The Tunis Agenda of Nov. 18, 2005 states:
"We call upon all stakeholders to ensure respect for privacy and the protection of personal information and data,
whether via adoption of legislation, the implementation of collaborative frameworks, best practices and
self-regulatory and technological measures by business and users.
The reference to a "right to privacy" does not appear as such in the language of the Tunis Commitment. The need
for security is instead underlined throughout the text. The problem is that security is viewed as something more
important than what is a right ? the right to privacy ? even though security is not a right, but only a value,
unlike privacy, which is a fundamental right enshrined in several international human rights instruments, including
in the United Nations' Universal Declaration of Human Rights.
Since the language of the Tunis Commitment and Agenda do not contain strong wording on the necessity to comply with
fundamental human rights, such as the freedom of speech and the right to privacy, there is a risk that
authoritarian and undemocratic governments around the world might use the loose language to justify many of their
political actions in the name of security without respecting citizens' privacy rights.
For the last eight years, EPIC has been publishing an annual report about the developments in the field of privacy
in more than 70 countries in the world, Privacy and Human Rights. I will go through some of the most important
developments in the field of privacy in the last 2 years.
1. Most important recent developments in privacy in the world
- New anti-terrorism laws tend in all countries to go beyond their original intended purposes, and are often
disproportionate to their objectives. Concept of function creep.
- Ex.: video surveillance.
- Ex.: New identification and authentication measures; e.g., national ID.
- More powers for governments and law enforcement without counterbalancing oversight powers.
- Data mining is used by governments in more cases. Outcome : danger of dragnet surveillance. The principle of
presumption of innocence is reversed.
- Government surveillance starts with a control over minorities, then expands over the whole population.
- Ex.: US-VISIT (fingerprinting); ID cards.
- Governments use forum of international organizations to bypass the democratic debate when trying to get their own
parliaments to adopt measures that would be hard to pass if debated nationally.
- Ex.: RFID passports; Council of Europe Cybercrime Convention.
2. Important debates in the field of privacy in the world
- The value of national security trumps the fundamental right to privacy and self-determination.
How is it possible to protect privacy while increasing security and fighting against terrorism? How far will a
society go to achieve the ideal of total security? When is the objective of security going too far?
The Tunis Agenda for the Information Society recommends that a global culture of cyber-security be developed, which
"requires national action and increased international cooperation to strengthen security while enhancing the
protection of personal information, privacy and data." It is this debate that many governments have focused their
attention on in the last 5 years. However, this cannot be done without taking all stakeholders' concerns into
account and thinking whether absolute security is very likely to put a heavy toll on people's expectations for
privacy and freedom of speech.
- Collaboration between private and public entities. Law enforcement is delegating its surveillance duties to
private sector entities. Lack of strong privacy frameworks to regulate the flow of personal data between the
private and public sectors.
- Ex.: ChoicePoint case;
- Data retention debate in Europe: collaboration between ISP's and phone companies and the government;
- DOJ -> MSN, AOL and Yahoo.
- Next Little Brother: Google?
- Consumer privacy issues of concern: Transborder data flows and outsourcing of data processing to third world
countries. How to conciliate the need for flexible data processing across borders and the protection of data
subjects' privacy interests?
- The processing of personal data can be used as a tool of discrimination, especially between developing
and rich countries, the rich and the poor.
3. What should be the focus of discussions at the Internet Governance Forum next autumn?
In the Tunis Agenda, the need is acknowledged to organize a forum for a multi-stakeholder policy dialogue, and for
the participation in public policy decisions of all stakeholders, not only governments. The objective of this
forum is to foster the development and sustainability of the Internet.
- The scope of "Internet governance" includes the establishment of privacy rules.
"Internet governance" is defined as "the development and application by governments, the private sector and civil
society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programs
that shape the evolution and use of the Internet."
Civil society has an important role in the debate on Internet governance, including on the public policy issue of
privacy. It is necessary to work with inter-governmental and international organizations (OECD, APEC,?), and a
stakeholder approach and international collaboration are needed.
- The IGF will be an opportunity for all stakeholders (including civil society) to identify and develop
implementation strategies, mechanisms and processes for WSIS outcomes at international, regional, national and
local levels. The IGF needs to involve all Internet stakeholders: --> good opportunity for civil society to
- The promotion of ICT's and national technological development depends in part on strong data protection
frameworks. Example of emerging economies such as India, Singapore, China that have understood the importance
of coming up with a data protection framework.
- The development and implementation of e-government applications is promoted in the Tunis Agenda as a way to
build an Information Society that furthers access to government information and services for people.
E-government applications cannot exist without strong privacy protections.
- Civil society can have a role at the national level to suggest e-strategies and Information Society policies
to their governments that include the protection of individuals' and consumers' privacy rights.
- Data protection laws encourage e-commerce and promote consumer trust. There is a need to enact privacy
and data protection laws when creating the legal and regulatory frameworks of developing countries and countries
without such privacy and data protection frameworks. The success of the harnessing of the potential of ICT's and
their development is therefore related to strong privacy and data protection laws.
- Security is emphasized throughout the Tunis Agenda. There is a need to develop security of the Internet in
compliance with the right to privacy and freedom of expression, as protected in the Universal Declaration of
- Necessity to implement privacy protections at the level of, and into, the ICT's themselves rather than
adopting privacy laws that would apply to ICT's that have not been created and developed with privacy concerns in
mind. In this regard, Privacy Impact Assessments are useful.
- Ex. of PET (privacy-enhancing technologies)'s: a browser that incorporates privacy protections, such as a
feature that automatically rejects cookies and allows opt-in for the user.