Side event: Human Rights in Cyberspace
The event was co-organised by the Permanent Missions of Israel and Germany to the UN in Geneva, and the Law and CyberSecurity research program at the Hebrew University’s Cybersecurity Research Center in Jerusalem. It addressed the existing legal framework in the light of new technological developments, discussing the applicability of existing human rights instruments to activities in cyberspace.
The panel focused, first, on the regulatory responsibility of the state to respect, promote and protect in cyberspace. Second, the roles and responsibilities of multiple stakeholders, including states, inter-governmental organisations, IT companies, and online communities. Finally, the discussion addressed the updated interpretations of existing rights, and the need for reflection on how existing human rights could create new obligations with regards to modern digital technology:
the right to access cyberspace as a consequence of the right to enjoy the benefits of scientific progress (pursuant to Article 15 (b) ICESC) and to operate therein free from discrimination (pursuant to Article 2 ICESC),
the entitlement to exercise control over information and data pertaining to oneself (information self-determination and data portability), including the ‘right’ to data protection, the so-called right to be forgotten
the capability to exercise control over digital life after physical death (pursuant to the right to privacy Article 17 ICCPR / 12 UDHR), or – when following the UN Guiding Principles on Business and Human Rights – a responsibility of ICT companies to enforce their terms of service in the spirit of due process
The event was introduced by the opening remarks of Amb. Aviva Raz Shechter, the Permanent Representative of the State of Israel to the UN in Geneva, and Amb. Antje Leendertse, Permanent Representative of the Federal Republic of Germany to the UN in Geneva. Both Ambassadors recalled the Human Rights Declaration’s 70th anniversary, as well as the 25th anniversary of the Vienna Declaration, introducing the right to benefit from scientific progress. Additionally, Leendertse put emphasis on the fact that human rights exist online as well as offline. The event was moderated by Ms Peggy Hicks, director of Thematic Engagement, Special Procedures and Right to Development Division, OHCHR, who introduced the panel discussion.
The first panellist was Prof. Dr Anja Seibert-Fohr, chair of international law and human rights at the University of Göttingen, who talked about the challenges of applying international human rights law to cyberspace. Seibert-Fohr stated that the challenges for human rights in the digital era are not entirely new, arguing that a framework already exists – namely art. 17 of the International Covenant on Civil and Political Rights. In 1988, the article was already the subject of a general comment in relation to the prohibition of electronic surveillance.
The topic of cyber-protection evolved in such a manner that today, it is mostly regarded through the lens of surveillance. The Human Rights Committee discussed whether a state can require that a private company retain private data and to what extent art. 17 applies to communication intercepted from outside the country. In this regard, she recalled that, as specified by the Human Rights Committee, interference must never be arbitrary. Interference with privacy can only be done for specific and targeted aims. A surveillance mandate needs to specify the necessary safeguards in order to respect the principle of proportionality. The committee pushes for a specific legal framework regarding surveillance, and emphasises the need for domestic independent oversight mechanisms overseeing surveillance. Moreover, according to Seibert-Fohr, targets of surveillance should receive a notification of an intrusion into their privacy.
Finally, she addressed the extension of the applicability of art. 17 to transnational communications. In line with traditional jurisprudence, as soon as a state party exercises jurisdiction outside the boundaries of its country, International Law applies, regardless of the location and the status of the person surveilled. Surveillance outside a country is therefore necessarily subjected to international law. The committee has recognised the need for strict rules for data gathering in cases in which companies are ordered by states to save private information for a period of time, and that an agreement must be found on what time-frames ought to be acceptable.
The second panellist was Prof. Yuval Shany from the Hebrew University of Jerusalem and Member of the Human Rights Committee. Shany spoke about the potential overlaps and gaps between offline and online human rights. Trying to identify some gaps, he mentioned three clusters in the development of human rights in cyberspace. The clusters are defined by intergovernmental organisations:
The first cluster regards the basic assumption that human rights apply offline and online without distinctions. Stressing this argument, the Internet is described as a common and inter-operable resource, necessary as tool for development and the exercise of human rights.
The second cluster regards the responsibility of states to facilitate access to the Internet, while providing a comprehensive and effective Internet governance based on the principles of human rights.
The third cluster is about the rising influence and role of other stakeholders: private sector, civil society, and academia. In this regard, the he raised the importance of corporate social responsibility.
Recalling that human rights apply online, challenges can be identified in the following questions: how do we apply universal human rights online when we have a digital divide? Do we protect fake news under the freedom of expression? He then conceptualised three generations of digital rights:
The 1st generation, which regards the applicability of offline human rights to cyberspace.
The 2nd generation of human rights online that protect online activity which does not have an offline parallelism (i.e. the right to access to the Internet); informational self-determination (which is related but not limited to the right to privacy and dignity), the right to data portability, and right not to be subject to automated algorithms, to cite a few.
The 3rd generation of human rights online about the ‘digital persona’ who can live online long after death because of the information kept in cyberspace. Relating to this, a potential trajectory could be interpreting the 2nd generation as the fundamental rights for the digital persona.
Finally, he argued about the need to develop a new understanding of rights in the digital age and to create a new body in which states do not necessarily occupy the central role any more, but in which different governance perspectives and expertise from other stakeholders should be considered.
The third panellist was Ms Ilia Maria Siatitsa, a research fellow at the Geneva Academy. Her presentation was entitled, 'The special challenge of regulating on-line speech’. Therein she underlined the large-scale enjoyment of freedom of speech since the introduction of information and communications technologies (ICTs), recalling the importance of art. 19 of the International Covenant on Civil and Political Rights, the right to freedom of expression. She noted that this right should not be viewed as an absolute right but that it is indeed subject to certain restrictions. Furthermore, she pointed out that the private sector fully controls access to private space. Thus, the risk of over-regulation is eminent, especially with regards to the removal of online content. She argued that online content is increasingly being removed, not on legal grounds, but because companies try to avoid sensible topics. She further criticised the fact that there is little information given by the censoring bodies on the implementation and interpretation of terms of agreements that should lay out the grounds on which content is being taken off.
Challenges in regulating online speech also come from the fact that moderating systems are being automated and cannot distinguish between different forms of communication and information-sharing. In cases where human moderators are hired to overview critical content, there have been reported cases in which content was taken down due to pressure from companies on their employees for private interests, rather than on legal grounds. Furthermore, Siatitsa pointed to the fact that victims are often not informed about the way they have been targeted.
Finally, more recent threats concerning over-regulation regard governments adopting laws to increase pressure on companies to regulate online content. Laws to take down content within 24 hours have been criticised by the Human Rights Council for leading to arbitrary censorship of content to avoid risks of being fined. Thus, the discussion is still open and keen to evolution and developments of the topic.
The last panellist was Mr Jean-Yves Art Sr, director of strategic partnerships, Microsoft, who talked about the role of the IT industry in the protection and promotion of online human rights. From the private sector’s perspective, he argued about the responsibility of private companies in protecting human rights, adding two main arguments. First, he argued that ‘the violation of human rights online takes place on a basis of assets that belong to the private sector’. Therefore, the private sector is the first respondent to those attacks on human rights. Second, the ’IT sector owns assets that are fundamental for the full enjoyment of human rights’.
He then, shared a technical and personal perspective in how Microsoft deals with government requests to remove contents in three reactions: complains check, notification to the user, and transparency policy. In the complains check phase, they try to understand the reason behind the request and what the information would be used for. This phase is then followed by a notification to the users, that could take place before or after the sharing of information. Finally, he recalled the efforts done by Microsoft in publishing 70% of all the received requests to remove contents.
Addressing the second point he raised, the private companies as players in enabling human rights, he stressed the role of the IT private sector in facilitating online access, addressing issues such as lack of access, infrastructure and skills. Finally, he concluded his argument with the need of more specific norms and legislation on the limits that should be respected in order to promote and enhance the exercise of human rights.