UN Cyber Norm E | Respect human rights privacy

States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression.

What is it about?

Norm (e) emphasises that countries should uphold and protect human rights and freedoms for people both online and offline, in line with their international obligations. It highlights the importance of rights like freedom of expression, which includes the ability to seek, receive, and share information across borders using any form of media. These rights are outlined in global agreements such as the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights, and the Universal Declaration of Human Rights.

Why is it relevant?

This norm confirms the use of ICTs may pose a threat to human rights, and highlights that states should use and prevent the abuse of ICTs in a manner consistent with respect for human rights. In the digital age, where information and communication technologies (ICTs) are pervasive, protecting human rights, particularly the right to privacy, becomes crucial. Practices like arbitrary or unlawful mass surveillance by states can severely impact individuals’ ability to enjoy their rights freely and without interference.

Following this norm not only supports human rights but also helps in combating discrimination and reducing inequalities in access to digital technologies, including those based on gender. It encourages countries to ensure that their laws, policies, and practices respect these rights in the digital age, promoting a fair and inclusive online environment for everyone.

How is it implemented?

In accordance with the clarification provided by states in the UN GGE 2021 report, the implementation of this norm involves several key steps:

Aligning with International Human Rights law: In establishing domestic laws, States should comply with international human rights law, particularly the right to privacy. This includes adhering to customary international law standards and relevant treaties if the state is a party to them. States also should implement effective procedural safeguards, which may include independent prior authorization before initiating surveillance, and ensuring these mechanisms are adequately resourced and independent to prevent abuse of surveillance powers.
Ensuring data protection regimes: States should ensure data protection frameworks at domestic level, as well as at regional and international levels. Resources should be allocated to identify areas of convergence among different legal systems’ data protection standards.
Refraining from prohibitions for encryption and anonymizing technologies: States should refrain from outright prohibitions or regulations that effectively ban individual use of encryption technology. Such measures excessively restrict privacy and freedom of expression rights. Mandates requiring back-door access in commercial products should also be avoided as they pose unnecessary and disproportionate restrictions on privacy and freedom of expression.
Promoting freedom of expression and access to ICTs: States should ensure all individuals, regardless of background, have access to a widely available, accessible, and affordable Internet.
Managing emerging technologies: States should recognize potential human rights impacts of new technologies. They should invest in technical and legal measures guiding ICT development to ensure inclusivity, accessibility, and non-discrimination, while mitigating harm to vulnerable groups.
International collaboration: Collaboration with international bodies, civil society, and private sectors enhances best practices sharing, capacity-building, and standard development. This strengthens collective efforts in addressing global ICT-related challenges and promoting human rights globally.
Contribution to Sustainable Development Goals (SDGs): Implementing this norm can support achieving SDGs related to gender equality, reducing inequalities, and promoting peaceful societies. By ensuring fair ICT access and protecting human rights, states can foster broader socio-economic progress.

Who are the main actors?

Despite the fact that norm address responsible state behaviour and targets UN Member States, there are additional actors who could play a role in the implementation of the norm:

International organisations: Bodies like the United Nations, the Council of Europe, and regional organisations often set norms and guidelines that states can adopt or adhere to. They also facilitate cooperation and provide technical assistance to states in implementing the relevant norms.
Civil society organisations (CSOs): Non-governmental organisations (NGOs), advocacy groups, and watchdog organisations play crucial roles in monitoring state actions, raising awareness about human rights issues, and advocating for policy changes. They often collaborate with states and international bodies to ensure that human rights are protected and respected.
Technology companies: Private sector entities, especially technology companies and internet service providers, have a direct impact on privacy and freedom of expression through their products and services. They can adopt responsible practices, such as implementing strong encryption, protecting user data, and promoting freedom of expression on their platforms.
Academic and research institutions: Academia contributes to the understanding of human rights challenges in the digital realm through research, analysis, and the development of best practices. They can provide expertise and guidance to states and other stakeholders on the implications of ICTs for human rights.
Media and journalism organisations: Independent media and journalism organisations play a crucial role in promoting freedom of expression and transparency. They can expose abuses of surveillance and censorship practices, thereby raising public awareness and pressuring governments to uphold human rights standards.

Where is it discussed?

The UN Open-ended working group (OEWG) remains the one and only process where all UN Member States discuss the implementation of the agreed norms, including this norm, on a regular basis. However, within other UN bodies, states discuss human rights issues such as Human Rights Council, General Assembly, specialised agencies such as UNESCO and ITU which also focus on aspects like freedom of expression and telecommunications regulations.

States implement these norms domestically, including through adopting acts and policies at a national level, and may also engage in regional cooperation to enhance cybersecurity. For instance, Council of Europe, European Union, African Union, Organisation of America States and others discuss digital rights and address data protection.

Multistakeholder platforms such as Internet Governance Forum (IGF) facilitate discussions among stakeholders including governments, civil society, academia, and the private sector on internet policy and digital rights. The Global Forum on Cyber Expertise (GFCE) also promotes international cooperation in cybersecurity capacity building, including human rights considerations.

Civil society and non-governmental organisations’ conferences, e.g. RightsCon help address human rights in the digital age. Technology companies and industry associations also host conferences and participate in initiatives focused on responsible use of ICTs, privacy protection, and freedom of expression.