[Home] [Databases] [WorldLII] [Search] [Feedback] EPIC --- Privacy and Human Rights Report

EPIC --- Privacy and Human Rights Report 2006

The UN Internet Governance Forum and Privacy

The World Summit on the Information Society (WSIS) was the first in the series of United Nations (UN) summits that deals with issues of the information society.[800] The WSIS process followed an earlier initiative by UNESCO to promote Internet access[801] and has now been followed by a new initiative, The Internet Governance Forum to address ongoing issues associated with the growth of the Internet.

The WSIS Summit was split into two phases, the first which concluded in Geneva in December 2003, and the second which concluded in Tunis in November 2005. The UN General Assembly first initiated the Summit process in 2001. The task of the Summit is not a small one: to develop a "common vision of the information society." Because of the general feeling that this could not be done by governments alone, the summit process allowed limited participation of observers in a multi-stakeholder process.

At the Geneva summit meeting governments adopted a Declaration[802] and Plan of Action,[803] and established a UN Working Group on Internet Governance. How big the Summit's impact will be in the end will depend more on the momentum and networks created by the summit process, not by the two texts it adopted. In the end this is actually beneficial in the interest of privacy and human rights development, as the texts themselves fell short in these areas. Civil society worked to improve these documents, to center them around human rights, but was forced to issue separate documents: "Shaping Information Societies for Human Needs: Civil Society Declaration to the World Summit on the Information Society,"[804] and "Civil Society Essential Benchmarks for WSIS."[805]

As the idea for the summit had developed first in the International Telecommunications Union (ITU), the telecommunications body of the UN, the initial focus was very technology-centered. Mainly because of the efforts of a global coalition of activists and academics from civil society groups, the general discussion moved from "information" to "society" over the course of the summit preparations. One outcome was that human rights gained a prominent place in the Geneva Summit Declaration and Plan of Action.[806] The Universal Declaration of Human Rights is underlined in the first paragraph of the Summit Declaration, and its Article 19 on freedom of speech is quoted as "central to the Information Society."

Because the summit preparations took place in the context of the global "war on terrorism," one of the most discussed topics was security.[807] The United States and the Russian Federation placed particular emphasis on this matter. This was enforced by developments in other international organizations, like the Council of Europe,[808] the OECD[809] or even the UN General Assembly,[810] where cyber-security or similar topics have moved up the agenda in recent years. The respective paragraph of the WSIS summit declaration ends with an explicit reference to the war on terrorism: "It is necessary to prevent the use of information resources and technologies for criminal and terrorist purposes, while respecting human rights."

In this context, the protection of privacy was not a popular goal. The first drafts of the summit declaration made no reference to privacy at all. Civil society groups were concerned about the strong focus on security in the whole text. In their view, security is a vague political goal that can be higher or lower on the agenda depending on day-to-day politics. Privacy and other human rights and civil liberties, on the other hand, are constitutional fundamentals of every democracy that must not be violated for the sake – or, as often is the case, under the guise – of security.

The international NGO network active in the WSIS-process, mainly the Privacy and Security Working Group and the Human Rights Caucus, advocated for the insertion of a new paragraph specifically on privacy and for placing it at the beginning of the "Security" section of the Summit Declaration.[811] However, the whole debate in the Intergovernmental Drafting Group on Security was overly centered around the security language, so that no delegation wanted to insist strongly on privacy. Privacy was only later mentioned in the Summit Declaration due to the efforts of a few countries and political entities, including the European Union, Switzerland, Brazil, and Australia. It now calls for a "global culture of cyber-security," in particular for strengthening a "trust framework, including information security and network security, authentication, privacy and consumer protection." Here, privacy and security as well as authentication and consumer protection are seen as parts of a holistic strategy. Only "within this global culture of cyber-security, is [it] important to enhance security and to ensure the protection of data and privacy, while enhancing access and trade," the summit declaration continues. Privacy did not gain nearly such a prominent role as freedom of speech or other human rights.

Even the private sector itself had suggested more specific privacy language in the summit declaration. For example, the Coordinating Committee of Business Interlocutors, a committee that had been set up for the WSIS by the International Chamber of Commerce, had asked for "effective privacy protection of personal data."[812]

The Plan of Action that was also adopted by the Summit is generally vague. It was intended to facilitate the implementation of the principles espoused in the Declaration and provides concrete measurements of progression in the vision of the Information Society. Besides some initiatives like linking every school and library in the world to the Internet by 2015, there are no clearly defined benchmarks or schedules for implementation. The second phase of the Summit that ended in Tunis in November 2005 has not brought substantial progress here.

The paragraph of the Action Plan that deals with security and privacy does not mention the "war on terrorism," but is still mainly focused on security and makes an implicit reference to the Council of Europe's Cybercrime Convention. Of the 10 initiatives suggested by the action plan in the context of security and privacy, only one specifically mentions privacy, but only calls for "user education and awareness," specifically about "online privacy and the means of protecting privacy."[813] There is no reference to specific measures or initiatives governments or private corporations should take as the major users of personal information.

The second Summit phase mainly involved discussions on implementation and follow-up, financing, and Internet governance. The Working Group on Internet Governance (WGIG),[814] an independent body set up by the UN Secretary-General in November 2004 with a mandate from the Geneva WSIS Summit, was tasked with developing a report that defines "Internet governance," identifies related public policy issues, and develops a common understanding of the respective roles and responsibilities of the different stakeholders. The WGIG had a balanced membership from governments, the private sector, civil society, and international organizations. The group conducted regular open online and offline consultations and produced a number of draft "issue papers." One of these dealt with "consumer protection and privacy."[815] Its content included language like "while privacy is recognized as a human right, it is a right that balances the competing and legitimate interests of government and business to intrude upon privacy under law."[816]

The WSIS NGO coalition suggested including privacy as a key element of the WGIG's deliberations, because "in an 'Information Society,' where almost all attributes of an individual can be known, interactions mapped, and intentions assumed based on records, the need for protection of privacy is more crucial than ever."[817] Like many other stakeholders, the International Working Group on Data Protection in Telecommunications (IWGDPT)[818] also submitted input to the WGIG and referred to its "Ten Commandments to protect Privacy in the Internet World."[819]

The report of the WGIG was published on July 15, 2005.[820] While the centre of discussions had been around the unilateral control of core Internet resources by the US government, the report also deals with other Internet governance issues like interconnection costs, multilingual domain names, spam, and intellectual property rights. It contains a paragraph on data protection and privacy rights. The WGIG states that there is "a lack of national legislation and enforceable global standards for privacy and data-protection rights over the Internet," and recommends to the Summit to "encourage countries that lack privacy and/or personal data-protection legislation to develop clear rules and legal frameworks, with the participation of all stakeholders, to protect citizens against the misuse of personal data, particularly countries with no legal tradition in these fields." It also suggests a revision of the privacy policies for the WHOIS databases according to privacy legislation in the country of the registrar and the registrant, and the development of open technical proposals for privacy requirements for global electronic authentication systems. The WGIG recommends that "arrangements and procedures between national law enforcement agencies" should be "consistent with the appropriate protection of privacy, personal data and other human rights," and to "ensure that all measures taken in relation to the Internet, in particular those on grounds of security or to fight crime, do not lead to violations of human rights principles." The WGIG background report includes a lengthy paragraph on privacy that begins by stating that privacy "becomes even more important over the Internet, where the intrinsic nature of the Internet makes it possible to effectively track an individual in cyberspace and use information about him/her illegally or without authorization. Threats to personal privacy increase the mistrust towards the Internet."[821]

The strong emphasis on privacy protection in the Working Group's report is an improvement compared to the Geneva Summit documents from 2003. However, the WGIG was not a negotiating body, and its report only makes recommendations to governments. The privacy and other human rights emphasis from this report might easily get lost, as the main focus, and the reason the Working Group was set up in the first place, is the international struggle around unilateral US government control over the Internet names and numbers authorities.

The second WSIS meeting in Tunis produced the Internet Governance Forum (IGF).[822] The IGF, run by the IGF Secretariat was formed to “support the United Nations Secretary-General in carrying out the mandate from the World Summit on the Information Society (WSIS) with regard to convening a new forum for multi-stakeholder policy dialogue.”[823] The Inaugural Meeting of the IGF took place in Athens, Greece from October 30 – November 2, 2006, where more than 1,200 government, private, academic and civil society representatives discussed issues of Web governance.

Attendees agreed to launch "dynamic coalitions," multi-stakeholder groups that work together on a common issue through the use of online collaboration tools and meetings. As an outcome of two workshops on “Privacy and Identity” and on “Privacy and Development” as well as other discussions, almost 50 groups, including EPIC, France's Foreign Ministry, Privacy International and the World Bank, joined to create the Dynamic Coalition on Privacy.[824] The group aims to further develop and clarify the public policy aspects of privacy in Internet governance. The group will focus on the issues of digital identities, the link between privacy and development, and the importance of privacy and anonymity for freedom of expression. The Dynamic Coalition has issued draft papers on each of these topics. The Public Voice project is also working to promote civil society participation in decisions concerning the future of the Internet.[825]

The Government of Brazil will host the second IGF meeting. It will take place in Rio de Janeiro on November 12-15, 2007. In addition to finalizing the three issue papers, the Dynamic Coalition on Privacy will participate in workshops, meetings and full sessions of the Rio event.[826] However, many of the same problems present in the WSIS process are occurring at the IGF. The scope of the IGF’s mandate is still unclear. Paragraph 72g of the Tunis Agenda mentions as part of the IGF mandate to “make recommendations,” but until now there has been little discussion regarding final work products or consensus documents resulting from the ongoing work of the coalitions or from the workshops and discussions in Rio. Also, the agenda of the second IGF meeting did not originally include privacy as a topic.[827] Privacy was subsumed under the “security” subject heading, due to the efforts of members of the Dynamic Coalition on Privacy.

[800] It is also the first summit that takes place in two parts: The first summit meeting was held in Geneva in December 2003, the second one will be in Tunis in November 2005. Official web site <http://www.wsis.org>. For an extensive overview of WSIS, see EPIC, The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society (Washington DC 2004). WSIS Civil Society news and documents are available at <http://www.worldsummit2005.org>.
[801] UNESCO, “INFOethics 2000: Right to Universal Access to Information in the 21st century,” <http://webworld.unesco.org/infoethics2000/index.html>.

[802] WSIS Declaration of Principles: Building the Information Society: a Global Challenge in the New Millennium, Document WSIS-03/GENEVA/DOC/4-E, December 12, 2003, available at <http://www.itu.int/wsis/documents/doc_multi.asp?lang=en&id=1161|1160>.
[803] WSIS Plan of Action, Document WSIS-03/GENEVA/DOC/5-E, December 12, 2003, available at <http://www.itu.int/wsis/documents/doc_multi.asp?lang=en&id=1161|1160>.
[804] Shaping Information Societies for Human Needs: Civil Society Declaration to the World Summit on the Information Society, December 8, 2003 <http://www.wsis-cs.org>.
[805] Civil Society Essential Benchmarks for WSIS, November 3, 2003 <http://www.prepcom.net/wsis/1069062981246>.

[806] WSIS Declaration of Principles: Building the Information Society: a Global Challenge in the New Millennium, supra; WSIS Plan of Action, supra.

[807] For a more comprehensive analysis of the security and privacy discussions before the summit, see Ralf Bendrath, National Security or Civil Liberties? WSIS Debate on Security Issues in Deadlock, in Heinrich Boell Foundation (Ed.): Visions in Process. World Summit on the Information Society. Geneva 2003 - Tunis 2005 (Berlin 2003) <http://www.worldsummit2003.de/download_de/Vision_in_process.pdf>.
[808] Council of Europe, Convention on Cybercrime, November 2001 <http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm>.
[809] Organization for Economic Cooperation and Development (OECD): Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, June 2002 <http://www.oecd.org/dataoecd/59/0/1946946.pdf>.
[810] UN General Assembly: Resolution 57/239,Creation of a Global Culture of Cybersecurity, 78th plenary meeting, December 2002 <http://ods-dds-ny.un.org/doc/UNDOC/GEN/N02/555/22/PDF/N0255522.pdf>.

[811] The paragraph would have read "The right to privacy is a human right and is essential for self-determined human development in regard to civic, political, social, economic, and cultural activities. It must be protected online, offline, in public spaces, at home and in the workplace. Every person must have the right to decide freely whether and in what manner he or she wants to receive information and communicate with others. The possibility of communicating anonymously must be ensured for everyone. The collection, retention, use and disclosure of personal data, no matter by whom, should remain under the control of and determined by the individual concerned." Crucial Issues for Privacy and Security Working Group, Geneva, September 22, 2003.

[812] Paragraph for the Declaration of Principles suggested by the Coordinating Committee of Business Interlocutors, August 27, 2003. Italics added.

[813] "Governments, and other stakeholders, should actively promote user education and awareness about online privacy and the means of protecting privacy," WSIS Plan of Action, Para. 12 c).

[814] <http://www.wgig.org>.
[815] <http://www.wgig.org/docs/WP-Consumer.pdf>.
[816] WGIG, Draft Issues Paper on Consumer, User Protection and Privacy, February 2005 <http://www.wgig.org/docs/WP-Consumer.pdf>.

[817] Statement of the Civil Society Privacy and Security Working Group (PSWG) at PrepCom2, February 24, 2005 <http://www.itu.int/wsis/docs2/pc2/plenary/24feb-privacy.doc>. It should be noted that this was the first ever civil society intervention in the WSIS process that was read in Arabic. See also the PSWG comment to the WGIG issue paper on Cybersecurity and Cybercrime <http://www.wgig.org/docs/CommentWSIS-CS3.doc> and the two PSWG comments on Consumer Protection and Privacy <http://www.wgig.org/docs/CommentWSIS-CS1.doc> and <http://www.wgig.org/docs/CommentWSIS-CS2.doc>. All comments to the WGIG are available at <http://www.wgig.org>.
[818] Home page <http://www.datenschutz-berlin.de/doc/int/iwgdpt/tc_en.htm>.
[819] International Working Group on Data Protection in Telecommunications, Comments on WGIG Draft Issues Paper on Consumer, User Protection and Privacy, April 12, 2005, available at <http://www.wgig.org/docs/Letter-IWGDPT.pdf>.

[820] <http://www.wgig.org/docs/WGIGREPORT.pdf>. Translations into all UN working languages are available at <http://www.wgig.org>.
[821] The Working Group on Internet Governance, Background Report, June 2005, Para 141 <http://www.wgig.org/docs/Background-Report.htm>.

[822] Tunis Agenda for the Information Society, WSIS-05/TUNIS/DOC/6(Rev. 1)-E, November 18, 2005, available at <http://www.itu.int/wsis/docs2/tunis/off/6rev1.html>.
[823] Homepage <http://www.intgovforum.org/>.

[824] Homepage <http://igf2006.info/wiki/Privacy>.
[825] <http://www.thepublicvoice.org/>.

[826] Dynamic Coalition on Privacy Third Progress Report, May 23, 2007, available at <http://userpage.fu-berlin.de/~bendrath/privacy-coalition/Dynamic-Coalition-on-Privacy-PR3.pdf>.
[827] Id.