Privacy is a fundamental human right, recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other international and regional human rights instruments. As noted in a recent report of the UN High Commissioner for Human Rights, the right to privacy is an expression of human dignity and is linked to the protection of human autonomy and personal identity. It includes the freedom from interference or intrusion, as well as the right to information privacy – individuals’ right to control how their data is collected and used. Protecting privacy and personal data is a responsibility incumbent both on states and on private entities. Any interference with this right must be based on law, serve a legitimate purpose, and be proportionate and necessary for achieving the legitimate purpose.
Protecting privacy in the digital space is an increasingly complex matter. On the one hand, public and private entities alike are requesting our personal data to enable the provision of certain digital services or to protect the public interest (in particular public safety or security). Examples include user accounts on e-commerce stores and the COVID-19 tracking apps. On the other hand, there are also many instances when our data is being collected and processed without us being (completely) aware of it. Search engines, for instance, rely on information about our online behaviour to provide customised advertising. And surveillance tools – as the recent Pegasus revelations have shown – are increasingly used outside of rule of law frameworks.
How do we deal with such challenges and ensure that privacy and data protection are safeguarded as core human rights? What are the roles of responsibilities of state and non-state actors, and how do we hold them accountable? How do we determine when the processing of personal data is indeed needed for legitimate purposes? How do we avoid, identify and adequately address abuses in the collection and processing of data by both private and public entities?
While some countries around the world are putting in place stricter laws and regulations to tackle at least some of these challenges, the reality is that there is still a patchwork of different legal approaches to protecting privacy and personal data. How do they work together in the framework of a borderless digital space? What is still missing?
These are some of the questions to be tackled in the second preparatory session of the IGF 2021 parliamentary track. Members of parliaments will first hear from representatives of an intergovernmental organisation and a private company about current challenges and approaches to protecting privacy and personal data. This dialogue will then be followed by an exchange of experiences on how different jurisdictions tackle privacy protection in the digital space, and a discussion on the challenges of enforcing laws and regulations.
Peter Kimpian, Data Protection Unit, Council of Europe
Gayatri Khandhadai, Asia policy regional coordinator, Association for Progressive Communications
This session is dedicated to members of parliaments and parliamentary staff. Registration is required and can be done via this online form.