11-14-2011By Betsy Walters
Business & Human Rights
Late last week, the European Commission proposed legal changes to take effect next year that would radically change the way internet companies and social media sites process and store private user data. This announcement could signal a much-needed step toward ensuring that international norms protecting privacy online keep pace with the rate at which web giants are growing and acquiring consumer information. The EC law, which has not been update since 1995, would require that companies doing business in Europe, regardless of where they are based, comply with strict E.U. data protection laws.
While the consumer data gathered by these free web-services is provided by the users themselves, protecting private information is paramount, particularly at a time when China and some transitioning governments are using the internet to crackdown on political dissidents and protestors. The European Commission’s increased protection of internet privacy is part of a broader effort to ensure freedom of expression for internet users all over the world.
For example, the need to balance internet privacy and expression with national security also took center stage this month at the London Conference on Cyberspace. British Foreign Secretary William Hague opened the Conference with a speech that strove to establish the “rules of the road” for cyberspace governance. He proposed seven principles that should form the “basis for more effective cooperation between states, business, and organisations”:
- The need for governments to act proportionately in cyberspace and in accordance with international law;
- The need for everyone to have the ability to access cyberspace, including the skills, technology, confidence and opportunity to do so;
- The need for users of cyberspace to show tolerance and respect for diversity of language, culture and ideas;
- Ensuring that cyberspace remains open to innovation and the free flow of ideas, information and expression;
- The need to respect individual rights of privacy and to provide proper protection to intellectual property;
- The need for us all to work together collectively to tackle the threat from criminals acting online;
- And the promotion of a competitive environment which ensures a fair return on investment in networks, services and content.
The open articulation of these general principles is valuable, particularly in the setting of the London Conference, which had 700 attendees from governments (including representatives from China and Russia), businesses, and civil society organizations. Human Rights First is hopeful that the principles will serve as a jumping off point for governments, companies, and organizations to then focus on the concrete, measurable steps that must be taken to implement these principles in a way that as a priority protects both freedom of expression and the right to privacy.
It cannot be disputed that the challenges governments face grow and change as quickly as the technology that drives their citizenry, but human rights obligations must always receive the utmost protection in accordance with the obligations of international law. The UN’s May 2011 UN’s May 2011 report on of freedom of expression on the internet, made a point of reminding parties to the International Covenant on Civil and Political Rights—including the United Kingdom—that they must uphold their obligation under Article 19 of that Covenant. That provision calls for any limitation on the right to freedom of expression to pass a three-part cumulative test that is designed to ensure the limitations are done in the least restrictive way and reflect a clear national security threat.
Vice President Biden delivered an address on behalf of the Obama administration in which he repeatedly reminded attendees that “Existing principles of international law apply online, just as they do offline… The rights of individuals to express their views and petition their leaders, practice their religion, assemble with their fellow citizens online we believe must be protected. These rights are universal whether they’re exercised in the town square or on a Twitter stream. They’re enshrined in the Universal Declaration of Human Rights, which applies to cyberspace just as surely as it does to every corner of every country on Earth.”
The British government recently struggled to strike the proper balance between security concerns and protection of the free flow of information during August’s London Riots, and statements by Secretary Hague and Prime Minister David Cameron at the conference showcased these possibly competing ideologies that are at work. Secretary Hague unequivocally stated that “We reject the view that government suppression of the internet, phone networks and social media at times of unrest is acceptable.” Taking a less pointed approach, Prime Minister Cameron said “We cannot leave cyber space wide open to the criminals and terrorists that threaten our security and prosperity. But at the same time we cannot go the heavy-handed route.”
In addition to their own obligations to uphold freedom of expression and privacy rights, governments should pressure companies in the ICT sector to adopt companion policies. The decisions that tech companies make have broad implications for human rights, both in developed countries and in the developing countries that they are racing to enter. It is vital that governments use whatever tools they have at their disposal to pressure companies to assess the impact that their products have had or might have on human rights, and to formulate a plan to rectify or prevent abuses. A multi-lateral approach is the only one that will succeed.
At the end of his opening remarks, Secretary Hague offered a “positive vision, one in which “we are able to use new technologies to the full to spur economic growth in developing countries, to narrow the digital divide, to give our citizens greater choice, to find new ways of addressing conflicts, to protect cultural diversity and the free flow of ideas, to root out and prevent grotesque human rights abuses, and to make successful prosecutions against cyber criminals the norm, rather than the exception that it is today. “ This positive vision will only become reality if his seven principles are implemented in a way that always puts human rights first.