To protect privacy in the digital age, world governments can and must do more

Image by Chris Yang on Unsplash (https://unsplash.com/photos/h54xsHoAj8k) Image by Chris Yang on Unsplash (https://unsplash.com/photos/h54xsHoAj8k)
Author: 
APC, Access Now and ARTICLE 19

As state and corporate actors continue to maximise data collection and retention, governments worldwide must take concrete measures to address existing and emerging threats to affirm and safeguard the fundamental human right to privacy. Since the Snowden Revelations of mass surveillance in 2013, the United Nations (UN) General Assembly and UN Human Rights Council have considered resolutions on privacy in the digital age every year, each taking turns to pass the text biennially. The series of resolutions have progressively elaborated international standards on how to secure the right to privacy online, including contending with the risks posed by new and emerging technologies.

ARTICLE 19, Access Now and the Association for Progressive Communications welcome a new resolution on privacy in the digital age adopted by consensus at the UN General Assembly on 16 December 2020. The resolution, which was co-led by Brazil and Germany and co-sponsored by a record cross-regional group of 69 countries, reaffirms the fundamental importance of the right to privacy and renews international commitment to ending all abuses and violations of this vital right worldwide.

This resolution underlines the interdependence and indivisibility of the right to privacy with other fundamental human rights, including freedom of opinion and expression, peaceful assembly and association, and equality and non-discrimination. Moreover, it builds upon previous resolutions of the same title, with new language on equality and non-discrimination, artificial intelligence (AI), biometrics, encryption and gender, as well as addressing privacy challenges in the context of the COVID-19 pandemic.

While these developments are welcome, the resolution has scope to strengthen norms on certain key issues. We note with concern the resolution missed the opportunity to provide firm and strong recommendations to states on some emerging threats for the right to privacy, such as on facial and affect recognition technology. It is crucial that future versions of the text continue to firmly respond to the key issues of the day. 

Equality and non-discrimination

We gained strong, overdue recognition of the many interlocking connections between the right to privacy and the rights to equality and non-discrimination. The five new references to “discrimination” in the text reflect a year when massive protests worldwide drew attention to systemic racism, structural inequalities and police violence following the murder of George Floyd and other innocent persons of African descent.

The resolution notes the use of artificial intelligence may lead to “racially and otherwise discriminatory outcomes,” and that responsibility for preventing harm falls across the entire lifecycle, through the “design, development, implementation, and use of emerging digital technologies.” The resolution also, for the first time, starts by “taking note” of reports by E. Tendayi Achiume, the UN Special Rapporteur on contemporary forms of racism, racial discrimination, xenophobia and related intolerance. She has identified technology as one of the most urgent areas for a “long-overdue interrogation of systemic racism,” and reported to the General Assembly in 2020 on the discriminatory and harmful ways that emerging digital technologies are used in the border and immigration enforcement context, both by governments and humanitarian agencies.

The resolution moreover builds on language on gender, including stressing “the need to address prevailing challenges to bridge... the gender digital divide[s].” This is a welcome development, particularly as privacy online, including women’s access to encryption and anonymity, is absolutely essential in bridging gender digital divides.

In addition to these developments, the resolution introduces a number of new references to how children can be particularly vulnerable to abuses and violations of their right to privacy.

Violations of civil and political rights catalysed this resolution following revelations of mass surveillance in 2013. But the growing recognition that the right to privacy is interlinked to economic, social, and cultural rights, and development in the digital age propels this text forward. 

Indivisibility of human rights

The General Assembly rightly moves to link new and emerging technologies to privacy and a range of other human rights. The text adds a key reference to “hacking and the unlawful use of biometric technologies,” labelling them as “highly intrusive acts that violate the right to privacy,” which interfere with freedom of expression and opinion, peaceful assembly and association, and the freedom of religion or belief, and “may contradict the tenets of a democratic society, including when undertaken extraterritorially or on a mass scale.”

Since the 2018 General Assembly resolution on privacy in the digital age, we have witnessed the rising visibility of state-sponsored hacking, where governments use spyware like Pegasus developed by NSO Group to persecute innocent people, such as against civil society actors in Mexico or journalist Jamal Khashoggi. Moreover, we have seen a rise in mass surveillance based on flawed and dangerous facial recognition tools. This has led to arbitrary arrests and other forms of unlawful persecution. 

Encryption and anonymity

In 2017, this was the first UN resolution to discuss encryption and its importance to human rights. The 2020 version of this resolution reaffirms strong recommendations on encryption and anonymity adopted in previous iterations of the text, calling upon states not to interfere with technical solutions to secure and protect the confidentiality of digital communications, and encouraging business enterprises to work towards enabling such technologies. This resolution also takes a step further, with a positive call to “enact policies” around encryption and anonymity that “recognize and protect the privacy of individuals’ digital communications.”

With attempts to weaken encryption and erode anonymity stronger than ever, this strengthened language sends a strong signal to the international community about the fundamental importance of encryption and anonymity for the realisation of human rights. These technologies allow individuals to express themselves without fear of reprisal and ensure access to information, especially in those countries where the right to freedom of expression is under threat. This is particularly the case for groups at-risk of discrimination and violence.

We now urge all states to act on these recommendations and enact laws which explicitly recognise that individuals, including journalists and human rights defenders, are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. 

Artificial intelligence

The UN is increasingly prioritising and examining the specific challenges for the right to privacy amid the rapidly increasing use of new and emerging technologies commonly labelled as forms of artificial intelligence (AI). Within this context, the General Assembly added many references to AI to this year’s text. While we encourage delegates to stay abreast of technological developments, the UN as a whole is too welcoming of algorithmic and machine-learning tools. Often, states and multilateral bodies across the UN and beyond uncritically embrace and promote “AI for good”, failing to understand key underlying issues surrounding sociotechnical systems, and instead assuming that the tech can and will be used primarily for beneficial purposes, while relegating any concerns to secondary “safeguards”.

Likewise, this text opens with the contentious declaration: “The use of artificial intelligence can contribute to the promotion and protection of human rights.” Given mounting evidence of the harms and dangers of using AI in societies, we underscore the importance of shifting the burden of proof. Those developing and employing these technologies should bear the burden to prove they are not harmful and detrimental to human rights before these technologies are deployed.

The resolution correctly notes that new technologies process large amounts of sensitive data, and pose serious privacy risks when used for “identification, tracking, profiling, facial recognition, classifying and behavioral prediction or the scoring of individuals,” while also reinforcing racial discrimination. However, the General Assembly rather weakly declares that “proper safeguards” could remedy these risks. We submit that certain types and uses of technology, including facial recognition for mass surveillance, and affect recognition as a whole, simply cannot be employed in a rights-respecting manner. We look forward to working with delegates to strengthen future versions of this resolution. 

Biometric technology

The resolution addresses the adverse effects of biometric technologies on the right to privacy. In line with other resolutions on this topic, it calls on states to regularly review their procedures, practices and legislation regarding biometric technologies, and to ensure that biometric identity programs are designed, implemented and operated with appropriate legal and technical safeguards in place. However, beyond one minor reference, the resolution missed an opportunity to fully and explicitly contend with facial recognition technology, one of the most invasive uses of biometric technology across the globe. Moreover, it does not contemplate an emerging technology, affect recognition, at all.

The deployment of facial recognition to surveil public spaces has steadily increased in recent years, including in countries with poor human rights records or without adequate accountability or transparency. These technologies have the potential to identify people and track their movements and relationships at points in time, posing potentially far-reaching chilling effects for the right to privacy and other human rights, including freedom of expression and peaceful assembly. Moreover, governments have used such technologies to target journalists, human rights defenders and others expressing dissent.

It is paramount that future versions of the resolution provide greater guidance on facial and affect recognition technology. This includes urging states to establish effective, independent, adequately resourced and impartial oversight mechanisms to regulate not just the use but existence of facial recognition technology. Moreover, it must call on states to refrain from using automated facial recognition technology for mass surveillance or to identify those participating in an assembly. 

We express the firm commitment of our organisations to continue engaging with the core group of the UN resolution on privacy in the digital age to enhance international standards, both at the General Assembly and Human Rights Council.

« Go back