New UN Resolution Amplifies Call for Right to Privacy in the Light of Mass Surveillance

On 18 December 2014, the United Nations General Assembly (UN GA) approved, without vote, resolution A/RES/69/166 ‘The right to privacy in the digital age’.

The resolution in the context of UN developments on online privacy

The resolution is a further step in the ongoing UN process to protect privacy and other human rights online. The process, headed by Germany and Brazil, has not been driven only by the mass surveillance disclosures, but it has gained momentum since 2013 and has resulted in a series of related documents:

  • the Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression from 17 April 2013;
  • the original UN GA resolution 68/167 of 18 December 2013 on the right to privacy in the digital age;
  • the UN GA resolution 68/178 of 18 December 2013 on the protection of human rights and fundamental freedoms while countering terrorism;
  • the Report of the Office of the United Nations High Commissioner for Human Rights on the right to privacy in the digital age, from 30 June 2014;
  • the Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, from 23 September 2014.

What’s new?

The preamble borrows from the UN GA resolution 68/167 of 18 December 2013, while also listing recent developments and adding new statements. One of the new paragraphs of the preamble contains the following wording:

Noting in particular that surveillance of digital communications must be consistent with international human rights obligations and must be conducted on the basis of a legal framework, which must be publicly accessible, clear, precise, comprehensive and non-discriminatory and that any interference with the right to privacy must not be arbitrary or unlawful, bearing in mind what is reasonable to the pursuance of legitimate aims, and recalling that States that are parties to the International Covenant on Civil and Political Rights must undertake the necessary steps to adopt laws or other measures as may be necessary to give effect to the rights recognized in the Covenant,…

This language resembles the jurisprudence and case law of the European Court of Human Rights regarding Article 8 of the European Convention on Human Rights. This means another small victory for the European perception of the right to privacy.

The reference to adopting ‘laws or other measures as may be necessary to give effect to the rights recognized in the Covenant’ could be seen as a nudge to the USA, which ratified the International Covenant on Civil and Political Rights (ICCPR) in 1992 with a non-self-execution declaration, preventing their citizens from directly invoking the ICCPR in their domestic courts, and effectively barring any legal check on the consistency of U.S. domestic law with the ICCPR.

The preamble of the resolution also mentions for the first time the responsibility of business enterprises to respect human rights, notes the issue of arbitrary interference with the right to privacy of human rights activists, and states that anti-terrorism measures should not entail non-compliance with international law.

The operative clauses are almost the same as in resolution 68/167. Paragraph 4(d) newly specifies that the oversight mechanisms for state surveillance should be ‘adequately resourced and impartial’. A new paragraph 4(e) calls on states to ‘provide individuals whose right to privacy has been violated by unlawful or arbitrary surveillance with access to an effective remedy, consistent with international human rights obligations’.

This resolution is the first one to mention that aggregated metadata can reveal personal information. However, according to Reuters, diplomats said that a stronger reference to metadata surveillance as an intrusive act was removed from the text to appease the countries of the so-called ‘Five Eyes’ intelligence alliance (USA, UK, Canada, Australia and New Zealand).

The international context

The resolution is sponsored by a diverse group of countries, including Germany, France, Russia, Brazil and Indonesia. The Five Eyes countries are notably absent from sponsoring the resolution, even though their delegates did not object to the draft being approved by consensus by the Third Committee (Social, Humanitarian and Cultural) of the General Assembly. Interestingly, the group sponsoring the resolution includes countries which are otherwise divided on the issue of Internet governance (see the Incyder news on the WCIT 2012 Conference, and compare the list of signatories of the WCIT 2012 Final Acts) and which are usually reluctant to agree on cyberspace rules, due to fundamental differences about the level of state control over cyberspace.

In the debate ensuing after the approval of the draft, the UK delegate to the Third Committee highlighted that ‘the challenge facing States was to ensure that the right to privacy was protected, while fulfilling the States’ obligations to protect citizens from terrorist and criminal activity’, while the US delegate underscored that ‘further discussion should include the arbitrary use of surveillance to harass human rights defenders’.

The approval of the resolution coincides with the attempt by the Obama administration to push the USA Freedom Act through the Senate in order to curtail the bulk collection of metadata, and with UK plans to expand data retention by the Counter-Terrorism and Security Bill 2014-15.

Even though UN GA resolutions may not have the same power as UN Security Council resolutions or international treaties, they are an important element in the development of customary international law because they express states’ opinions and declare their practice. By approving the resolution, the General Assembly reinforces its stance on states’ activities in cyberspace.


Tomáš Minárik

This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.