I refer to the recent post by Jason Voiovich on the open Idka group Privacy2020*, which was very good food for thought. One of his points is that ‘privacy’ is a modern concept, to which I take some degree of exception. He argues that we should re-define the right, based on this and other assumptions. I do agree that a redefinition, in terms of adding, I would say, a new dimension to the understanding of the ‘Right to Privacy’ could and would be useful. Not necessarily because it’s warranted by actual new content, but because it would, as he argues, make people more disposed to protecting their right to privacy in the modern world. If this could be achieved, it would be a very valuable thing. However, I will argue that this must be complement by using the legal concept of Human Rights and the obligations assumed by states to respect, protect and fulfill people’s rights, chiefly amongst them, the right to privacy.

As Jason observes, hunter-gatherers did not have a concept of privacy, but neither did they have a concept of democracy. All ‘rights’ (inter alia Human Rights) are rights developed in connection with the development of advanced cultures (including democracy as a way of governance [‘by the people, for the people’ etc.]), simply because the formation of larger units with social contracts proved to be vastly superior in order to provide food, shelter and higher standards of living in general. With this organization and delegation of power came the need to limit the exercise of power and control of those governing on part of others.

You may say that there are two sources of the concept of ‘right to privacy’, one is the philosophical/ethical and the other is legal. The philosophical has its own history dating back to ancient Greece (Aristotle and Socrates) and further developed by inter alia, Habermas; and the legal, based in part on the philosophical, in various constitutions and charters adopted around the world.

However, in modern times, representatives of almost all nationalities, cultures, ethnic groups and races declared in 1948:

“All human beings are born free and equal in dignity and rights.”

… the first paragraph of the Universal Declaration of Human Rights. This document has inspired many nations and groups of nations, to further develop these rights (in some cases as legally enforceable supranational rights), and in particular the ‘Right to Privacy’.

The book “Human Rights Terminology in International Law: A Thesaurus” (Council of Europe, 1987), is based on the language used in codification of the right to privacy in the Universal Declaration as well as the International Covenant on Civil and Political Rights, the European Convention on Human Rights, the American Convention on Human Rights, American Declaration of the Rights and Duties of Man, and later, the ASEAN Human Rights Declaration (2012) that directly affirms all the civil and political rights in the Universal Declaration. There, the ‘Right to Privacy’ is summarized like this:

“The right to live one’s life with a minimum of interference. It concerns private, family and home life, physical and moral integrity, honor and reputation, avoidance of being placed in a false light, unauthorized publication of private photographs, protection from disclosure of information given in confidence.”

It is, therefore, very safe to say that mankind has agreed, collectively, that there are self-evident, inherent and undeniable human rights (though not without limitations for just reason [such as to protect for example minors]) vested in all human beings and that this cover concepts such as ‘Doxxing’ although this concept and other modern SoMe-related concepts was not invented yet. This means that states have a legal obligation to promote and uphold the right to privacy, although the detailed interpretation can vary to a certain extent according to the cultural setting. However, there are clear limitations to such interpretations.

So how does this relate to us today? Well, social media was not around when these concepts, with its philosophical roots and legal codifications, was hammered out.

The most striking difference is that, at the time, private surveillance was not around (not technologically possible at scale, only states would have such capabilities), and therefore the obligations and interpretation was centered around what the state/government could or could not do in relation to its citizens.

Today, massive, ubiquitous and intrusive invasion of people’s privacy comes from both governmental agencies and private entities. The former to a large degree based on the unfounded belief that it protects us from terrorism, while the latter is totally new, and particularly dangerous as they are not controlled by anyone, and especially not elected bodies, representing the people. Social media is by and large without any oversight or control and violates our right to privacy on a massive scale every minute of our lives.

So, the right to privacy means that there are limits to what governments can do in terms of recording, observing and handling information relating to individuals. But, more importantly today, governments also have an obligation to ensure that individuals are protected from other, i.e. private, entities violating the right to privacy of its citizens. In other words, there is a largely neglected legal obligation for governments to enact laws to prevent private or other entities to violate people’s right to privacy.

Although there are initiatives on part of governments to do so, notably the European GDPR legislation and efforts in particular in the legislative body of California in the US, states have generally failed to take necessary measures to discharge of their duties under their own constitutions and both binding and non-binding international human rights law.

GDPR is a great leap forward, but more in terms of demonstrating that governments have an obligation to legislate and enforce measures that protect its citizens from invasion of their privacy by private entities, rather than it being an effective tool or measure to actually give meaningful protection. Informed consent is important, but a toothless measure in reality.

As long a government does not prohibit the free trade in personal and sensitive information, we will, in a modern connected world, have our right to privacy invaded on a constant and ongoing basis. It is not like the process of prohibiting such trade is a new concept, it is done with illegal substances, child pornography, etc. today; and remember – wiretapping has been prohibited for decades – it is not more difficult than that, really. As an experiment, think about what it would look like if the established prohibition against wire-tapping was imply re-written to cover WatsApp, Facebook and TikTok…Such adjustment to legal standards are commonly done in order to clarify the application of legal concepts to an evolving world.

If each social media was limited to collecting and using personal information based on real informed consent, limited to specific purposes, the situation would change for the better. If the collection of online activities outside of the service would be prohibited (whether on the Web, in apps or otherwise) and the use and sale of this information would be banned, we would get somewhere. However, this would mean that 80% of Facebook’s revenue would be gone.

Realistic? Maybe not to most, but I think this is the way to go.

– Bjørn Stormorken, Idka co-founder and CFO

* Privacy2020 is an open group on Idka – for news and discussion around Privacy for the new decade and beyond. If you’d like to hear from industry experts and peers, share your voice, or join the movement for the protection of privacy as a human right, simply sign up for a free personal account on idka.com and enter Privacy2020 in the search box. Anyone can join!
We look forward to having you with us!