Principle 5 - More Information
Principle 5 - More Information
The Web has become one of the principal means by which individuals exercise their right to freedom of expression and information. It provides essential tools for participation and discussions concerning political issues and issues of general interest.
Through the Web, platforms are becoming the de facto meeting points, where public discourse and debate occurs. They provide space for communities to meet, discuss, share ideas, and make change happen. They are our town halls and our cafes, our libraries and our newsagents. Moreover, the amount and granularity of personal data available today, and the increasing complexity of data processing techniques, raise serious concerns about possible negative impacts on our privacy and data rights.
With this increased centrality to our lives, platforms have direct effects on our fundamental rights. Their choices of business model, platform development, and default settings have a profound impact on individuals’ privacy, access to information and data rights such as the freedom from manipulation and coercion.
These decisions will define the control individuals and communities have over their rights, which will subsequently affect their level of trust for online services. This principle seeks to reflect the reality of companies’ importance to the realisation of privacy and data rights. The aim of establishing this principle and clauses is to make them commit and thus accountable for documenting adverse rights impacts that arise as a result of their operations, providing strong default privacy settings and alternatives, and providing clear ways for an individual to exercise their data rights.
Human Rights Framework
This section includes non-exhaustive list of references to United Nations documents that provide a foundation for the interpretation of human rights in the context of the Web.
Privacy and other data rights have their basis in pre-existing human rights frameworks. The respect and protection of these international frameworks, interpreted to reflect the digital age, provide the strongest basis from which to base the contractual principles. Reflecting that other areas of the contract provide a basis from which to understand wider rights of access to information and openness, the core rights at play in privacy and other data rights are:
Article 12 of the Universal Declaration of Human Rights (UDHR): ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.’
“In order to have the most effective protection of his private life, every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes. Every individual should also be able to ascertain which public authorities or private individuals or bodies control or may control their files.”
– Human Rights Committee, General Comment 16, adopted on 8 April 1988
Article 17 of the International Covenant on Civil and Political Rights (ICCPR): ‘No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.’
“A central part of human rights due diligence as defined by the Guiding Principles [on Business and Human Rights] is meaningful consultation with affected stakeholders. In the context of information and communications technology, this also includes ensuring that users have meaningful transparency about how their data are being gathered, stored, used and potentially shared with others, so that they are able to raise concerns and make informed decisions.”
– Office of the High Commissioner of Human Rights, 30 June 2014 (A-HRC-27-37)
Article 19 of the International Covenant on Civil and Political Rights (ICCPR):
(1) Everyone shall have the right to hold opinions without interference.
(2) Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.
“Among the most important steps that private actors should take is the development and implementation of transparent human rights assessment procedures…. Such assessments should critically review the wide range of private sector activities in which they are engaged, such as the formulation and enforcement of terms of service and community standards on users’ freedom of expression…; the impact of products, services and other commercial initiatives on users’ freedom of expression as they are being developed, including design and engineering choices, and plans for differential pricing of or access to Internet content and services…”
– David Kaye – Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, 29 August 2018 (A/HRC/32/38)
The sections above are a small subset of the many Human Rights that CEOs, entrepreneurs and developers of web applications should uphold through their work.
Other Existing Frameworks
This section includes references to frameworks that third parties have developed to further delineate rights and principles in the context of the Web. Though this list is not exhaustive, it can provide further support to those interested in understanding the Contract’s objectives.
Beyond the core Human Rights International Legislation mentioned above (UDHR and ICCPR), we also consider the following existing frameworks:
Guiding Principles on Business and Human Rights: The Principles — endorsed by the United Nations Human Rights Council — provide a global standard for preventing and addressing the risk of adverse impacts on human rights linked to business activity. Relevant principles include the responsibility to respect human rights which requires due diligence on the part of the company. This involves becoming aware of, preventing and addressing adverse human rights impacts.
EU General Data Protection Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council1, the European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR’), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.
Global Network Initiative Principles on Freedom of Expression and Privacy: The principles provide guidance to the ICT industry and its stakeholders in protecting and advancing the enjoyment of human rights globally, they have also been called as a framework by the Special Rapporteur on Freedom of Opinion and Expression as a minimum set of principles for companies to adhere to. Developed by companies, investors, civil society organisations, and academics, the principles seek to establish that rights to freedom of expression and privacy should be respected by Governments and that companies should respect and work to protect these fundamental rights.
Organization for Economic Cooperation and Development Guidelines on Multinational Enterprises: The OECD Guidelines on Multinational Enterprises are recommendations addressed by governments to multinational enterprises operating in or from adhering countries. They provide non-binding principles and standards for responsible business conduct in a global context consistent with applicable laws and internationally recognised standards. The principles include a chapter on Consumer Interests where enterprises should respect consumer privacy and take reasonable measures to ensure the security of personal data that is collected, stored, processed, or disseminated, and provide consumers with access to fair, easy to use, timely and effective non-judicial dispute resolution and redress mechanisms.
This section provides a set of references that may help those seeking to understand the technical terminology used in the Contract.
At the end of each definition, there is a reference to the key Principles to which each definition relates. Key: Governments: Principles 1-3; Companies: Principles 4-6; Citizens: Principles 7-9
- Affordability of internet access: the extent to which internet use is limited by the cost of access relative to income levels (Source: A4AI 2018 Affordability Report). – Relevant to Principle 1
- Barriers for people with disabilities: limitations faced by people with varied hearing, movement, sight, and cognitive abilities in the ways they can navigate the internet, contribute to and enjoy the tools made available through it (UNESCO). – Also see “Web Accessibility. – Relevant to Principle 4
- Civil discourse: engagement in conversation with the purpose of enhancing understanding. It requires respect of the other participants; avoids hostility, direct antagonism, or excessive persuasion; it requires modesty and an appreciation for the other participant’s experience (Source: K.J. Gergen -Read More: Wikipedia). – Relevant to Principles 7-9
- Community networks: telecommunications infrastructure deployed and operated by a local group to meet their own communication needs. They are the result of people working together, combining their resources, organizing their efforts, and connecting themselves to close connectivity and cultural gaps (Source: ISOC, based on DCCC IRTF). – Relevant to Principles 1 and 4
- Competent and independent judicial authority: an impartial and independent authority, conversant in issues related to and competent to make judicial decisions about the legality of communications surveillance, the technologies used and human rights involved, and adequately resourced to exercise those functions (Source: Necessary & Proportionate, P6). – Relevant to Principle 3
- Data: an interpretable representation of information in a formalized manner suitable for communication, interpretation, or processing (Source: ISO). – Relevant to Principles 3 and 5
- Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (Source: GDPR, Article 4(12)). – Relevant to Principle 3
- Digital literacy: the skills and capabilities needed to participate fully, effectively and equally in our digital world (Source: Web Foundation). – Relevant to Principle 1
- Dig once regulations: “refers to policies that allow for and/or encourage deployment of conduit and fiber in transportation rights of way during other infrastructure improvement projects. This can include, for example, installing pipes under roadbeds that can house numerous internet cables. Rather than digging up the road each time a new company wants to install high-speed internet cables, the Dig Once infrastructure would permit companies access to their cables, allowing for upgrades and additions as needed” (Source: IEEE). – Relevant to Principle 1
- Diversity: diversity means understanding that each individual is unique, and recognizing our individual differences, which include but are not limited to age, ethnicity, class, gender, physical abilities/qualities, race, sexual orientation, national origin, religious status, gender expression, educational background, geographical location, income, marital status, parental status, work experiences, among others (Source: UN: Delivering successful change on diversity and inclusion in the UN). – Relevant to Principle 6
- Gender inclusive: a process that refers to how well different gender identities are included as equally valued players in initiatives. Gender-inclusive projects, programmes, political processes and government services are those which have protocols in place to ensure all genders are included and have their voices heard and opinions equally valued (Source: Adapted from UNDP). Inclusion policies have become key to close the measurable gap between women and men in their access to, use of and ability to influence, contribute to and benefit from ICTs (Source: A/HRC/35/9). – Relevant to Principles 1,4 and 6
- Gender responsive: refers to outcomes that reflect an understanding of gender roles and inequalities and which make an effort to encourage equal participation and equal and fair distribution of benefits (Source: UNDP). – Relevant to Principles 1 and 4
- Human Rights: “Human rights are rights inherent to all human beings, regardless of race, sex, nationality, ethnicity, language, religion, or any other status. Human rights include the right to life and liberty, freedom from slavery and torture, freedom of opinion and expression, the right to work and education, and many more. Everyone is entitled to these rights, without discrimination (Source: United Nations). – Relevant to all Principles.
- Individual profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements (Source: GDPR, Art. 4(4)). – Relevant to Principles 3 and 5
- Inferred data: personal data that is usually derived or assigned to an individual from interpretations of other data shared by the individual and/or collected through observation of the individual’s use of an online service or device, including connected objects (Source: EU Guidelines on the right to data portability, pg. 10). – Relevant to Principles 3 and 5
- Infrastructure sharing: sharing telecommunications infrastructure (such as towers, high sites, ducts, fibre cables, antennas or transmission components) by competing operators (Source: IFC). – Relevant to Principle 1
- Infrastructure sharing (active): the sharing of active elements in the radio access network such as antennas and radio network controllers (RNC). National roaming is a form of active sharing (Source: BEREC) – Relevant to Principles 1 and 4
- Infrastructure sharing (passive): is the sharing of the passive elements of network infrastructure such as masts, sites, cabinet, power, and air conditioning (Source: BEREC). – Relevant to Principles 1 and 4
- Interoperability: the ability of different types of computers, networks, operating systems, and applications to work together effectively, without prior communication, in order to exchange information in a useful and meaningful manner (Source: DC). – Relevant to Principles 2 and 6
- Legality: restrictions [to art. 19.3 of the ICCPR, regarding the right to freedom of expression] must be “provided by law”. In particular, they must be adopted by regular legal processes and limit government discretion in a manner that distinguishes between lawful and unlawful expression with “sufficient precision”. Secretly adopted restrictions fail this fundamental requirement. The assurance of legality should generally involve the oversight of independent judicial authorities (Source: A/HRC/38/35). – Relevant to Principle 2
- Legitimate public interest: a set of values corresponding to an important legal interest that is necessary in a society, often including, public safety, protection of public order, health and morals, the protection of rights and freedoms of others (Source: ECHR, Article 8(2)). – Relevant to Principle 3
- Meaningful connectivity: a new global standard that measures not only if someone has accessed the internet, but the quality of connection they have (Source: A4AI). – Relevant to Principle 1
- Necessity and Proportionality: any restriction [to art. 19.3 of the ICCPR, regarding the right to freedom of expression] should create the least burden on the exercise of the right and actually protects, or is likely to protect the legitimate State interest at issue. States may not merely assert necessity but must demonstrate it, in the adoption of restrictive legislation and the restriction of specific expression (Source: A/HRC/38/35). – Relevant to Principle 2
- Observed data: personal data that is provided through an individual’s use of an online service or device, including connected objects. Examples include search history, traffic data,location data or heartbeat (Source: EU: Guidelines on the right to data portability) – Relevant to Principles 3 and 5
- Online privacy: a sphere of autonomy in which individuals and communities can explore the Web free from private actors’ and Government’s coercion, control, interference or surveillance (Source: Contextualisation of Lord Lester and D. Pannick (eds.), Human Rights Law and Practice, 2004, para. 4.82 adding the reference to the Web and freedom from interference by private actors.). – Relevant to Principles 3 and 5
- Open access rules: all suppliers are able to obtain access to the network facilities on fair and equivalent terms (ITU). – Relevant to Principle 1
- Open data: “Open data is digital data that is made available with the technical and legal characteristics necessary for it to be freely used, reused, and redistributed by anyone, anytime, anywhere.” (Source: Open Data Charter) – Relevant to Principle 6
- Open knowledge: “Knowledge anyone is free to access, use, modify, and share it — subject, at most, to measures that preserve provenance and openness.” (Source: Open Definition). – Relevant to Principles 6, 7-9
- Open license: a document that specifies that a work (be it sound, text, image or multimedia) is free for anyone to print out and share, publish on another channel or in print, make alterations or additions, incorporate, in part or in whole, into another piece of work, use as the basis for a work in another medium, and other freedoms (Source: Open Definition – Read More: Wikipedia). – Relevant to Principles 7-9
- Open source software: software distributed under terms that include the right to: free redistribution of the source code, access and reuse of the source code, including the creation of derived works to be distributed under the same license (with a series of exceptions only if the license allows the distribution of “patch file). OSS, by definition, must not discriminate against persons or groups, or against fields of endeavor. The rights attached to the program must apply to all to whom the program is redistributed, and must not be specific to a product or restrict other software. Licenses must be technology-neutral (Source: Adapted from OSI; Read More: Wikipedia). – Relevant to Principles 7-9
- Open source technology: see “Open source software”
- Open standard: a formal document that establishes uniform technical criteria, and is developed through an open, consensus driven, participatory process, focused on supporting interoperability (Source: W3C/IEEE; with edits based on Ken Krechmer – Read More: Wikipedia). – Relevant to Principles 6, 7, 8 and 9
- Open Web: this includes two components, a technical and a legal one. Technical: development of web technologies in accordance with the open standards developed by the World Wide Web Consortium (W3C), which ensures interoperability across web browsers. Legal: Absence of laws or regulations that restrict people from accessing web content or other web-based technologies over the internet. – Relevant to Principles 7-9
- Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Source: GDPR, Article 4(1)). – Relevant to Principles 3 and 5
- Privacy / data protection by design: a holistic approach incorporating technology and policy development that places privacy as a central component at the beginning of every service design process(Source: EU Resolution on Privacy by Design and GDPR). – Relevant to Principle 5
- Public registers: a published list made available online and updated regularly. In this particular context the registers must contain general information on data sharing and/or purchase agreements across the public sector and industry, explaining the types of data that are being shared or purchased, the recipient(s), and purpose(s). Additionally these registers must provide a reference source with general information on data breaches from public and private sources, including the organizations and data categories affected (Source: Inspired by Article 30, Anti-Money Laundering Directive with significant expansion and contextualisation from the Working Group, in particular bringing the types of agreements that are expected to be provided within the registers and the information provided alongside them). – Relevant to Principles 3 and 5.
- Quality of service: in the case of Internet access, quality of service measures not only include speeds, but also delay, jitter, availability, and packet loss (Source: A4AI Qos, GSMA). – Relevant for Principle 4
- Radio spectrum : the radio frequency spectrum of hertzian waves allocated based on guidance from the ITU, and used as a transmission medium for cellular radio, satellite communication, over-the-air broadcasting and other communication services (Source: ITU). – Relevant to Principle 1
- Standard technology: see “Open Standard”
- Sustainable Development Goals: the 2030 Agenda for Sustainable Development, adopted by the UN in 2015 sets 17 goals: no poverty, zero hunger, good health and well-being, quality education, gender equality, clean water and sanitation, affordable and clean energy, decent work and economic growth, industry innovation and infrastructure, reduced inequalities, sustainable cities and communities, responsible production and consumption, climate action, life below water, life on land, peace, justice and strong institutions and partnerships for the goals (Source: UN SDGs). – Relevant to Principle 6
- Universal service: ensuring every individual within a country has basic internet access service available at an affordable price (Source: adapted from WTO). – Relevant to Principle 1
- Universal Service and Access Funds (USAFs) are communal public funds dedicated to expanding internet connectivity and access opportunities for those least likely to be connected through market forces alone (Source: A4AI). – Relevant to Principle 1
- User interface: all components of an interactive system (software or hardware) that provide information and controls for the user to accomplish specific tasks with the interactive system (Source: ISO). – Relevant to Principles 4, 5 and 6.
- Web accessibility: web technologies that work for all people, whatever their hardware, software, language, location, or ability. When the Web meets this goal, it is accessible to people with a diverse range of hearing, movement, sight, and cognitive ability (Source: W3C). – Relevant to Principles 1,4, and 7-9
- Web technologies: a set of computing technologies that together provide a realization of the “Architecture of the World Wide Web” (Source: W3C). – Relevant to Principle 6