Mass surveillance and data protection in the digital age

The information leaked by Edward Snowden on the use by the United States and the United Kingdom of technologies that allow the indiscriminate collection of large amounts of data communications has caused great concern across Europe and has opened a debate on the impact of programmes of mass surveillance of communications on human rights. According to the case law of the European Court of Human Rights (ECtHR), such activities are an interference with the private lives of thousands of European citizens. This article analyses the guarantees that Article 8 of the European Convention on Human Rights (ECHR) provides for such interference and assesses whether these safeguards are sufficient in the case of extraterritorial surveillance. It also questions whether the Member States of the Convention are obliged to take measures to protect their citizens against surveillance contrary to the requirements.

2017

Whilst the political dust on mass surveillance is slowly settling down, what has become apparent is the uncertainty regarding the interpretation and application of the right to privacy norms under Article 17 of the International Covenant on Civil and Political Rights 1966 in the context of cyberspace. Despite the world-wide condemnation of these practices by, inter alia, the United Nations and international human rights organisations, little consensus has been reached on how to bring them in line with international human rights law. This paper proposes that the most pragmatic solution is updating Article 17 by replacing General Comment No.16. There are many issues that require attention. The paper focuses on two fundamental aspects of this process, namely the development of more detailed understanding of what is meant by the right to privacy in the 21st century, and the challenge posed by foreign cyber surveillance to the principle of extraterritorial application of human rights tre...

The International Journal of Human Rights

International Journal of Law and Information Technology, 2015

Recently, there have been a lot of intense discussions on how human rights treaties might apply to extraterritorial mass-surveillance programmes. In the light of an increasingly prominent role that data privacy is gaining in the UN agenda in recent months, this article aims to make an original contribution to the international data privacy discourse by scrutinizing the different approaches to customary international law formation and applying these insights to ‘data’ privacy—as opposed to a general right to privacy—to examine whether it could be considered as a binding legal principle under international law. The article argues that different perspectives on customary international law and their respective methodologies of ‘deduction’ and ‘induction’ have different implications for the analysis of data privacy. Whereas under the so-called traditionalist perspective it could be doubted that data privacy has developed into a rule of customary international law, modernist approaches lead to different conclusions. The modern theories stipulate that a steady advancement of technologies in combination with a continued emphasis on international security and the unprecedented shock that international community is undergoing because of mass-surveillance revelations and spying activities of Western and potentially other governments, constitute the circumstances or period of fundamental change—the so-called ‘international constitutional moment’, paving the path for the swift development of a new rule of customary international law—the right to data privacy. Recognizing the ‘relativity’ of the different findings and conclusions, the article favours the modern approach and infers that data privacy has indeed crystallized into a norm of customary international law.

SSRN Electronic Journal, 2017

There is a growing literature revolving around the role of non-State actors in the international law-making process. The starting point of this article is that although informal international lawmaking may not be legally binding, it would be unwise to dismiss it as legally irrelevant. Informal law-making can be relevant with respect to conceptualising and applying existing law, as well as guiding future regulation. The present discussion is placed in the context of cyberspace and, more specifically, the Internet standardisation bodies" informal law-making functions when creating Internet protocols by setting Internet standards. The article addresses the legitimacy and the ongoing work of the Internet Advisory Board and Internet Engineering Task Force in setting Internet standards with the aim to protect Internet users from mass surveillance and serious threats to privacy online. The article makes two main arguments. First, the effective protection of online privacy cannot be understood only in terms of compliance with legal frameworks but-in practice-that also needs to be secured through technological means. Second, in the area of online privacy informal law-making and international law converge in a distinctive way. Internet standards should not necessarily be seen as "living a parallel life" to law or as displacing or merely complementing the law. Technical standards and international law can actively inform one another and converge in their application. The analysis explores the implications of the Internet"s technical features to policy-making and legal reasoning by discussing State and judicial practice. The article demonstrates how the technical perspective on privacy informs and enriches the manner in which the legal advisor argues about privacy, the legislator articulates the interests at stake and the judge and practitioner interpret and apply international human rights law.

(2014) 37 University of New South Wales Law Journal 748-783, 2014

This article explores how Internet surveillance in the name of counter-terrorism challenges privacy. In the Part II, the article analyses the international dimension of counter-terrorism measures and the conceptualisation of data protection and privacy in the European Union, the United States of America and Australia. Part III compares the different concepts of data protection and privacy, and explores the prospects of an international legal framework for the protection of privacy. Part IV concludes that work on international data protection and privacy standards, while urgently needed, remains a long-term vision with particular uncertain prospects as far as anti-terrorism and national security measures are concerned.

HAL (Le Centre pour la Communication Scientifique Directe), 2013

In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of surveillance practices at stake, which represent a reconfiguration of traditional intelligence gathering, the study contends that an analysis of European surveillance programmes cannot be reduced to a question of balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The study argues that these surveillance programmes do not stand outside the realm of EU intervention but can be engaged from an EU law perspective via (i) an understanding of national security in a democratic rule of law framework where fundamental human rights standards and judicial oversight constitute key standards; (ii) the risks presented to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners, and (iii) the potential spillover into the activities and responsibilities of EU agencies. The study then presents a set of policy recommendations to the European Parliament. PE 493.032 EN This document was requested by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs.

Journal of Siberian Federal University. Humanities & Social Sciences, 2020

The article considers the legality of mass surveillance and protection of personal data in the context of the international human rights law and the right to respect for private life. Special attention is paid to the protection of data on the Internet, where the personal data of billions of people are stored. The author emphasizes that mass surveillance and technology that allows the storage and processing of the data of millions of people pose a serious threat to the right to privacy guaranteed by Article 8 of the ECHR of 1950. Few companies comply with the human rights principles in their operations by providing user data in response to requests from public services. In this regard, States must prove that any interference with the personal integrity of an individual is necessary and proportionate to address a particular security threat. Mandatory data storage, where telephone companies and Internet service providers are required to store metadata about their users’ communications ...

University of New South Wales law journal, 2014

This article explores how Internet surveillance in the name of counter-terrorism challenges privacy. In the Part II, the article analyses the international dimension of counter-terrorism measures and the conceptualisation of data protection and privacy in the European Union, the United States of America and Australia. Part III compares the different concepts of data protection and privacy, and explores the prospects of an international legal framework for the protection of privacy. Part IV concludes that work on international data protection and privacy standards, while urgently needed, remains a long-term vision with particular uncertain prospects as far as anti-terrorism and national security measures are concerned.

In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of surveillance practices at stake, which represent a reconfiguration of traditional intelligence gathering, the study contends that an analysis of European surveillance programmes cannot be reduced to a question of balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The study argues that these surveillance programmes do not stand outside the realm of EU intervention but can be engaged from an EU law perspective via (i) an understanding of national security in a democratic rule of law framework where fundamental human rights standards and judicial oversight constitute key standards; (ii) the risks presented to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners, and (iii) the potential spillover into the activities and responsibilities of EU agencies. The study then presents a set of policy recommendations to the European Parliament.