This week the UN Human Rights Committee has issued recommendations to the Governments of Namibia, New Zealand, Rwanda, South Africa, and Sweden to reform and strengthen surveillance and privacy protections.
The Committee recommendations touch upon some of the fundamental issues of surveillance powers and the right to privacy, including mass surveillance, retention of communication data, judicial authorisation, transparency, oversight, and regulating intelligence sharing.
These recommendations are yet another confirmation that the human rights provisions contained in the International Covenant on Civil and Political Rights provide an effective framework to assess whether modern communication surveillance laws and practices comply with the right to privacy.
Now the ball is in the Governments’ court. Will they choose to reform their surveillance laws and subject interception to judicial authorisation and oversight? Will they protect and treat personal data in accordance with human rights standards, and without discriminating between nationals and non-nationals? Will they adopt comprehensive and effective data protection regimes?
The Committee noted with concern that interception centres seem operational despite a lack of clear legal basis, as well as the lack of clarity regarding the reach of legal interception possibilities and the safeguards to ensure respect of the right to privacy in line with the International Covenant on Civil and Political Rights.
The Committee echoed Privacy International’s concerns about New Zealand communications surveillance, namely the lack of safeguards in the interception of so-called foreign communications.
The Committee recommended that “sufficient judicial safeguards are implemented, regardless of the persons’ nationality or location, in terms of interception of communications and metadata collection, processing, and sharing”, confirming previous concluding observations by the Committee for countries like the UK and the US.
The Committee expressed concern that the law regulating the interception of communications permits the interception of communications without prior authorization of a judge. The Committee recommended that “the interception of communications and use of data take place on the basis of specific and legitimate objectives and that the categories of circumstances in which such interference may be authorized and the categories of persons likely to be intercepted are set out in detail. It should also ensure the effectiveness and independence of a monitoring system for interception, in particular by making provision for the judiciary to take part in the authorization and monitoring of the interception.”
Privacy International, together with the South African campaign Right2Know and the Association for Progressive Communications, raised significant concerns about the laws, policies, and practices surrounding surveillance by intelligence and law enforcement agencies.
The Human Rights Committee was concerned “about the wide scope of the data retention regime” and “at reports of unlawful surveillances practices, including mass interception of communications, carried out by the National Communications Centre”. It called on South Africa to “take all necessary measures to ensure that any interference with the right to privacy complies with the principles of legality, necessity and proportionality”.
Further, the Committee called on South Africa to “refrain from engaging in mass surveillance of private communications”, to “consider revoking or limiting the requirement for mandatory retention of data by third parties” and to “increase the transparency of its surveillance policy and speedily establish independent oversight mechanisms to prevent abuses and ensure that individuals have access to effective remedies.”
These recommendations should form the blueprint for a long overdue reform of surveillance laws in South Africa. It is now up to the Government to show that it is acting in good faith to implement its obligations under international human rights law by engaging South African civil society, and beginning the reform process.
Despite the Swedish Government’s reassurance, the Human Rights Committee remained concerned “about the limited degree of transparency with regard to the scope of these surveillance powers [under the Signals Intelligence Act], and the safeguards on their application.” And - reflecting a concern shared by Privacy International, Civil Rights Defenders and DFRI - it criticized “the lack of sufficient safeguards against arbitrary interference with the right to privacy with regard to the sharing of raw data with other intelligence agencies”.
The Committee called for increased “transparency of the powers of, and safeguards on the National Defence Radio Establishment (Försvarets Radioanstalt - FRA), the Foreign Intelligence Court and the Data Inspection Board” including “by considering to make their policy guidelines and decisions public”.
Notably, the Committee confirmed that intelligence sharing with foreign agencies should be regulated in “in full conformity with its obligations under the Covenant, in particular article 17, including the principles of legality, proportionality and necessity”, including putting in place “effective and independent oversight mechanisms over intelligence-sharing of personal data” and providing affected persons with effective remedies in cases of abuse.
The full text of all recommendations made today by the Human Rights Committee can be found here.