comments by Data Protection Unit – CoE
Council of Europe
Directorate General
Human Rights and Rule of Law
Information Society – Action against Crime Directorate
Information Society Department
Data Protection Unit
The Data Protection Unit of the Council of Europe welcomes the report “The age of digital interdependence” of the High Level Panel (`Report`) and its aim to “underscore the fact that universal human rights apply equally online as offline” in the digital age. We strongly support its emphasis to build on existing human rights frameworks and conventions and on the need of reassessing their implementation in the digital environment.
In a digitally interdependent world, the right to private life as enshrined in Article 12 of UNDHR, Article 17 of the International Covenant on Civil and Political Rights and in Article 8 of the European Convention of Human Rights, is and will increasingly be “an enabling right” which would, in simple terms, enable the exercise and full enjoyment of other human rights and fundamental freedoms. It will also remain the core factor in preserving human dignity and individual’s right to informational self-determination.
In this vein we would certainly support further work to protect individuals in the digital age and explore how the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”), which is the only global, legally binding multilateral instrument on the protection of privacy and data protection, could better contribute to the implementation of the recommendations of the Report.
Convention 108 was open for signature in 1981 and since then, it has influenced various international (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data), regional (EU, African Union) and national privacy legislations. Convention 108 currently counts 55 parties and some 25 observers. Beside the work related to the implementation of the Convention itself, the Council of Europe has already produced reference documents in important areas such as Artificial Intelligence, Big data, health related data, media and privacy, internet governance, data processing by law enforcement, etc. It is worthwhile mentioning that Convention 108+ (as amended by the protocol CETS No. 2231) is seen to become the international standard on privacy in the digital age by the UN special Rapporteur on the right to privacy as well who has already recommended “to all UN Member States to accede to Convention 108+” in two of his reports2. By joining Convention 108+ any country would participate at the highest possible level of the common international law in shaping the future of the right to private life while contributing to maintain the free flow of data globally.
Therefore we would strongly support efforts to further promote the application of the core provisions of the modernised Convention 108 throughout the IGF and its constituencies (notably the application of high level data protection principles for online data processing, the right choice of legal basis for the processing of personal data, its requirement on transparency from the data controllers’ side, the possibility for data subjects to exercise their rights with special attention to the new generation of rights, the high level data security, a transborder data flow regime based on an appropriate level of protection of individuals, the lawful use of exceptions for instance for national security and law enforcement purposes and the establishment of independent regulatory authorities with a mandate and effective powers to oversee the application of these principles and provisions).
In the digital age our focus should remain on two objectives: free flow of data and respect for human dignity, as stated in the Preamble of the Protocol amending Convention 108: “(…) it is necessary to secure the human dignity and protection of the human rights and fundamental freedoms of every individual and, given the diversification, intensification and globalisation of data processing and personal data flows, personal autonomy based on a person’s right to control of his or her personal data and the processing of such data”. Therefore we would suggest that further considerations be given to the recommendations of the Report in the following areas:
- The right to privacy has to be guaranteed by existing open, multilateral conventions with reference to the statement in Recommendation 3a. In achieving this, further efforts are to be deployed at the IGF level to encourage UN member states to accede to Council of Europe modernised Convention 108 and to ensure the application of its principles and provisions by other stake- holders.
- With reference to peer-to-peer information sharing as described on page
14, we believe that in addition, a real mechanism for joint actions open for regulatory and law enforcement authorities is to be put in place at the IGF to effectively protect individuals in the digital space (for example by a 24/7 alert mechanism, designation of focal points in national administration and in stakeholders’ structures, etc.). - Furthermore, we would urge as referred to on page 18 in the sub-chapter
3.1 “Human Rights and Human Agency” in title “The right to privacy” that main definitions and principles are agreed upon and applied within the IGF in connection to the right to privacy (e.g.: definition of privacy, personal data, special categories of data, the right choice of legal base for the processing, accountability of data controllers, enforcement of rights, etc.). - We would recommend tackling the issues and considerations pertaining to the right to privacy jointly with those pertaining to cyber-security (cyber- resilience) and fight against cyber-crime.
- We support any action as described on page 19 in sub-chapter 3.2 to build “Trust and social cohesion” and would recommend further emphasis on the question “How can trust be promoted in the digital age”. We believe that specific forum have to be created within the IGF, based on multi-stakeholder participation to effectively promote the free flow of data while guaranteeing an appropriate level of protection for individuals as enshrined in modernised Convention 108 and to deliver viable solutions for users, in a timely manner and without any discrimination.
____
1 https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=09000016807c65bf
2 2018 Annual Report on the Right to Privacy (Report A/73/45712) and Annual Report of 1 March 2019 to the UN Human Rights Council (Report A/HRC/40/63)
For reference please see also the Comments by the Council of Europe’s Information Society Department on the Report of the UN Secretary General’s High-level Panel on Digital Cooperation
Recent Comments on this Site
3rd July 2023 at 2:58 pm
I agree with Michael’s comment.
See in context
3rd July 2023 at 2:56 pm
This first message makes no sense. Please take into consideration the comment made by Torsen.
See in context
3rd July 2023 at 2:37 pm
3 The Ukrainian Internet resilience is impossible without worldwide cooperation, help and support. There are very good examples of such cooperation, and not very good. These lessons also have to be documented and analysed.
See in context
3rd July 2023 at 12:14 am
In responding to the points around the impact encryption, I would ask that the comments I made around the UK’s Online Safety Tech Challenge Fund and academic paper by Ian Levy and Crispin Robinson are added to the key messages.
I referenced a paper by Ian Levy and Crispin Robinson, two internationally respected cryptographers from the UK’s National Cyber Security Centre, which set out possible solutions to detecting child sexual abuse within End-to-End Encrypted Environments that companies could be exploring to balance both the rights to privacy and the rights of children to grow up in a safe and secure environment free from child sexual abuse.
The link to the paper is copied below:
[2207.09506] Thoughts on child safety on commodity platforms (arxiv.org)
And the UK Safety Tech Challenge Fund:
Lessons from Innovation in Safety Tech: The Data Protection Perspective – Safety Tech (safetytechnetwork.org.uk)
It is important that we balance the concerns about the breaking of encryption, with the possibilities that should be being explored to prevent child sexual abuse from entering or leaving these environments.
Andrew Campling also made points about the right to privacy not being an absolute right and the need to balance this right, with other rights- another point I think that is worth reflecting in this final paragraph.
See in context
3rd July 2023 at 12:00 am
I agree with the amendment Torsten has proposed to the initial text.
See in context
2nd July 2023 at 11:58 pm
I would be careful about saying these images have been created consensually. Just because an image is “self-generated” it does not mean it has been created through “sexting”. Children are being “groomed” and “coerced” into creating these images as well.
I agree- however, with the rewritten text above regarding what companies currently do and what they will be required to do if the EU proposal becomes law and is clearer than what was written in the initial text.
See in context
2nd July 2023 at 3:21 pm
The Internet has changed how war is fought, and how it is covered by media. At
the same time, the war has put “One world, one Internet” to a stress test. The foundations of global and interoperable Internet should not be affected by the deepening geopolitical divide, even though it has fragmented the content layer.
No one has the right to disrupt the global network that exists as a result of voluntary cooperation by thousands of networks. The mission of Internet actors is to promote and uphold the network, and to help restore it if destroyed by armed aggression.
The war has been accompanied by heightened weaponization of the content layer of the Internet. New EU legislation is expected to curb at least the role of very large platforms in spreading disinformation and hate speech.
See in context
2nd July 2023 at 2:36 pm
I kindly suggest the following changes:
Please add these two important points that were said by the speakers/audience:
– There is an initiative on the Nordic level to protect children from the harms of the Internet, and this initiative has already been promulgated into legislation in Denmark.
– As the role of parents is crucial in educating children to use the Internet in a savvy way, also parents need education. That’s why we need adult education also from beyond the formal education system, just like the adult education system in Finland already provides training in basic digital skills.
See in context
2nd July 2023 at 2:35 pm
I kindly suggest the following changes:
– governs => governments
– Replace this: ”Therefore, the contemporary political landscape requires three-level trust: political power; knowledge organisations; and individual.”
– By this:
– ”Therefore, the contemporary political landscape requires three levels of trust: trust in basic societal functions and structures of the society, trust in knowledge organizations, and trust between one another as individuals.”
See in context
2nd July 2023 at 2:32 pm
I kindly suggest the following changes:
Replace this: ”Thus, one of the key priorities is to enhance citizens digital literacy and education going beyond only digital competencies and including cultural aspects.”
with this: ”Thus, one of the key priorities is to enhance citizens’ digital literacy and education by going beyond just digital competencies and including also ethical, social and cultural dimensions.”
Add this important point that was said by the speaker: Responsibility for digital information literacy education lies not only with the formal education system, but also cultural institutions, NGOs, youth work play a key role.
See in context