On 30 June 2014, pursuant to Resolution 68/167 of the
United National General Assembly, the United Nations High Commissioner for Human
Rights (HCHR) published a report
on the protection and promotion of the right to privacy in the context of
domestic and extraterritorial surveillance and/or the interception of digital
communications and the collection of personal data, including on a mass scale.
The Association for Proper Internet
Governance (APIG) thanks and commends the High Commissioner for this
courageous, frank, objective, well reasoned and balanced report.
We note in particular that paragraph 14 of the report rightly confirms
what was expressed by Dilma Rousseff, President of Brazil, in her 24 September
2013 speech at the UN General Assembly: “In
the absence of the right to privacy, there can be no true freedom of expression
and opinion, and therefore no effective democracy.”
We also notes that paragraph 26 of the
report rightly states that mandatory third-party data retention appears neither
necessary nor proportionate, thus confirming a recent ruling
of the European Court of Justice. Such
data retention may not be consistent with human rights, unless strict
limitations are placed on its use (see paragraph 27 of the report).
And we note that paragraphs 32 to 36 of
the report convincingly demonstrate that states must respect the privacy of
non-residents and non-nationals, contrary to what has been argued
by the United States of America
We note that the forthcoming ITU Plenipotentiary
Conference provides an excellent opportunity to transpose into binding treaty
language the recommendations made in the High Commissioner’s report, and thus
to confirm in clear and unambiguous language what is in fact already implied by
37 of the ITU Constitution covers the secrecy of telecommunications.
The current provisions appear to be too weak and should be strengthened.
Thus, states should agree to amend paragraph 2 of Article 37, and to add
new paragraphs 3 and 4, as follows:
2 Nevertheless, they reserve the right to communicate such correspondence to the competent authorities in order to ensure the application of their national laws or the execution of international conventions to which they are parties. However, any such communication shall take place only if it is held to be necessary and proportionate by an independent and impartial judge.
3 Member States shall respect the secrecy of telecommunications in accordance with both their own laws and the laws of the state of the originator of such correspondence.
4 Third parties shall not be required to retain telecommunications data or metadata. However, end-users may be required to retain data and metadata for a reasonable period of time and be requested to produce it if ordered to do so by an independent and impartial judge.
The proposed new paragraph 4 recognizes that
mandatory third-party data retention is neither necessary nor proportionate, and
thus violates human rights, but that law enforcement authorities have a
legimitate right to seek information in certain cases.
The approach proposed in the new paragraph 4 is the same as that used for
tax compliance, compliance with accounting rules, etc.: the citizen is
responsible to keep records and to produce them upon request; of course a
citizen can refuse to produce the data, in particular if he or she knows that
producing the data will incriminate him or her. In the case of telecommunications data and metadata, users
may well outsource the data retention task to their telecommunications supplier,
but the data would remain under the exclusive control of the user, who would be
responsible to respond to court orders for discolure.