Skip links

The right to privacy online

Analysis: The evolution from one type of society to another has effected an interpretation of the right to privacy in an online context.

In 1992 the public gained access to the former Eastern Germany secret service Stasi archives. They consisted of 180 kilometers files and 35 million other documents, photos , audio, documents and taped phone conversations. The archives are evidence of a gigantic effort. Physical penetration into people’s homes, hours of interception and handling of information. Stasi was founded in 1950. This was also the year the European Convention on Human Rights was drafted (signed in 1953 ) . Two years before in 1948, the UN Declaration on Human Rights was adopted. Both had and still have an article on the right to privacy.

We also have archives in the 21st century. Google processes 24 petabytes of data per day (1 petabyte is approx. 20 million four drawer filing cabinets filled with text ), 10 million photos are uploaded every hour on Facebook , Facebook users ” like” or comment three billion times a day, and every second one hour of video is uploaded on Youtube. The right to privacy was originally defined as a protection against state surveillance. But today, the archives have evolved. They are created by both public and private actors and we are developing them ourselves just by our very existence online. In1950 surveillance required an extra effort, but today it is privacy that requires us to do something extra. In a Big Data era collection of data is the default and monitoring is not only effortless, it is also a “give away”.

Online privacy in three stages: The emancipation, the obstacle and the popular momentum

The right to privacy has throughout this development remained the same fundamental right. But the evolution from one type of society to another has effected an interpretation of the right in an online context. This interpretation (also called “online privacy”) has undergone various phases of popularity. In the 1990s, anonymity was described as a unique liberating tool for experimenting with identity online and challenge established forms of economic and social power. But later online privacy had its first image problem. Online anonymity was accused of everything from being a cover for illegal activities, cyberbullying and trolling to being an obstacle to open innovation in cloud computing, big data and social media. Some even went as far as to declare privacy an extinct social norm. Whereas the first two phases have been characterized by the fiery souls in politics, business, activism and technology development, we are now entering a new phase. This includes ordinary users of the Internet and mainstream media. Today ordinary internet users increasingly demand the opportunity to create our own circles of inclusion and exclusion online and have control over the contexts we share our data in. And it is also the new services and applications that are able to provide their users with a feeling of control over our data that are growing the fastest right now. Online privacy has gained a popular momentum.

The three: the legislator, the industry and civil society

In her book ” Framing the Net” (2013 ) Rikke Frank Jørgensen from the Danish Institute of Human Rights, describes how the debate on the Internet’s implications for human rights over the years have accumulated into a momentum that has reached its peak these years. On June 5, 2012 the UN Human Rights Council, for example adopted a resolution which stressed that “the same rights that people have offline must also be protected online.” But perhaps even more striking and with a very specific interpretation of the right to privacy the UN General Assembly adopted on 19 December 2013 the resolution ”The Right to Privacy in the Digital Age” and in 2015 after several special reports and public statements on digital privacy and surveillance, UN appointed a Special Raporteur on the Right to Privacy. There is an important signal value in these, but resolutions alone unfortunately do not guarantee protection and respect. An extra effort is required from all sectors of society – legislators, the private sector, tech – industry, world of organizations and ourselves.

One type of reactions are the ones we right now see from regulators and governmental bodies. In the EU for example, a reform of the outdated Data Protection Directive from 1995 is negotiated fiercely among Member States. Another relevant trend is the lawsuits around the world in the past year that deals with elements of specific social media companies’ handling of their users’ data as in the recent cases by Max Schrems. And then there is the landmark judgment of the EU Court of Justice from April 8 2014 on the EU Data Retention Directive, which stated that the wide ranging retention of data implies an extremely serious violation of the fundamental rights and respect for privacy.  From a Danish perspective, there has not been much pro activity to track though. Reactions to the EU Court’s decision was hesitating, and Denmark has certainly not been a forerunner in relation to the Data Protection Reform. There was for example no mentioning of the reform in the priority program of the Danish EU Presidency in 2012.

Another type of reaction comes from the Internet industry and the tech developers. In 2014 Edward Snowden chose to step forward at the tech community’s biggest annual conference South by Southwest (SXSW), because as he said, this is where one can find ”the folks that really fix things who can enforce our rights for technical standards”. There are two types of reactions to trace within this sector. One comes from the social media giants Google, Yahoo , Facebook, Microsoft , etc.  who, following the Snowden revelations of the NSA’s mass surveillance, at first argued that the trust on which the Internet’s primary business models and forms of exchange today are built, needs to be rebuilt through a legal reform and transparency. That is, users need to know how their data is used and for what. The second type of reaction is based on a fundamental critique of the Internet’s general evolution. “The Internet is broken”, some say, so why should we trust it? The Internet was originally developed to support only a few hundred of users who trust each other and it cannot bear the development it has gone through with billions of users and services. The internet of today is not secure and it is made up of monopolies and big data business models that stand in direct contrast to the original ideas of a free Internet. This trend is visible in a growing community with innovative initiatives and services built on the idea about an “alternative internet”, alternative business models and a more balanced power relation between the individual and the private and public institutions of society.

A third type of reaction is ours. Civil society, the ordinary internet user, you and me. One response to the challenges here are the initiatives, demonstrations, campaigns and lawsuits driven by tireless activists and interest groups such as the European EDRI, Privacy International and Electronic Frontiers. Another type of reaction may come from the ordinary internet user. We are all natives of the Internet, that is; we have grown up with the same “world view” of the internet, of how the world we experience on the internet is structured, of who owns what and what we can demand and ask for when we use the Internet. The problem with being a native is just that even though (or perhaps exactly because) you speak the language fluently, you will be the last one to question the state of affairs. The best reaction from us, the ordinary internet user, should therefore be that we are critical of everything that is taken for granted today. Looking at things from a distance it is for example striking that the debate on the solutions to the challenges of the right to privacy is heavily characterized and steered by interests – economic, national and personal. However, a shared point of departure should be that the right to privacy is a fundamental human right that must be respected online, also when it is contrary to specific interests. It is not the right to privacy that must obey, but the solutions that must.