The Right to Privacy has been long held to be synonymous with other human rights.
‘Private’ has been defined in the Oxford Dictionary as ‘confidential: not to be disclosed to others; kept or removed from public knowledge or observation’. A more comprehensive and pragmatic view has been offered by Alan Westin, author of Privacy and Freedom who defines privacy as “the desire of people to choose freely under what circumstances and to what extent they will expose themselves, their attitudes and their behavior to others”
In this article I will be focusing the discussion on the right to privacy to the digital forum, and thereby the emphasis on having comprehensive Data Protection legislation.
Every sector and industry (including health, transport, education and insurance to name a few) have been influenced by the IT revolution in the rapid and advanced introduction of computer technology. If computers are vessels, then the information that flows through them is referred to as ‘data’.
The world has become a ‘global village’. Sovereignty of states have become blurred and the propensity of international transactions through the internet have given rise to many legal complexities. Thereby the need for extensive laws regulating this information is imperative; now more than ever.
International Treaties have long recognized the importance of these provisions. However, most of the ‘vigilant gatekeeping’ for international human rights does not occur at the international level but in the domestic arena, by holding States accountable to the enforcement of those national laws that codify international obligations.
The U.N. General Assembly, in its Resolution on the Right to Privacy in the Digital Age, noted that “the rapid pace of technological development enables individuals all over the world to use new information and communication technologies (ICT) and at the same time enhances the capacities of governments, companies and individuals to undertake surveillance, interception, and data collection, which may violate or abuse human rights, in particular the right to privacy.” Further, both the U.N. General Assembly, in its Resolution 68/167 on Digital Privacy Rights, and the Office of High Commissioner for Human Rights, in its Report on The Right to Privacy in the Digital Age to the Human Rights Council, affirmed how “the rights held by people offline must also be protected online.”
The Challenges of a Data Protection Act
A challenge to any state would be the delicate balancing of the freedom of expression and the right to privacy. Frank LaRue, Special Rapporteur on Freedom of Expression, in his 2013 report to the Human Rights Council, discussed how ICCPR Art. 17 on privacy does not provide for a clear-cut limitation test as Art. 19 does for freedom of expression. Therefore, he asserts that Art. 17 “should be interpreted as containing elements of a permissible limitations test already described in other General Comments of the Human Rights Committee”, such as those contained in the articles on the right to liberty of movement, the right to peaceful assembly etc. These can be summarized in three main requirements:
Any restriction must be provided by law and must represent a legitimate, compelling state interest.
The restriction must be necessary for achieving such legitimate aim and the measure must be proportionate, meaning it must be appropriate to achieve its protective function; and
The limit must be narrowly tailored to the end sought, thus representing the least restrictive way to achieve the desired result.
Note that the determination of what constitutes a legitimate restriction should be “undertaken by a competent judicial authority or a body which is independent of any political, commercial, or other unwarranted influences.
The EU General Data Protection Regulation [2016/679], which was enacted in May 2018, can be easily classified as a forerunner in Data Protection legislation. It builds on existing concepts and strengthens requirements for the collection and use of personal data though it does introduce a number of significant changes. For example, companies that have no physical presence in the EU will also need to comply with the GDPR if they offer goods and services in the EU or monitor a data subject’s behavior taking place in the EU. Also, if the personal data travels outside the EU the controller should ensure a level of protection which is similar to that in the EU for the data.
The Hong Kong ‘Private Data Protection Ordinance’, which was brought into force in 3 stages in 1997 has been described as an ‘economic selling point, safeguarding the free flow of personal information to Hong Kong”, as much as it was a “human rights related initiative”. The content of the Ordinance clearly reflected both the OECD Guidelines and EU Directive, but not as any direct pressure from abroad, rather as a long-term protection of the trading position of Hong Kong and as an elite concern to be in keeping with international best practice.
The laws in Australia are also very contextual. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 includes 13 Australian Privacy Principles guiding the collection, use, storage, and disclosure of personal information, and access to and correction of that information. The amendment in 2014 will affect all Australia-based organizations that store any personal data about their customers including cloud and communication service providers.
Laws exist to protect the rights of the members of a society and to ensure that they do not have to protect those rights through their own actions. Philosopher, John Locke, argued that a society without laws would be one in which individual people only had as many rights as they could protect. In other words, you only had the right to life if you could keep others from killing you. According to Locke, societies devised laws and governments as a way to get themselves out of this state of nature. In this purview, laws exist in order to protect our most fundamental human rights. Because of the existence of laws and means to enforce them, we all have rights even if we would be too weak to protect those rights in a state of nature.
In this digital age, the strong connection between the right to privacy and data protection is prevalent, now more than ever before. All information of citizens, confidential and otherwise are held in diverse industries such as the health industry, education and insurance to name but a few, in the form of ‘data’. Thereby, I strongly feel a provision of the right to privacy, comes in perfect synchrony with provisions for data protection.
Finally, in pursuing a ‘democracy’, one must ask oneself, is not the right to privacy an integral element of this pursuit? As much as freedom of expression and speech are to be applauded, the parameters by which we as a society and as individuals operate needs protection of the highest order - from none other than the judiciary.