The United Nations and the Right to Privacy
By Maya Garner
Formal proceedings, as well as people’s personal lives, increasingly take place online and raise the question of the application of international law to cyberspace. While the issue of cybersecurity certainly applies to the safety of UN member states against hackers, the UN may be lacking behind on the issue of the right to privacy for ordinary civilians worldwide and must work hard to keep up with the implications of the data collection and sharing of people’s personal data.
The Office of the High Commissioner for Human Rights highlighted the issue of digital communications technologies “being developed covertly, often to facilitate these practices [of mass electronic surveillance and interception], with chilling efficiency. Such surveillance threatens individual rights – including to privacy and to freedom of expression and association – and inhibits the free functioning of a vibrant civil society.” Within an international legal framework, the UN resolution 68/167 of 2013 expressed “deep concern at the negative impact that surveillance and interception of communications may have on human rights,” citing the International Covenant on Civil and Political Rights that recalls that “no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.” In response to the summary report of the UN OHCHR’s, in April 2015 the UN created the position of a Special Rapporteur on the Right to Privacy for a three-year term. While evidently, the UN has begun to take issue with the rights to privacy in a digital age, the development of technologies progress at such a rate than local governments and international law may not be able to keep up.
A case study of this phenomenon is the influence of Facebook and the notorious 2018 Cambridge Analytica Scandal, in which the political consulting firm Cambridge Analytica Ltd had harvested personal data of millions of Facebook profiles without consent and used it for political advertising. The case gained media attention and wide-spread public awareness, introducing the risks of personal data-collection in the public eye. While the scandal was not technically a data breach, since no systems had been infiltrated, it revealed how Facebook’s internal system is configured for the purpose of data amassing and extraction, which was then exploited. Facebook-founder Mark Zuckerberg testified to the U.S. Congress, and while the UK Information Commissioner’s Office fined the company £500,000 ($645,150) for the mishandling of the data, Facebook faced relatively few consequences, exposing the legal weaknesses in responding to breaches of the right to privacy in the digital world. Yet on July 12, 2019, it was reported that the Federal Trade Commission is to fine $5 billion against Facebook for its mishandling of people’s personal information, the largest fine to be leveled against any company by the FTC.
Yet none of these penalties have attempted to tackle the issue at its roots. Part of the problem is not only companies’ sharing or exploitation of personal data, but their ability to gather it in the first place. The global population makes use of the internet as an extension of the self – social interactions as in the case of Facebook, formal communications, web searches, etc. The pseudo-privacy of communicating or browsing an online platform creates an environment for effective espionage and exploitation. Cookies, “deep cookies” and data sharing leaves a digital footprint of the average user, which accumulates knowledge on individuals from which private information can be extracted.
Facebook’s official Data Policy states collection of all content, communications and information provided from using the Products, “such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities.” Additionally, access to a phone’s camera allows it to collect information on how this is used, and access to GPS location or photos stored on a mobile phone. In addition, some data such as emerging facial recognition techniques, or such as racial or ethnic origin, philosophical beliefs or trade union membership, are subject to special protections under EU law. The data collected is presented by Facebook as beneficial to the user by providing personalized advertisement and personalized content. Yet this presentation is a strange facade over the actuality of handing over private information.
The privacy agreements presented by companies such as Facebook are flawed, since there exists a disproportionate relationship between the time and effort of reading the agreements and then of quickly viewing and using the content, resulting in virtually no one reading the agreements or changing their privacy settings. A person making use of the internet and of social media is pressured to surrender their privacy in exchange of convenience. This, as well as the reality that few people understand the full implications of their actions, amounts to dubious consent. While information on an individual could be used to track political figures and to suppress dissent, an ordinary person may by extension dismiss Facebook’s privacy breaches by the notion that they are not themselves interesting or important from a political perspective. However, as observed by the Cambridge-Analytica scandal, people and their personal data are not necessarily important from an individual perspective; they are important as a demographic.
A demographic can be subjected to various forms of control through misuse of their data, altering their online behavior and using the data for political purposes. The ordinary citizen may not recognize the implications of surrendering their privacy to companies such as Facebook, which dominates the social media scene. As a result, the United Nations must step up its work in this sector and take on the responsibility to protect human rights in a digital age and reduce the collection and sharing of private data in order to prevent data misuse. The internet is a global phenomenom and must be monitored by the international community and subjected to international law in order to protect people’s fundamental right to privacy.