Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Issue

Data Protection and Privacy Laws

Effective legislation helps minimize monitoring by governments, regulate surveillance by companies and ensure that personal information is properly protected.

Laws for the protection of privacy have been adopted worldwide. Their objectives vary: some have attempted to remedy past injustices under authoritarian regimes, others seek to promote electronic commerce, and many ensure compliance with pan-European laws and to enable global trade. Regardless of the objective, data protection laws tend to converge around the principle that individuals should have control over their personal information.

Interest in the right to privacy increased in the 1960s and 1970s with the advent of information technology. The surveillance potential of powerful computer systems prompted demands for specific rules governing the collection and handling of personal information. The genesis of modern legislation in this area can be traced to the first data protection law in the world, enacted in the Land of Hesse in Germany in 1970. This was followed by national laws in Sweden (1973), the United States (1974), Germany (1977) and France (1978).

Two crucial international instruments evolved from these laws: the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, and the Organization for Economic Cooperation and Development’s 1980 Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data. These rules describe personal information as data that are afforded protection at every step, from collection to storage and dissemination.

Although the expression of data protection requirements varies across jurisdictions, all require that personal information must be:

• obtained fairly and lawfully
• used only for the original specified purpose
• adequate, relevant and not excessive to purpose
• accurate and up to date
• accessible to the subject
• kept secure
• destroyed after its purpose is completed

We work with regulators and other institutions to advance the implementation and practices of data protection and privacy laws and to analyse how new policies and technologies may affect them. We also aim to hold companies and governments to account by filing briefings and complaints on how their practices can - or cannot - be reconciled with legal frameworks.

Data Protection and Privacy Laws

Blog
Edin Omanovic's picture

Two new categories of surveillance systems were added into the dual-use goods and technologies control list of the Wassenaar Arrangement last week in Vienna, recognising for the first time the need to subject spying tools used by intelligence agencies and law enforcement to export controls.

While there are many questions that still need to be answered, Privacy International cautiously welcomes these additions to the Wassenaar Arrangement. Undoubtedly, these new controls don’t cover everything they could, but the recognition that something needs to be done at Wassenaar level is a foundation to build from.

Blog
Mike Rispoli's picture

A strong, unified voice from the tech industry is absolutely essential to reforming the mass and intrusive surveillance programs being run by the Five Eyes, so we welcome today's statement from AOL, Apple, Google, Facebook, LinkedIn, Microsoft, Twitter, and Yahoo.

Companies have obligations to respect human rights and not be complicit in mass surveillance. Given what has been publicly revealed over the past six months, we must know for certain that the companies we entrust with our information on a daily basis are defending users and pushing back against government requests for our data. The launch of these industry principles today are a first step to restoring much of the trust in the industry that has been thrown into question since the release of the Snowden documents.

Blog
Kenneth Page's picture

The proliferation of private companies across the world developing, selling and exporting surveillance systems used to violate human rights and facilitate internal repression has been largely due to the lack of any meaningful regulation.

But a huge step toward finally regulating this billion-dollar industry was taken this week, when on Wednesday night the 41 countries that make up the Wassenaar Arrangement, the key international instrument that imposes controls on the export of conventional arms and dual-use goods and technologies, released a statement describing their intention to finally clamp down on this trade.

Opinion piece
Carly Nyst's picture

The following was a speech given by Carly Nyst, Head International Adovacy, at the UN Forum on Business and Human Rights, Geneva on 3 December

The internet and innovations in technologies have opened up previously unimagined possibilities for communication, expression, and empowerment. New technologies have become essential enablers of the enjoyment of human rights, from the right to education, to participation, to access to information. Today, the internet is not only a place where rights are exercised, it is in itself a guarantor of human rights.

At the same time, changes in technologies have given rise to increased opportunities for State interferences with human rights, particularly the rights to privacy and free expression. Even the world’s most longstanding democratic States have obtained the technical capacity to conduct country-wide internet monitoring, tracking and surveillance. Today, as the UN Special Rapporteur on freedom of expression observed in his report presented to the Human Rights Council in June 2013, “the State now has a greater capability to conduct simultaneous, invasive, targeted and broad-scale surveillance than ever before.”

In the media
Publisher: 
The Guardian
Publication date: 
02-Dec-2013
Original story link: 

The NSA's UK counterpart GCHQ faces even greater challenges under British and European human rights law. Advocacy group Privacy International has launched actions with the UK's investigatory powers tribunal and with the Organisation for Economic Co-operation and Development against both GCHQ and seven telecoms companies working with it.

In the media
Publisher: 
The Inquirer
Publication date: 
02-Dec-2013
Author(s): 
Dave Neal
Original story link: 

Human rights group Privacy International has asked for a formal investigation into whether the Australian Signals Directorate (ASD) offered to dump Australian citizens' personal comms data into the lap of the Five Eyes surveillance coalition.

Privacy International has reacted swiftly to a report in the Guardian newspaper that is based on Edward Snowden's whistleblowing revelations

Countries: 
Blog
Eric King's picture

The recent revelations, made possible by NSA-whistleblower Edward Snowden, of the reach and scope of global surveillance practices have prompted a fundamental re- examination of the role of intelligence services in conducting coordinated cross-border surveillance.

The Five Eyes alliance of States – comprised of the United States National Security Agency (NSA), the United Kingdom’s Government Communications Headquarters (GCHQ), Canada’s Communications Security Establishment Canada (CSEC), the Australian Signals Directorate (ASD), and New Zealand’s Government Communications Security Bureau (GCSB) – is the continuation of an intelligence partnership formed in the aftermath of the Second World War. Today, the Five Eyes has infiltrated every aspect of modern global communications systems.

Press release

Privacy International today has filed a complaint with the Australian Inspector-General of Intelligence Security, calling for an immediate investigation into deeply troubling reports that the Australian intelligence services offered to violate the privacy rights of millions of citizens by handing over bulk metadata to its Five Eye partners.

Opinion piece
Eric King's picture

The following is an excerpt from a Comment originally publihsed by The Guardian, written by Privacy International's Head of Research, Eric King:

As the global public reels from yet another Snowden revelation – this time, that the US and UK intelligence forces have hacked into and planted spyware on more than 50,000 computer networks worldwide – the hypocrisy of the US and British governments is brought into sharp relief. Less than four years ago Hillary Clinton, chastising China, declared that "countries or individuals that engage in cyber attacks should face consequences and international condemnation. In an interconnected world, an attack on one nation's networks can be an attack on all." Given what we now know to be the "Five Eyes" complete stranglehold on the world's internet infrastructure, how can we possibly reconcile repeated American appeals to internet freedom and condemnation of Chinese internet monitoring with US-sponsored network hacking?

Blog
Anna Crowe's picture

The drive for accountability in aid spending has put humanitarian and development agencies under pressure to collect an ever-growing amount of data about those who receive their assistance. Donors also increasingly demand that new technologies are deployed to ensure aid reaches those it is targeted at; preventing people from fraudulently using refugees’ identities, for example, was a key motivation behind UNHCR’s recent introduction of biometric technology to register Syrian refugees in Jordan.

Pages

Subscribe to Data Protection and Privacy Laws