UN Privacy Expert Warns Governments against Releasing Personal Data without Safeguards

Prof. Joseph Cannataci of Malta The first UN Special Rapporteur on the right to privacy
Prof. Joseph Cannataci of Malta
The first UN Special Rapporteur on the right to privacy

Joseph Cannataci, the United Nations Special Rapporteur on the Right to Privacy has warned governments against releasing personal data under open data schemes unless privacy safeguards are “bulletproof”.

The UN Special Rapporteur on the Right to Privacy disclosed this in a report he submitted to the UN General Assembly in New York.

The report takes a look at the principles and guiding instruments put in place by countries around the globe when it comes to issues of privacy.

In his report, the Special Rapporteur expressed concern about the huge amounts of information being gathered about ordinary citizens without their knowledge or consent and thereofre called on governments not to release any personal data under open data schemes unless privacy safeguards are “bulletproof”.

The special Rapporteur described the impact of “big data” – huge data sets which contain structured or unstructured information – and open data on privacy as “alarming”.

Mr. Cannataci said: “I am concerned not just by the collection of this information, but that firms have the ability to sell or trade it and to link it to other data to produce a complex and detailed picture of a person’s life.”

The UN expert also raised concerns about the gap that exists in international law concerning surveillance and privacy in cyberspace; he called for this to be addressed in order to protect the rights of billions of citizens.

Mr. Cannataci  added that the “ right to privacy can never be absolute in the fight against crime and in national security, but democracies need checks and balances such as prior authorization of surveillance and the subsequent oversight of these activities, in order to preserve the very freedoms that define democracies.”

Part of the Special Rapporteur’s mandate would be to recommend to the Human Rights Council that it supports the discussion and adoption within the United Nations of a legal instrument that would provide Member States with a set of principles and model provisions that could be integrated into their national legislation embodying and enforcing the highest principles of human rights law and especially privacy when it comes to surveillance. He will also provide them with a number of options to be considered to help plug the gaps and fill the vacuum in international law and particularly those relating to privacy and surveillance in cyberspace.

The Special Rapporteur´s report to the Human Rights Council in March 2017 contains interim conclusions for a legal instrument regulating surveillance in cyberspace complementary to existing cyberlaw such as the 2001 Convention on Cybercrime. A pre-existing initiative, the European Union-supported Managing Alternatives for Privacy, Property and Internet Governance (MAPPING) project, is exploring options for a legal instrument regulating surveillance in cyberspace. A draft text is being debated by civil society and international corporations, and will be made available before spring, 2018.

Pending feedback during the consultation period to March 2018 and the results of on-going investigations and letters of allegation to Governments, the Special Rapporteur is considering the following recommendations for a more final version of the report to be published in or after 2018:

  • Open Data policies require clear statements of the limits to using personal information based on international standards and principles, including an exempt category for personal information with a binding requirement to ensure the reliability of de-identification processes to render this information appropriate for release as Open Data, and robust enforcement mechanisms.
  • Any open government initiative involving personal information, whether de-identified or not, requires a rigorous, public, scientific analysis of the data privacy protections including a privacy impact assessment.
  • Governments and corporations should actively support the creation and use of privacy-enhancing technologies.

The Special Rapporteur made further recommendations to be considered in dealing with Big Data: Governance, regulatory environment, inclusion of feedback mechanisms, Research.

Issues identified in the report are not confined to a few countries. The availability of vast new collections of data allows more and better reasoned decision-making by individuals, corporations and States around the globe, but poor management of privacy puts at risk their potential value.

Careful understanding and successful mitigation of risks to privacy, other related human rights, and ethical and political values of autonomy and fairness are required.

Data is and will remain a key economic asset, like capital and labour. Privacy and innovation can and do go together. Understanding how to use Big Data efficiently and share its benefits fairly without eroding the protection of human rights will be hard but ultimately worthwhile.

The report remains open for public consultation for the next six months and an international conference will be held in Australia in March 2018 to discuss its preliminary conclusions.

The UN welcomes feedbacks on ways to integrate the protection of privacy and innovation in the information economy.

Please visit here  for the full report.