The first step to recovery is admitting you have a problem, but some states continue to be in denial
This piece was written by PI Advocacy Officer Alexandrine Pirlot de Corbion.
A few months ago, we welcomed the recommendations submitted at the 27th Universal Periodic Review (UPR) calling on India, South Africa and Tunisia to review and bring all legislation concerning communication surveillance in line with international human rights standards and to submit these measures to a test of necessity and proportionality. We further welcomed recommendations made to India and South Africa on the need to ensure that intelligence agencies are subject to independent oversight.
Sadly, the seriousness of our concerns, as well as those of the Permanent Mission of Lichtenstein, who had made these recommendations, were side-lined by two of these three states, with both India and South Africa not providing their support to the aforementioned recommendations.
While we are disappointed by both, our displeasure is further heightened in the case of India. We had hoped that the Supreme Court’s recent decision in August 2017 to recognise that there was a fundamental right to privacy under the Indian constitution, would pave the way for further good news, but this was not the case. The government of India decided not to give its support to the recommendations it received, namely to bring all legislation concerning communication surveillance in line with international human rights standards and to take necessary steps to ensure that all operations of intelligence agencies are monitored by an independent oversight mechanism.
We see this as a missed opportunity for India to address the severe shortcomings of its legal framework and practices when it comes to communication surveillance and data protection. As presented by CIS and Privacy International, these include but are not limited to: broad and fragmented standards for surveillance; lack of comprehensive and independent oversight of state surveillance; broad access obligations imposed on service providers; blanket subscriber registration for use of post-paid, prepaid, and public Wi-Fi services; and the lack of a comprehensive data protection framework, despite adopting and deploying nation-wide data-intensive systems such as Aadhaar.
Likewise, South Africa failed to provide its support for the similar two recommendations it was given: to ensure all surveillance were subject to a test of necessity and proportionality, and to take necessary steps to ensure that all the operations of intelligence agencies are monitored by an independent oversight mechanism. This is again disappointing because accepting these would have reinforced recent developments in the country, such as the recent launch of a constitutional challenge to RICA, South Africa’s main surveillance law. The challenge aims to address some of the major shortcomings and gaps in South Africa’s legal framework which Right2Know and Privacy International had highlighted in our joint submission including: (i) the low burden of proof required for a warrant for lawful interception, (ii) the lack of user notification, and (iii) the retention of data not meeting the necessity and proportionality test. Furthermore, in 2017, Dr Maru Dintwe was finally appointed as the Inspector General of Intelligence. This position had been left vacant for over two years, and was a long-running campaign by Right2Know to see this appointment made. This appointment gives new recourse to victims of abuse of power in the intelligence sector.
It would be remiss if we did not express our pleasure that Tunisia decided to give its support to the recommendation it was given. Since the fall of the Ben Ali regime, various steps have been taken by the new authorities to modernise and democratise the institutional infrastructure through political and legal reforms and improved respect for the rule of law. It could appear that accepting these recommendations are part of their attempts to address the current shortcomings of national privacy and data protection laws, along with the country’s adhesion to the Council of Europe’s Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data in July 2017, as well as hosting the 10th Annual Conference and 11th General Assembly of the Association of Francophone Data Protection Authorities in September 2017.
Having said that, Tunisia’s data protection framework still falls short of international data protection principles, and reform is slow coming. As a result of the legal shortcomings, the lack of transparency and the vast autonomy enjoyed by these entities, we continue to remain concerned by the threats and cases of unlawful communication surveillance particularly in the context of the new surveillance agency, the Technical Agency for Telecommunications (AATT), the Law №26 on the Fight Against Terrorism that was hastily adopted in 2015, and the possible on-going legacy of the surveillance infrastructure of the Ben Ali regime. Tunisia’s acceptance of the recommendation to review and align its surveillance policies and practices with international human right standards is a first step in the right direction, and we will keep a close eye to ensure they comply. If they don’t, we will be right there to remind put them back on the right track.
Finally, we would like to reiterate that whilst the above has been a positive process in terms of the increased recognition in UN human rights monitoring mechanisms of the growing threats faced by the right to privacy across the world, Privacy International and its Network, (who had submitted joint submissions for the review of Morocco, Brazil, the Philippines and Indonesia) remain troubled that our concerns were not raised during the 27th UPR session. Through our joint engagement, we will continue to strategically engage with the diverse opportunities offered by these mechanisms to ensure that current failures of these countries to protect, uphold and respect the right to privacy are known and documented.