Principle 3 - More Information
Principle 3 - More Information
Context
Across the world, in every culture and society there is a notion of privacy and liberty. They may be established in different forms or fall under different categories, but they do exist, underpinned by international frameworks like the Universal Declaration of Human Rights. As we move more of our lives online, the rules and customs that respect the universal and fundamental right to privacy are even more important.
We are faced with a new set of challenges in relation to our privacy and data rights in an era where the generation of data, its collection over the Web, and analytics power increases and more of the Web becomes an observed space. This includes not just the data that we provide ourselves, but the data that are generated or attributed to us through monitoring and tracking our use of the Web. There is now a pressing need for Governments to respect the privacy and data rights of individuals and communities to allow users to retain a sphere of autonomy where they can explore the Web freely without the threat of coercion, control, interference or surveillance, and for setting strong laws and policies that companies and other entities must comply with.
This principle focuses on the role of Governments in establishing frameworks for respecting, protecting and fulfilling people’s right to privacy and data rights. The aim of establishing these principles and clauses is to create a world in which everyone can use the Web freely, safely and without fear.
Human Rights Framework
This section includes non-exhaustive list of references to United Nations documents that provide a foundation for the interpretation of human rights in the context of the Web.
Privacy and other data rights have their basis in pre-existing human rights frameworks. The respect and protection of these international frameworks, interpreted to reflect the digital age, provide the strongest basis from which to base the contractual principles. Reflecting that other areas of the contract provide a basis from which to understand wider rights of access to information and openness, the core rights at play in privacy and other data rights are:
Article 12 of the Universal Declaration of Human Rights (UDHR): ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.’
“The right to privacy must be protected by standards of confidentiality and integrity of IT-Systems, providing protection against others accessing IT-Systems without consent.”
– IGF Charter of human rights and principles for the Internet, 2014
Article 17 of the International Covenant on Civil and Political Rights (ICCPR): ‘No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation.’
“States parties are under a duty themselves not to engage in interferences inconsistent with article 17 of the Covenant and to provide the legislative framework prohibiting such acts by natural or legal persons…. The gathering and holding of personal information on computers, data banks and other devices, whether by public authorities or private individuals or bodies, must be regulated by law…. In order to have the most effective protection of his private life, every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes. Every individual should also be able to ascertain which public authorities or private individuals or bodies control or may control their files.”
– Human Rights Committee, General Comment 16, adopted on 8 April 1988
Article 19 of the International Covenant on Civil and Political Rights (ICCPR):
(1) Everyone shall have the right to hold opinions without interference.
(2) Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.
“It follows that any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to freedom of expression and association… The onus would be on the State to demonstrate that such interference is neither arbitrary nor unlawful.”
– Office of the High Commissioner of Human Rights, 30 June 2014 (A-HRC-27-37)
The sections above are but a selection of the many Human Rights that government officials should uphold when developing policies that affect the internet.
Other Existing Frameworks
This section includes references to frameworks that third parties have developed to further delineate rights and principles in the context of the Web. Though this list is not exhaustive, it can provide further support to those interested in understanding the Contract’s objectives.
Beyond the core Human Rights International Legislation mentioned above (UDHR and ICCPR), we also consider the following existing frameworks:
EU General Data Protection Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council1, the European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR’), regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU.
APEC Cross-Border Privacy Rules System: The APEC Cross-Border Privacy Rules (CBPR) System is a government-backed data privacy certification that companies can join to demonstrate compliance with internationally-recognized data privacy protections. The CBPR System implements the APEC Privacy Framework endorsed by APEC Leaders in 2005 and updated in 2015.
International Principles on the Application of Human Rights to Communications Surveillance: These principles are the outcome of a global consultation with civil society groups, industry, and international experts in Communications Surveillance law, policy, and technology. They seek to provide civil society groups, industry, States, and others with a framework to evaluate whether current or proposed surveillance laws and practices are consistent with human rights.
OECD Principles for Internet Policymaking: The Principles for Internet Policymaking from the Organization for Economic Cooperation and Development (OECD) seek to ensure compatibility across a diverse set of laws and regulations to support the global free flow of information. The principles appeal to Governments and private actors to seek empowerment of users, strengthen consistency and effectiveness in privacy protection at a global level, and ensure transparency, fair process, and accountability.
OECD Privacy Guidelines: The OECD Privacy Guidelines articulate many of the same principles that operate under the European Union’s national data protection legislation. Doing so at an international level means the Privacy Principles have served as the basis for creating emerging privacy and data protection laws. The guidelines show how the protection of privacy and individual liberties adopted by the various countries have many common features such as limits to the collection of personal data, restricting the usage of data to conform with openly specified purposes, security safeguards and individual participation, among others.
Glossary
This section provides a set of references that may help those seeking to understand the technical terminology used in the Contract.
At the end of each definition, there is a reference to the key Principles to which each definition relates. Key: Governments: Principles 1-3; Companies: Principles 4-6; Citizens: Principles 7-9
- Affordability of internet access: the extent to which internet use is limited by the cost of access relative to income levels (Source: A4AI 2018 Affordability Report). – Relevant to Principle 1
- Barriers for people with disabilities: limitations faced by people with varied hearing, movement, sight, and cognitive abilities in the ways they can navigate the internet, contribute to and enjoy the tools made available through it (UNESCO). – Also see “Web Accessibility. – Relevant to Principle 4
- Civil discourse: engagement in conversation with the purpose of enhancing understanding. It requires respect of the other participants; avoids hostility, direct antagonism, or excessive persuasion; it requires modesty and an appreciation for the other participant’s experience (Source: K.J. Gergen -Read More: Wikipedia). – Relevant to Principles 7-9
- Community networks: telecommunications infrastructure deployed and operated by a local group to meet their own communication needs. They are the result of people working together, combining their resources, organizing their efforts, and connecting themselves to close connectivity and cultural gaps (Source: ISOC, based on DCCC IRTF). – Relevant to Principles 1 and 4
- Competent and independent judicial authority: an impartial and independent authority, conversant in issues related to and competent to make judicial decisions about the legality of communications surveillance, the technologies used and human rights involved, and adequately resourced to exercise those functions (Source: Necessary & Proportionate, P6). – Relevant to Principle 3
- Data: an interpretable representation of information in a formalized manner suitable for communication, interpretation, or processing (Source: ISO). – Relevant to Principles 3 and 5
- Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (Source: GDPR, Article 4(12)). – Relevant to Principle 3
- Digital literacy: the skills and capabilities needed to participate fully, effectively and equally in our digital world (Source: Web Foundation). – Relevant to Principle 1
- Dig once regulations: “refers to policies that allow for and/or encourage deployment of conduit and fiber in transportation rights of way during other infrastructure improvement projects. This can include, for example, installing pipes under roadbeds that can house numerous internet cables. Rather than digging up the road each time a new company wants to install high-speed internet cables, the Dig Once infrastructure would permit companies access to their cables, allowing for upgrades and additions as needed” (Source: IEEE). – Relevant to Principle 1
- Diversity: diversity means understanding that each individual is unique, and recognizing our individual differences, which include but are not limited to age, ethnicity, class, gender, physical abilities/qualities, race, sexual orientation, national origin, religious status, gender expression, educational background, geographical location, income, marital status, parental status, work experiences, among others (Source: UN: Delivering successful change on diversity and inclusion in the UN). – Relevant to Principle 6
- Gender inclusive: a process that refers to how well different gender identities are included as equally valued players in initiatives. Gender-inclusive projects, programmes, political processes and government services are those which have protocols in place to ensure all genders are included and have their voices heard and opinions equally valued (Source: Adapted from UNDP). Inclusion policies have become key to close the measurable gap between women and men in their access to, use of and ability to influence, contribute to and benefit from ICTs (Source: A/HRC/35/9). – Relevant to Principles 1,4 and 6
- Gender responsive: refers to outcomes that reflect an understanding of gender roles and inequalities and which make an effort to encourage equal participation and equal and fair distribution of benefits (Source: UNDP). – Relevant to Principles 1 and 4
- Human Rights: “Human rights are rights inherent to all human beings, regardless of race, sex, nationality, ethnicity, language, religion, or any other status. Human rights include the right to life and liberty, freedom from slavery and torture, freedom of opinion and expression, the right to work and education, and many more. Everyone is entitled to these rights, without discrimination (Source: United Nations). – Relevant to all Principles.
- Individual profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements (Source: GDPR, Art. 4(4)). – Relevant to Principles 3 and 5
- Inferred data: personal data that is usually derived or assigned to an individual from interpretations of other data shared by the individual and/or collected through observation of the individual’s use of an online service or device, including connected objects (Source: EU Guidelines on the right to data portability, pg. 10). – Relevant to Principles 3 and 5
- Infrastructure sharing: sharing telecommunications infrastructure (such as towers, high sites, ducts, fibre cables, antennas or transmission components) by competing operators (Source: IFC). – Relevant to Principle 1
- Infrastructure sharing (active): the sharing of active elements in the radio access network such as antennas and radio network controllers (RNC). National roaming is a form of active sharing (Source: BEREC) – Relevant to Principles 1 and 4
- Infrastructure sharing (passive): is the sharing of the passive elements of network infrastructure such as masts, sites, cabinet, power, and air conditioning (Source: BEREC). – Relevant to Principles 1 and 4
- Interoperability: the ability of different types of computers, networks, operating systems, and applications to work together effectively, without prior communication, in order to exchange information in a useful and meaningful manner (Source: DC). – Relevant to Principles 2 and 6
- Legality: restrictions [to art. 19.3 of the ICCPR, regarding the right to freedom of expression] must be “provided by law”. In particular, they must be adopted by regular legal processes and limit government discretion in a manner that distinguishes between lawful and unlawful expression with “sufficient precision”. Secretly adopted restrictions fail this fundamental requirement. The assurance of legality should generally involve the oversight of independent judicial authorities (Source: A/HRC/38/35). – Relevant to Principle 2
- Legitimate public interest: a set of values corresponding to an important legal interest that is necessary in a society, often including, public safety, protection of public order, health and morals, the protection of rights and freedoms of others (Source: ECHR, Article 8(2)). – Relevant to Principle 3
- Meaningful connectivity: a new global standard that measures not only if someone has accessed the internet, but the quality of connection they have (Source: A4AI). – Relevant to Principle 1
- Necessity and Proportionality: any restriction [to art. 19.3 of the ICCPR, regarding the right to freedom of expression] should create the least burden on the exercise of the right and actually protects, or is likely to protect the legitimate State interest at issue. States may not merely assert necessity but must demonstrate it, in the adoption of restrictive legislation and the restriction of specific expression (Source: A/HRC/38/35). – Relevant to Principle 2
- Observed data: personal data that is provided through an individual’s use of an online service or device, including connected objects. Examples include search history, traffic data,location data or heartbeat (Source: EU: Guidelines on the right to data portability) – Relevant to Principles 3 and 5
- Online privacy: a sphere of autonomy in which individuals and communities can explore the Web free from private actors’ and Government’s coercion, control, interference or surveillance (Source: Contextualisation of Lord Lester and D. Pannick (eds.), Human Rights Law and Practice, 2004, para. 4.82 adding the reference to the Web and freedom from interference by private actors.). – Relevant to Principles 3 and 5
- Open access rules: all suppliers are able to obtain access to the network facilities on fair and equivalent terms (ITU). – Relevant to Principle 1
- Open data: “Open data is digital data that is made available with the technical and legal characteristics necessary for it to be freely used, reused, and redistributed by anyone, anytime, anywhere.” (Source: Open Data Charter) – Relevant to Principle 6
- Open knowledge: “Knowledge anyone is free to access, use, modify, and share it — subject, at most, to measures that preserve provenance and openness.” (Source: Open Definition). – Relevant to Principles 6, 7-9
- Open license: a document that specifies that a work (be it sound, text, image or multimedia) is free for anyone to print out and share, publish on another channel or in print, make alterations or additions, incorporate, in part or in whole, into another piece of work, use as the basis for a work in another medium, and other freedoms (Source: Open Definition – Read More: Wikipedia). – Relevant to Principles 7-9
- Open source software: software distributed under terms that include the right to: free redistribution of the source code, access and reuse of the source code, including the creation of derived works to be distributed under the same license (with a series of exceptions only if the license allows the distribution of “patch file). OSS, by definition, must not discriminate against persons or groups, or against fields of endeavor. The rights attached to the program must apply to all to whom the program is redistributed, and must not be specific to a product or restrict other software. Licenses must be technology-neutral (Source: Adapted from OSI; Read More: Wikipedia). – Relevant to Principles 7-9
- Open source technology: see “Open source software”
- Open standard: a formal document that establishes uniform technical criteria, and is developed through an open, consensus driven, participatory process, focused on supporting interoperability (Source: W3C/IEEE; with edits based on Ken Krechmer – Read More: Wikipedia). – Relevant to Principles 6, 7, 8 and 9
- Open Web: this includes two components, a technical and a legal one. Technical: development of web technologies in accordance with the open standards developed by the World Wide Web Consortium (W3C), which ensures interoperability across web browsers. Legal: Absence of laws or regulations that restrict people from accessing web content or other web-based technologies over the internet. – Relevant to Principles 7-9
- Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Source: GDPR, Article 4(1)). – Relevant to Principles 3 and 5
- Privacy / data protection by design: a holistic approach incorporating technology and policy development that places privacy as a central component at the beginning of every service design process(Source: EU Resolution on Privacy by Design and GDPR). – Relevant to Principle 5
- Public registers: a published list made available online and updated regularly. In this particular context the registers must contain general information on data sharing and/or purchase agreements across the public sector and industry, explaining the types of data that are being shared or purchased, the recipient(s), and purpose(s). Additionally these registers must provide a reference source with general information on data breaches from public and private sources, including the organizations and data categories affected (Source: Inspired by Article 30, Anti-Money Laundering Directive with significant expansion and contextualisation from the Working Group, in particular bringing the types of agreements that are expected to be provided within the registers and the information provided alongside them). – Relevant to Principles 3 and 5.
- Quality of service: in the case of Internet access, quality of service measures not only include speeds, but also delay, jitter, availability, and packet loss (Source: A4AI Qos, GSMA). – Relevant for Principle 4
- Radio spectrum : the radio frequency spectrum of hertzian waves allocated based on guidance from the ITU, and used as a transmission medium for cellular radio, satellite communication, over-the-air broadcasting and other communication services (Source: ITU). – Relevant to Principle 1
- Standard technology: see “Open Standard”
- Sustainable Development Goals: the 2030 Agenda for Sustainable Development, adopted by the UN in 2015 sets 17 goals: no poverty, zero hunger, good health and well-being, quality education, gender equality, clean water and sanitation, affordable and clean energy, decent work and economic growth, industry innovation and infrastructure, reduced inequalities, sustainable cities and communities, responsible production and consumption, climate action, life below water, life on land, peace, justice and strong institutions and partnerships for the goals (Source: UN SDGs). – Relevant to Principle 6
- Universal service: ensuring every individual within a country has basic internet access service available at an affordable price (Source: adapted from WTO). – Relevant to Principle 1
- Universal Service and Access Funds (USAFs) are communal public funds dedicated to expanding internet connectivity and access opportunities for those least likely to be connected through market forces alone (Source: A4AI). – Relevant to Principle 1
- User interface: all components of an interactive system (software or hardware) that provide information and controls for the user to accomplish specific tasks with the interactive system (Source: ISO). – Relevant to Principles 4, 5 and 6.
- Web accessibility: web technologies that work for all people, whatever their hardware, software, language, location, or ability. When the Web meets this goal, it is accessible to people with a diverse range of hearing, movement, sight, and cognitive ability (Source: W3C). – Relevant to Principles 1,4, and 7-9
- Web technologies: a set of computing technologies that together provide a realization of the “Architecture of the World Wide Web” (Source: W3C). – Relevant to Principle 6