![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
ABSTRACT
While the United Nations (UN) pioneered in recognizing the impact of modern technological developments on (data) privacy as far back as 1968, little has so far been achieved in terms of introducing a truly global data privacy framework. The present UN data privacy framework is by and large a mere patchwork of rules that exhibit a number of weaknesses. This weak structure of the present framework is a result of political and ideological controversies of the Cold War era. This article considers the extent to which the current UN data privacy system provides protection to data privacy and highlights its major limitations. It concludes that the discourse at the UN set in motion, particularly in the aftermath of the Snowden revelations, wields a potential to result in a major reform in the UN data privacy system.
Acknowledgements
The author gratefully thanks Prof Andrew Kenyon, Prof Megan Richardson and Prof Paul De Hert as well as the anonymous reviewers for feedback on an earlier version.
Disclosure statement
No potential conflict of interest was reported by the author.
Notes
1 Cf WFP Directive on Information Disclosure, 7 June Citation2010, Section 3 (iv) [prohibiting that disclosure of information that is likely to violate rights or invade privacy of any individual, save disclosure for public interest].
2 For the influence in Africa, see Makulilo (Citation2016, 18–19).
3 See his personal details at http://bit.ly/2lwQFiL (Last accessed on 3 January 2017).
4 For more on this, see Bygrave, (Citation2014, 52–53).
5 For details on the elements of the modernization process, see http://bit.ly/2eAR6Ji (Last accessed on 3 January 2018).
6 See, for instance, UNESCO Declaration on the Human Genome and Human Rights, supra n 46, Art 24; see more details at http://bit.ly/2mIyFCb (Last accessed on 3 January 2018).
7 For a summary of cases where the principles of the Convention have been considered, see Pere Vilanova, The Right to Privacy in the Case Law of the ECtHR, in Proceedings of the High-Level Seminar on International Case Law in Bioethics: Insight and Foresight, 2016, pp. 21 et seqq.
8 Examples of case law that remotely touched on (data) privacy include: I.P. v Finland, Communication No. 450/1991, 26 July Citation1993; Antonius Cornelis Van Hulst v The Netherlands, Communication No.903/1999, 15 November Citation2004; Nabil Sayadi and Patricia Vinck v Belgium, Communication No. 1472/2006, 29 December Citation2008; H.S. v Australia, Communication No. 2015/2010, 13 May Citation2015. Recent examples of concluding observations having to do with data privacy include: Concluding Observations of the Human Rights Committee: Sweden, 2 April Citation2009, para 18; Concluding Observations of the Human Rights Committee: Hungary, 16 November Citation2010, para 6; Concluding Observations of the Human Rights Committee: France, 13 July Citation2008, par 22.
9 It is also interesting to note that this case has also relied upon the ILO Code of Practice on the Protection of Workers’ Personal Data of Citation1997. See id, paras 38–40.
10 A recent Resolution of the Human Council breaks the trend, and mentions the UN Guidelines, which might in due course put the Guidelines in the UN agenda. See The Right to Privacy in the Digital Age, Resolution of the Human Rights Council 34, 22 March Citation2017, Preamble, para 5.
11 In his latest report to the Human Rights Council, the Special Rapporteur ‘encourages’ countries recently adopting national data privacy law to ensure that the ‘minimum standards’ set out in the CoE Data Protection Convention are met. One would expect the UN Guidelines was referred to instead not least because the set minimum guarantees and are UN instruments. See Report of the Special Rapporteur on the Right to Privacy, Joseph Cannataci, 24 February Citation2017, para 9. An October 2017 report of the Special Rapporteur to the General Assembly does refer to the Guidelines but in a clearly tangential manner after the OECD Guidelines (whose principles the report details) and the CoE Data Protection Convention. See Report of the Special Rapporteur on the Right to Privacy, Joseph Cannataci, 19 October Citation2017, paras 71–72.
12 In another report co-authored for the UNESCO, Cannataci has also noted the UN Guidelines as being part of the international framework for the protection of privacy. See Cannataci et al. (Citation2016, 36).
13 For a related view, see Greenleaf, (Citation2014, 100). Recent examples of cases adjudged by the ECtHR that involved data privacy principles include L.H. v Latvia, Application No. 52019/07, 29 April Citation2014 [concerning processing of health data], Uzun v Germany, Application No. 35623/05, 2 September Citation2010 [Concerning processing of location data], S and Marper v UK, Application Nos. 30562/04 & 30566/04, 4 December Citation2008 [concerning retention of personal data such as fingerprints, Cellular samples and DNA profiles].
14 See details at http://bit.ly/2mIyFCb (Last accessed on 3 January 2018).
15 See, for instance, Montreux Declaration, The Protection of Personal Data and Privacy in a Globalized World: A Universal Right Respecting Diversities, September Citation2005; Resolution on Anchoring Data Protection and the Protection of Privacy in International Law, 35th International Conference of Data Protection and Privacy Commissioners, Warsaw, Poland, 26 September Citation2013. Cf. Draft of International Standards on the Protection of Privacy with regard to the Processing of Personal Data, which was commissioned by the Conference and adopted later in November 2009.
16 On the call for a ‘Geneva style Convention’, see Alexander (Citation Citation2015), available at http://bit.ly/2h2bEYF (Last accessed on 3 January 2018).
17 Those put forward post the Snowden revelations include the following: Mitsilegas (Citation2016, 73–77); Brown et al. (Citation2015, 25 et seqq); Deeks (Citation2015, 343 et seq).
18 See also Saadat and Ballard (Citation2007, 15) [arguing that a global privacy instrument will have to reflect the values of states to be involved in its negotiation and conclusion, which could be a ‘tall goal’].
19 The Special Rapporteur’s February 2017 report, however, slightly shows ambivalence regarding the nature of the possible international treaty, and notes that it is premature to make a decision on the ‘desirability or feasibility’ of such treaty but he aims to outline possible options to the UN in Autumn 2018. While he considers the possibility of an all-out ‘Internet Governance Treaty’ which would address inter alia ‘the very important yet oft-neglected […] right to protection of reputation which is both distinct and akin to privacy’, he also outlines merits of introducing an ‘international authority’ that would issue ‘international data access warrants’ under the CoE Cybercrime Convention’ as the best option of protecting privacy from unfettered surveillance in international law. See Report of the Special Rapporteur on the Right to Privacy, Joseph Cannataci, supra n 87, para 46. See also Planned Thematic Reports and Call for Consultation of the Special Rapporteur, February Citation2017, para 3, available at http://bit.ly/2noQFSG (Last accessed on 3 January 2018).
20 Note that the author of this article had the opportunity to review and offer feedback to the Special Rapporteur on an earlier version of the drafted instrument during the first round of the consultation.