RES/34/7 The right to privacy in the digital age
Document Type: Final Resolution
Date: 2017 Apr
Session: 34th Regular Session (2017 Feb)
Agenda Item: Item3: Promotion and protection of all human rights, civil, political, economic, social and cultural rights, including the right to development
Topic: Privacy
- Main sponsors2
- Co-sponsors65
-
- Albania
- Angola
- Argentina
- Armenia
- Austria
- Belgium
- Benin
- Bolivia, Plurinational State of
- Bosnia and Herzegovina
- Bulgaria
- Chile
- Congo
- Costa Rica
- Croatia
- Cyprus
- Czechia
- Denmark
- Ecuador
- El Salvador
- Estonia
- Finland
- France
- Georgia
- Greece
- Haiti
- Honduras
- Hungary
- Iceland
- Ireland
- Italy
- Kenya
- Latvia
- Lebanon
- Liechtenstein
- Lithuania
- Luxembourg
- North Macedonia
- Mali
- Malta
- Mexico
- Moldova, Republic of
- Monaco
- Mongolia
- Montenegro
- Mozambique
- Netherlands
- Norway
- Panama
- Paraguay
- Peru
- Poland
- Portugal
- Romania
- San Marino
- Serbia
- Sierra Leone
- Slovakia
- Slovenia
- Spain
- Sweden
- Switzerland
- Timor-Leste
- Tunisia
- Ukraine
- Uruguay
GE.17-05665(E)
Human Rights Council Thirty-fourth session
27 February–24 March 2017
Agenda item 3
Resolution adopted by the Human Rights Council on 23 March 2017
34/7. The right to privacy in the digital age
The Human Rights Council,
Guided by the purposes and principles of the Charter of the United Nations,
Reaffirming the human rights and fundamental freedoms enshrined in the Universal
Declaration of Human Rights and relevant international human rights treaties, including the
International Covenant on Civil and Political Rights, the International Covenant on
Economic, Social and Cultural Rights, the Convention on the Rights of the Child and the
Convention on the Rights of Persons with Disabilities,
Recalling the universality, indivisibility, interdependence and interrelatedness of all
human rights and fundamental freedoms,
Reaffirming the Vienna Declaration and Programme of Action,
Recalling General Assembly resolutions 68/167 of 18 December 2013, 69/166 of 18
December 2014 and 71/199 of 19 December 2016 on the right to privacy in the digital age,
and 45/95 of 14 December 1990 on guidelines for the regulation of computerized personal
data files, Human Rights Council decision 25/117 of 27 March 2014 and Council resolution
28/16 of 26 March 2015 on the right to privacy in the digital age, and all other relevant
resolutions of the Council, in particular resolutions 33/2 of 29 September 2016 on the safety
of journalists, resolution 12/16 of 2 October 2009 and all other resolutions on the right to
freedom of opinion and expression, and resolutions 20/8 of 5 July 2012, 26/13 of 26 June
2014 and 32/13 of 1 July 2016 on the promotion, protection and enjoyment of human rights
on the Internet,
Welcoming the work of the Office of the United Nations High Commissioner for
Human Rights on the right to privacy in the digital age, noting with interest its report
thereon, and recalling the panel discussion on the right to privacy in the digital age held
during the twenty-seventh session of the Human Rights Council,1
1 See A/HRC/28/39.
Welcoming also the work of the Special Rapporteur on the right to privacy, and
taking note of the reports of the Special Rapporteur on the right to privacy,2 of the Special
Rapporteur on the promotion and protection of human rights and fundamental freedoms
while countering terrorism3 and of the Special Rapporteur on the promotion and protection
of the right to freedom of opinion and expression,4
Noting with appreciation general comment No. 16 (1988) of the Human Rights
Committee on the right to respect of privacy, family, home and correspondence, and
protection of honour and reputation, while also noting the vast technological leaps that have
taken place since its adoption and the need to discuss the right to privacy in view of the
challenges of the digital age,
Noting that, in its general comment No. 16, the Human Rights Committee
recommended that States take effective measures to prevent the unlawful retention,
processing and use of personal data stored by public authorities and business enterprises,
Recalling that the General Assembly in its resolution 71/199 encouraged the Human
Rights Council to remain actively seized of the debate on the right to privacy in the digital
age with the purpose of identifying and clarifying principles, standards and best practices
regarding the promotion and protection of the right to privacy, and to consider holding an
expert workshop as a contribution for a future report of the United Nations High
Commissioner for Human Rights on this matter,
Recognizing the need to further discuss and analyse, on the basis of international
human rights law, issues relating to the promotion and protection of the right to privacy in
the digital age, procedural safeguards, effective domestic oversight and remedies, the
impact of surveillance on the right to privacy and other human rights, as well as the need to
examine the principles of non-arbitrariness, lawfulness, legality, necessity and
proportionality in relation to surveillance practices,
Recognizing also that the discussion on the right to privacy should be based upon
existing international and domestic legal obligations, including international human rights
law, and relevant commitments, and should not open the path for undue interference with
an individual’s human rights,
Reaffirming the human right to privacy, according to which no one shall be
subjected to arbitrary or unlawful interference with his or her privacy, family, home or
correspondence, and the right to the protection of the law against such interference, and
recognizing that the exercise of the right to privacy is important for the realization of other
human rights, including the right to freedom of expression and to hold opinions without
interference, and the right to freedom of peaceful assembly and association, and is one of
the foundations of a democratic society,
Recognizing that the right to privacy can enable the enjoyment of other rights and
the free development of an individual’s personality and identity, and an individual’s ability
to participate in political, economic, social and cultural life, and noting with concern that
violations or abuses of the right to privacy might affect the enjoyment of other human
rights, including the right to freedom of expression and to hold opinions without
interference, and the right to freedom of peaceful assembly and association,
Noting that the rapid pace of technological development enables individuals all over
the world to use information and communications technology and at the same time
2 A/HRC/31/64, A/HRC/34/60 and A/71/368.
3 A/HRC/34/61 and A/69/397.
4 A/HRC/23/40 and Corr.1, A/HRC/29/32, A/HRC/32/38 and A/70/361.
enhances the capacity of Governments, business enterprises and individuals to undertake
surveillance, interception and data collection, which may violate or abuse human rights, in
particular the right to privacy, as set out in article 12 of the Universal Declaration of Human
Rights and article 17 of the International Covenant on Civil and Political Rights, and is
therefore an issue of increasing concern,
Noting also that, while metadata may provide benefits, certain types of metadata,
when aggregated, can reveal personal information that can be no less sensitive than the
actual content of communications and can give an insight into an individual’s behaviour,
social relationships, private preferences and identity,
Noting with concern that automatic processing of personal data for individual
profiling may lead to discrimination or decisions that otherwise have the potential to affect
the enjoyment of human rights, including economic, social and cultural rights, and
recognizing the need to further discuss and analyse these practices on the basis of
international human rights law,
Expressing concern that individuals often do not provide their free, explicit and
informed consent to the re-use, sale or multiple re-sales of their personal data, as the
collecting, processing and sharing of personal data, including sensitive data, has increased
significantly in the digital age,
Emphasizing that unlawful or arbitrary surveillance and/or interception of
communications, and the unlawful or arbitrary collection of personal data, as highly
intrusive acts, violate the right to privacy, can interfere with other human rights, including
the right to freedom of expression and to hold opinions without interference, and the right
to freedom of peaceful assembly and association, and may contradict the tenets of a
democratic society, including when undertaken extraterritorially or on a mass scale,
Emphasizing also that States must respect international human rights obligations
regarding the right to privacy when they intercept digital communications of individuals
and/or collect personal data and when they require disclosure of personal data from third
parties, including business enterprises,
Recalling that business enterprises have a responsibility to respect human rights as
set out in the Guiding Principles on Business and Human Rights: Implementing the United
Nations “Protect, Respect and Remedy” Framework, and that the obligation and the
primary responsibility to promote and protect human rights and fundamental freedoms lie
with the State,
Deeply concerned at the negative impact that surveillance and/or interception of
communications, including extraterritorial surveillance and/or interception of
communications, and the collection of personal data, in particular when carried out on a
mass scale, may have on the exercise and enjoyment of human rights,
Noting that, while concerns about public security may justify the gathering and
protection of certain sensitive information, States must ensure full compliance with their
obligations under international human rights law,
Emphasizing that, in the digital age, technical solutions to secure and to protect the
confidentiality of digital communications, including measures for encryption and
anonymity, can be important to ensure the enjoyment of human rights, in particular the
rights to privacy, to freedom of expression and to freedom of peaceful assembly and
association,
Emphasizing also that an open, secure, stable, accessible and peaceful information
and communications technology environment is important to the enjoyment of human
rights, including the right to privacy,
Noting that violations and abuses of the right to privacy in the digital age may affect
all individuals, including with particular effects on women, as well as children and persons
in vulnerable situations, or marginalized groups,
Noting with deep concern that, in many countries, persons and organizations
engaged in promoting and defending human rights and fundamental freedoms frequently
face threats and harassment and suffer insecurity as well as unlawful or arbitrary
interference with their right to privacy as a result of their activities,
Noting that the prevention and suppression of terrorism is a public interest of great
importance, while reaffirming that States must ensure that any measures taken to combat
terrorism are in compliance with their obligations under international law, in particular
international human rights law, international refugee law and international humanitarian
law,
1. Reaffirms the right to privacy, according to which no one shall be subjected
to arbitrary or unlawful interference with his or her privacy, family, home or
correspondence, and the right to the protection of the law against such interference, as set
out in article 12 of the Universal Declaration of Human Rights and article 17 of the
International Covenant on Civil and Political Rights;
2. Recalls that States should ensure that any interference with the right to
privacy is consistent with the principles of legality, necessity and proportionality;
3. Recognizes the global and open nature of the Internet and the rapid
advancement in information and communications technology as a driving force in
accelerating progress towards development in its various forms, including in achieving the
Sustainable Development Goals;
4. Affirms that the same rights that people have offline must also be protected
online, including the right to privacy;
5. Calls upon all States:
(a) To respect and protect the right to privacy, including in the context of digital
communications;
(b) To take measures to put an end to violations of the right to privacy and to
create the conditions to prevent such violations, including by ensuring that relevant national
legislation complies with their obligations under international human rights law;
(c) To review their procedures, practices and legislation regarding the
surveillance of communications, their interception and the collection of personal data,
including mass surveillance, interception and collection, with a view to upholding the right
to privacy by ensuring the full and effective implementation of all their obligations under
international human rights law;
(d) To establish or maintain existing independent, effective, adequately
resourced and impartial judicial, administrative and/or parliamentary domestic oversight
mechanisms capable of ensuring transparency, as appropriate, and accountability for State
surveillance of communications, their interception and the collection of personal data;
(e) To provide individuals whose right to privacy has been violated by unlawful
or arbitrary surveillance with access to an effective remedy, consistent with international
human rights obligations;
(f) To develop or maintain and implement adequate legislation, with effective
sanctions and remedies, that protects individuals against violations and abuses of the right
to privacy, namely through the unlawful or arbitrary collection, processing, retention or use
of personal data by individuals, Governments, business enterprises and private
organizations;
(g) To further develop or maintain, in this regard, preventive measures and
remedies for violations and abuses regarding the right to privacy in the digital age that may
affect all individuals, including where there are particular effects for women, as well as
children and persons in vulnerable situations or marginalized groups;
(h) To promote quality education and lifelong education opportunities for all to
foster, inter alia, digital literacy and the technical skills required to protect effectively their
privacy;
(i) To refrain from requiring business enterprises to take steps that interfere with
the right to privacy in an arbitrary or unlawful way;
(j) To consider appropriate measures that would enable business enterprises to
adopt adequate voluntary transparency measures with regard to requests by State authorities
for access to private user data and information;
(k) To develop or maintain legislation, preventive measures and remedies
addressing harm from the sale or multiple resale or other corporate sharing of personal data
without the individual’s free, explicit and informed consent;
6. Encourages all States to promote an open, secure, stable, accessible and
peaceful information and communications technology environment based on respect for
international law, including the obligations enshrined in the Charter of the United Nations
and human rights instruments;
7. Encourages all relevant stakeholders to participate in informal dialogues
about the right to privacy, and welcomes the contribution of the Special Rapporteur on the
right to privacy to this process;
8. Calls upon all business enterprises to meet their responsibility to respect
human rights in accordance with the Guiding Principles on Business and Human Rights:
Implementing the United Nations “Protect, Respect and Remedy” Framework, including
the right to privacy in the digital age, and to inform users about the collection, use, sharing
and retention of their data that may affect their right to privacy and to establish
transparency and policies that allow for the informed consent of users, as appropriate;
9. Encourages business enterprises to work towards enabling technical solutions
to secure and protect the confidentiality of digital communications, which may include
measures for encryption and anonymity, and calls upon States not to interfere with the use
of such technical solutions, with any restrictions thereon complying with States’ obligations
under international human rights law;
10. Requests the United Nations High Commissioner for Human Rights to
organize, before the thirty-seventh session of the Human Rights Council, an expert
workshop with the purpose of identifying and clarifying principles, standards and best
practices regarding the promotion and protection of the right to privacy in the digital age,
including the responsibility of business enterprises in this regard, to prepare a report
thereon and to submit it to the Council at its thirty-ninth session;
11. Encourages States, relevant United Nations agencies, funds and programmes,
intergovernmental organizations, treaty bodies, the special procedures, regional human
rights mechanisms, civil society organizations, academia, national human rights
institutions, business enterprises, the technical community and other relevant stakeholders
to participate actively in the expert workshop;
12. Decides to continue its consideration of the matter under the same agenda
item.
56th meeting
23 March 2017
[Adopted without a vote.]