Today, a collection of international advocates and experts from the academic, consumer, digital rights and labor communities met in Madrid to discuss the future of privacy across the globe.
Organized by The Public Voice Coalition, this important meeting precedes the 31st International Conference of Data Protection and Privacy Commissioners, and provided a unique opportunity to discuss with public officials and the business sector about how to raise privacy awareness in the global community, and how to promote civil society participation in decision making processes towards the adoption of better privacy and data protection standards globally.
The conference closed with the launch of the Madrid Declaration on Global Privacy Standards for a Global World, affirming that privacy is a fundamental human right and reminding “all countries of their obligations to safeguard the civil rights of their citizens and residents.”
The Declaration warns that “privacy law and privacy institutions have failed to take full account of new surveillance practices,” and urges countries “that have not yet established a comprehensive framework for privacy protection and an independent data protection authority to do so as expeditiously as possible.” It recommends a “moratorium on the development or implementation of new systems of mass surveillance,” and calls for the “establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions.”
The full text of the Madrid Declaration is below. I’ve requested that my name be added to the list of signatories.
Global Privacy Standards for a Global WorldThe Civil Society DeclarationMadrid, Spain3 November 2009
Affirming that privacy is a fundamental human right set out in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other human rights instruments and national constitutions;
Reminding the EU member countries of their obligations to enforce the provisions of the 1995 Data Protection Directive and the 2002 Electronic Communications Directive;
Reminding the other OECD member countries of their obligations to uphold the principles set out in the 1980 OECD Privacy Guidelines;
Reminding all countries of their obligations to safeguard the civil rights of their citizens and residents under the provisions of their national constitutions and laws, as well as international human rights law;
Anticipating the entry into force of provisions strengthening the Constitutional rights to privacy and data protection in the European Union;
Noting with alarm the dramatic expansion of secret and unaccountable surveillance, as well as the growing collaboration between governments and vendors of surveillance technology that establish new forms of social control;
Further noting that new strategies to pursue copyright and unlawful content investigations pose substantial threats to communications privacy, intellectual freedom, and due process of law;
Further noting the growing consolidation of Internet-based services, and the fact that some corporations are acquiring vast amounts of personal data without independent oversight;
Warning that privacy law and privacy institutions have failed to take full account of new surveillance practices, including behavioral targeting, databases of DNA and other biometric identifiers, the fusion of data between the public and private sectors, and the particular risks to vulnerable groups, including children, migrants, and minorities;
Warning that the failure to safeguard privacy jeopardizes associated freedoms, including freedom of expression, freedom of assembly, freedom of access to information, non-discrimination, and ultimately the stability of constitutional democracies;
Civil Society takes the occasion of the 31st annual meeting of the International Conference of Privacy and Data Protection Commissioners to:
(1) Reaffirm support for a global framework of Fair Information Practices that places obligations on those who collect and process personal information and gives rights to those whose personal information is collected;
(2) Reaffirm support for independent data protection authorities that make determinations, in the context of a legal framework, transparently and without commercial advantage or political influence;
(3) Reaffirm support for genuine Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information and for meaningful Privacy Impact Assessments that require compliance with privacy standards;
(4) Urge countries that have not ratified Council of Europe Convention 108 together with the Protocol of 2001 to do so as expeditiously as possible;
(5) Urge countries that have not yet established a comprehensive framework for privacy protection and an independent data protection authority to do so as expeditiously as possible;
(6) Urge those countries that have established legal frameworks for privacy protection to ensure effective implementation and enforcement, and to cooperate at the international and regional level;
(7) Urge countries to ensure that individuals are promptly notified when their personal information is improperly disclosed or used in a manner inconsistent with its collection;
(8) Recommend comprehensive research into the adequacy of techniques that “deidentify” data to determine whether in practice such methods safeguard privacy and anonymity;
(9) Call for a moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers, and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate; and
(10) Call for the establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions.
3 November 2009