[IRP] Charter section on privacy
Thu Nov 12 20:44:09 EET 2009
Hi privacy folks
I have just consolidated the section of the charter on human rights and
principles on the internet that deals with privacy.
I copy it below, but I would urge you to edit the g-doc
*Article 12 - Privacy *
No one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law against such
interference or attacks.
Personal data must be protected. Private or public organisations or
companies, civil society organisations as well as governmental bodies must
comply to requirements regarding privacy practices and governance structures
and international privacy standards when processing personal data on their
Collection, use, disclosure and retention of this information must comply
retrieve their collected personal data. People must be free and able to
exercise control and informed decision-making over the personal data and
information collected about them and their usage.
Data collected must be protected from unauthorised disclosure and security
errors should be rectified without delay.
Except agreed otherwise data should be deleted when it is no longer
necessary for the purposes for which it was collected, or for legal reasons.
The public must be warned about the potential for misuse of data supplied.
Organisations have a responsibility to notify people when the information
has been abused, lost, or stolen.
People must be free to communicate without arbitrary surveillance or
interception, or the threat of surveillance or interception. This includes
the use of technologies such as deep packet inspection and the exercise of
control over individuals such as in instances of domestic violence and
Public or private organisations or companies, including social networks and
service providers, which require personal information from individuals
should raise awareness and request the consent of the individual regarding
the content, purposes, storage location, duration and mechanisms for access,
retrieval and correction of their personal data.
Service providers have a responsibility to make clear in which legal
jurisdiction(s) the user's data is being hosted, so that the user can make
Service providers should communicate clearly with users the circumstances
under which personal data will be shared with governments and/or with other
An individual should have the possibility: a) to obtain from a behavioral
tracker, or otherwise, confirmation of whether or not the behavioral tracker
has data relating to him; b) to have communicated to him data relating to
him within a reasonable time; at a charge, if any, that is not excessive; in
a reasonable manner; and in a form that is readily intelligible to him; c)
to be given reasons if a request made under subparagraphs (a) and (b) is
denied, and to be able to challenge such denial; and d) to challenge data
relating to him and, if the challenge is successful, to have the data
erased, rectified, completed or amended [Legislative Primer September
People must be free to communicate anonymously on the internet, such as
through the use of encryption. People communicating on the internet must
have the right to use tools which encode messages to ensure secure, private
and anonymous communication, in so far as it does not violate the right to
privacy of other individuals.
There must be adequate protection of the law against violation of the right
to privacy on the internet, whether perpetrated by an individual,
communities or social networks, companies, international organizations or
In the information society the right to privacy has to be
supported by a guarantee (or principle) of confidentiality
and integrity of IT-Systems, providing the protection against others
accessing IT-Systems without consent.
*Background Information on Article 12*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IRP