FOC Issues New Joint Statement on Human Rights Impact of Cybersecurity Laws, Practices and Policies


downloadThe Freedom Online Coalition (FOC), a 31-member inter-governmental alliance advancing Internet freedom, on February 6, 2020, launched a Joint Statement on Digital Inclusion expressing concern over the persistence of digital divides, and support for measures to promote digital inclusion. It called for actions to address identified challenges in the Joint Statement issued at the opening of the 8th Annual Freedom Online Conference held in Accra, Ghana, on February 6 and 7, 2020.

The Statement reaffirms and builds on commitments the FOC made in 2016, while elaborating further on the human rights-based approach to cybersecurity as a basis for strengthening cybersecurity, promoting stability in cyberspace, and promoting emerging technologies that are trust-worthy whilst ensuring the protection of all online users.

It contains recommendations for national cybersecurity practices and international cybersecurity processes and is based on recommendations developed by the multistakeholder FOC working group.

It emphasized that individual security, whether offline or online, should be a core purpose of cybersecurity, emphasizing that a secure Internet is central to the respect for human rights in the digital context.FOC pointed out that cyberattacks have also imperilled individuals’ safety, both because some cybersecurity laws have suppressed human rights and fundamental freedoms, and because malicious actors have undermined individuals’ safety online.

It noted that it was for this reason that the FOC in 2016 adopted a statement on human rights-based approach to cybersecurity, which affirms that “human rights and cybersecurity are complementary, interdependent and mutually reinforcing, and that cybersecurity policies and practices should be rights-respecting by design.”

The FOI took cognizance that new cybersecurity challenges have emerged since 2016 and that numerous new national policies, laws and practices have been developed and adopted to respond to these. It nonetheless reemphasized that its recommendations on human rights and cybersecurity remain relevant.

Reaffirming the recommendations of the FOC working group on human rights-based approaches to cybersecurity ( and the Tallinn Agenda, which confirmed that the same rights that people have offline must also be protected online and that respect for human rights and security online should be treated as complementary concepts, the FOC made the following recommendations:

  • States need to comply with their obligations under international human rights law when considering, developing and applying national cybersecurity policies and legislation.
  • States need to develop and implement cybersecurity-related laws, policies and practices in a manner consistent with international human rights law, and seek to minimise potential negative impacts on vulnerable groups and civil society, including human rights defenders and journalists. This includes building, where appropriate, supporting processes and frameworks for transparency, accountability, judicial or other forms of independent and effective oversight, and redress towards building trust. It may also include embedding the principles of legitimacy, legality, necessity or proportionality into policy and practice.
  • Cybersecurity-related laws, policies, and practices should be developed through ongoing open, inclusive, and transparent approaches that involve all stakeholders.
  • States should promote international cooperation on cyber issues that focuses on protecting and upholding human rights in order to build mutual trust between all stakeholders.
  • States should seek to implement the rules, norms and principles of responsible State behaviour contained in the (2010, 2013, 2015) consensus reports of the UNGGE.
  • States should find ways to draw attention to acts contrary to these rules, norms and principles of responsible State behaviour in order to increase accountability, transparency and help build patterns of responsible behaviour.
  • As humans are directly impacted by potential threats in cyberspace, including cyberattacks, due attention should be paid to the human dimension of cybersecurity. This includes direct and indirect harm to individual well-being manifesting itself in a range of ways including loss of life, loss of access to vital services, financial loss, undermining of democratic institutions and processes, suppression of the rights to freedom of expression and freedom of association, and failure to respect the right to be free from arbitrary or unlawful interference with privacy, etc.
  • In compliance with best practice data protection laws and regulations, States should consider, as appropriate, collecting and sharing data, as well as funding research, on the nature and scale of these aforementioned harms, to underpin and drive a human-focused international cybersecurity capacity building agenda.
  • States should encourage education, digital literacy, critical thinking, information exchange and technical and legal training as a means to improve cybersecurity and build collective capacity at local, regional, and global levels.
  • States should encourage private sector actors to adhere to the UN Guiding Principles on Business and Human Rights, to improve their accountability and to share best practices in this respect and help to share lessons learned.
  • States should encourage private sector actors to promote and practice good cyber hygiene.

To download and read the full statement, please click on FOC Statement on Human Rights and Cyber Security.