
• In this respect, it is remarkable that the new report of the UN Commissioner for Human Rights does not take up the ideas of the HRC Special Rapporteur Joseph Cannataci either; it does not mention them at all and instead recommends to the individual UN states to further optimise their national legislation. In her report, Bachalet acknowledges that the digital revolution, with its possibilities for face and speech recognition, individual profiling based on algorithms and the still unclear implications of artificial intelligence for the right to privacy, has created completely new threats to privacy. She further argues that these threats to individuals originate from both governments and private companies. She concludes, however, that the new problems can be addressed within the framework of existing legal instruments and do not require new international instruments.
   
  • As the best measure to protect the individual citizens, the High Commissioner recommends a combined solution of information and transparency as well as improved national legislation and precise definitions of the respective procedures. In her opinion the problem is not a lacking legal basis, but insufficient application and implementation of existing international and national legal instruments;
     
  • The report emphasises that many governments interpret the restriction options provided by international law rather widely, which may lead to abuse if the generally acknowledged rules of appropriateness, necessity and proportionality for such exemptions are not respected. Exceptions that allow restrictions must remain exceptions and should not become the rule. Individuals who become victims of violations and abuses of the right to privacy should have access to effective remedies and redress. This also applies to violations of privacy across national borders.
     
• An interesting fact is that the report also includes five recommendations for the private sector. The general political discussion of the question if the United Nations Convention on Human Rights also applies to private businesses comes up with diverging answers. The five recommendations of Michelle Bachelet are based on the "Guiding Principles on Business and Human Rights", which were adopted by the UN Human Rights Council in 2011 (HRC resolution 17/4). Even though they are not legally binding, the so-called "Ruggie principles" are largely considered a kind of customary and universal guideline that most private companies accept as an orientation. Also in the ICANN context and according to the regulations in the ICANN Articles of Incorporation, the Ruggie principles play a role, which became obvious in particular during the GDPR discussion;
   
• The UN Human Rights Council has not adopted any other resolution on "The Right to Privacy in the Digital Age" after the discussion of the report. However, the issue is on the agenda of the 3^rd Committee at the 73th Session of the UN General Assembly and will be discussed further in October and November 2018 in New York.