Online Privacy: Its Advancement and Importance Internationally
By Sarah Pike
The Internet can help promote shared international values through the exchange of information and ideas. However, it can also be a site of surveillance and abuse. With more of the world coming online, opportunities for privacy to be invaded will continue to grow. These violations matter to the international community due to their frequency, impact on human rights, and the ways they occur across borders and impact multiple jurisdictions.
As the law struggles to keep pace with technological advancement, looking to the current international landscape may help to synthesize best practices while showing how far we have to go to protect the right to privacy in these spaces we all share.
Privacy Problems: The Example of Doxxing
There are a variety of ways in which privacy rights can be infringed digitally, including online abuse which is disproportionately gendered, racialized, or otherwise targeted at marginalized communities. One such example is doxxing, or doxing. Doxxing (from “docs” or “document” when the term originated with hackers) is the posting of personal information (ranging from social security numbers to home addresses) in order to cause harm. This release of private information can lead to a variety of frightening offline outcomes, from lost jobs to assault.
Here, privacy concerns cut two ways. First, doxxing victims clearly invades their privacy through the publication of their uncovered or collated personal information. In the too-common cases of doxxers targeting marginalized individuals, “unmasking” those responsible may seem to serve justice. However, there is a second privacy interest to consider: that of the doxxers. Allowing states or private corporations to revoke the anonymity of users can have major consequences if these powers are then used in other contexts against minority, activist, or other communities who depend on anonymity to keep themselves safe. We may feel very differently about the doxxing of a private individual who speaks out about gender discrimination in her industry than we do about the release of private documents that show wrongdoing by powerful politicians in an authoritarian regime.
We may wish for these cases to be differentiated by law, just as some countries’ defamation laws have different standards for public and private actors. However, online privacy laws currently diverge across countries. Some nations may distinguish such cases, others may not, and some may have no applicable laws at all. Though just one of many similar issues, doxxing reveals the importance of online privacy laws and the problems with their variance worldwide.
A Lack of International Consensus
Like other human rights, the right to privacy is outlined in a range of international human rights laws. Some, like the European Union’s Data Protection Directive, focus on current challenges raised by digital communications and devices. Others, like the Universal Declaration of Human Rights, were authored too long ago to have considered such technologies.
Despite many such documents, there is currently no universally agreed-upon definition of privacy. In 2015, the United Nations appointed the first-ever Special Rapporteur on the Right to Privacy. The Rapporteur’s Mandate includes a focus on the “particular challenges arising in the digital age” as well as an effort to define the right to privacy. Until then, nations are addressing privacy questions to varying degrees.
State & Corporate Actors
Adoption and update of online privacy laws is proceeding worldwide. Though some nations have no relevant legal instruments, over 100 independent states and jurisdictions now have privacy or data protection laws. Still, these online privacy protections vary in their strength and breadth.
The European Union’s Data Protection Directive, mentioned above, was considered a leading framework for its comprehensive protection of privacy. An updated General Data Protection Regulation involved many critical debates, and will come into force in 2018. These changes are encouraging other countries that had been considered online privacy leaders, like Canada, to review their laws as well, demonstrating the quick pace of change needed in this area.
In India, the Supreme Court recently ruled unanimously that privacy is a right inherently included, and thus protected by, the Constitution. While recent updates to the Information Technology Act include explicit protections for online privacy, this new decision may push such protections even further in future.
Some privacy laws are becoming more specific. The United Kingdom has started to focus on online abuse by individuals, by including doxxing and other forms of harassment in its recently updated cyber offense guidelines. Countries like Singapore and South Africa also have laws against online harassment.
However, some countries have laws that are simply too outdated to adequately respond to contemporary online privacy issues. For example, the main federal statute governing online privacy in the United States is the Electronic Communications Privacy Act, passed in 1986. A proposed federal bill, the Online Safety Modernization Act, would make doxxing and similar online acts crimes under the United States Code. California has also passed its own California Electronic Communications Privacy Act, with modern provisions.
Besides state actors, it is also important to consider large private corporations. Millions of clients worldwide may be impacted by the privacy policies and degree of government cooperation of such companies. This is especially true of social media platforms like Facebook and Twitter, which are often the venue of doxxing attacks and other forms of privacy invasion, such as government surveillance. As non-elected bodies, there may be particular concerns about allowing such actors to self-regulate.
Online harassment and violence is only one of many potential threats to privacy in the digital age. Laws at both the international and national level have promise, but are still works in progress. As our online interactions expand, it behoves us to keep creating clear and robust protections for privacy.