Session
In a world that is increasingly shaped by data-hungry technologies, protecting the right to privacy is becoming a central challenge for societies around the world. The right to privacy is a crucial safeguard for the ability of individuals to live a life in freedom, to form opinions, to express themselves without fear and to fully develop their personality. Its implications for the enjoyment of economic and social rights cannot be overestimated. Privacy protection is also key for the most disadvantaged and vulnerable members of society who are at greater risk of discrimination. And privacy is essential for ensuring that there is a space for civil society to operate and meaningfully participate in public life.
Following extensive consultations with a wide range of stakeholders (including at an expert workshop and through numerous written submissions), the UN High Commissioner for Human Rights in September 2018 presented to the UN Human Rights Council a comprehensive report on the right to privacy in the digital age (A/HRC/39/29). It addressed a broad range of pressing issues, from government surveillance to the responsibilities of business enterprises in designing their products and services. This session will zoom in on one of the key trends of concern identified in the report, the use of biometric data by governments and the private sector.
States and business enterprises increasingly deploy systems relying on the collection and use of biometric data, such as DNA, facial geometry, voice, retina or iris patterns and fingerprints. Some countries have created immense centralized databases storing such information for a diverse range of purposes, from national security and criminal investigation to the identification of individuals for purposes of the provision of essential services, such as social and financial services and education. Closed-circuit television cameras in cities, train stations or airports that use facial recognition to automatically identify and flag persons are becoming commonplace. Biometric-based technologies are increasingly used to control migration, both at borders and within countries.
Following a brief presentation of the findings of the report of the High Commissioner, the panelists will discuss the opportunities provided by reliable biometrics technology and the significant human rights concerns linked to that, from the risks of identity theft to the unlawful tracking and monitoring of individuals. They will identify ways to prevent and mitigate adverse human rights impacts.
Office of the UN High Commissioner for Human Rights
Emilie Seruga-Cau, Head of Public Affairs Department, Directorat for Compliance, Commission Nationale de l'Informatique et des Libertés (CNIL)
Ololade Shyllon, Advisor of the Democracy, Transparency and Digital Rights Unit at the Centre for Human Rights
Graham Webster, Fellow and Coordinating Editor, DigiChina, New America
Smitha Krishna Prasad, Associate Director, Centre for Communication Governance at National Law University Delhi
Wafa Ben-Hassine, Access Now, Middle East and North Africa Policy Lead
Asako Hattori, OHCHR
Report
- Session Type (Workshop, Open Forum, etc.): Open Forum
- Title: The Right to Privacy in the Digital Age – The Use of Biometric Data
- Date & Time: 14 November 2018, 9-10am
- Organizer(s): Office of the United Nation High Commissioner for Human Rights (OHCHR)
- Chair/Moderator: Tim Engelhardt, Human Rights Officer, (OHCHR)
- Rapporteur/Notetaker: Tim Engelhardt
- List of speakers and their institutional affiliations (Indicate male/female/ transgender male/ transgender female/gender variant/prefer not to answer):
Emilie Seruga-Cau, Head of Public Affairs Department, Directorat for Compliance, Commission Nationale de l'Informatique et des Libertés (CNIL)
Ololade Shyllon, Advisor of the Democracy, Transparency and Digital Rights Unit at the Centre for Human Rights
Graham Webster, Fellow and Coordinating Editor, DigiChina, New America
Smitha Krishna Prasad, Associate Director, Centre for Communication Governance at National Law University Delhi
Wafa Ben-Hassine, Access Now, Middle East and North Africa Policy Lead
- Theme (as listed here): Cybersecurity, Trust and Privacy
- Subtheme (as listed here): Data privacy and protection
- Please state no more than three (3) key messages of the discussion. [150 words or less]
- Biometric data are sensitive data, requiring a high level of protection. There are enormous risks connected with biometric systems, as biometric information is by definition inseparably linked to a particular person and that person’s life, and has the potential to be gravely abused.
- Rolling out biometric technology should be done deliberately and slowly, in a rights-respecting and protecting way. States in particular need to demonstrate the necessity and proportionality of the deployment of biometric technology. They need to have legal and other safeguards in place.
- Finding ways for the safe, rights-respecting use of biometrics requires collaboration of experts and stakeholders from all backgrounds (e.g., technical community, businesses, States agencies, philosophers, gender experts). This requires breaking up silos.
- Please elaborate on the discussion held, specifically on areas of agreement and divergence. [150 words]
The session started with a brief overview of the recent report to the Human Rights Council of the UN High Commissioner for Human Rights on the Right to Privacy in the Digital Age (A/HRC/39/29), highlighting in particular that States need to establish appropriate legal framework for protecting data privacy against undue interferences by States and businesses. The following presentations and the discussion then zoomed in on the use of biometrics. The presentations focused on a range of case studies from several countries from Africa, MENA and Asia. The participants agreed that while there may be clear benefits of biometrics technology for security, trust but also convenience, it is linked to serious risks, often affecting the vulnerable and marginalised. Biometrics should therefore be deployed with caution. States should only use biometrics for clearly defined purposes and on the basis of informed consultations with all stakeholders.
- Please describe any policy recommendations or suggestions regarding the way forward/potential next steps. [100 words]
The discussion demonstrated broad support for the recommendation not to rush the deployment of biometrics but to move deliberately and slowly. Any deployment of biometrics needed to comply with international human rights standards. This included that it needed to be done in a transparent fashion, on the basis of clearly defined laws, for specific purposes and in accordance with the necessary and proportionate principle. The discussion also highlighted the necessity to maintain effective grievance and redress mechanisms.
- What ideas surfaced in the discussion with respect to how the IGF ecosystem might make progress on this issue? [75 words]
The need to leave silos and work interdisciplinary and with all stakeholders was emphasised by several participants. As was pointed out in another session, digital identity is a building block of the digital society and economy. The risks and necessary legal, technical, procedural and other measures for protecting people’s privacy in the context of the use biometrics should be further investigated.
- Please estimate the total number of participants. 70
- Please estimate the total number of women and gender-variant individuals present. 35