Article 8 of the European Convention on Human Rights (ECHR) (adopted 4 November 1950, entered into force 3 September 1953) and article 11 of the American Convention on Human Rights (adopted 22 November 1969, entered into force 18 July 1978) enshrine the right to privacy. As with International Covenant on Civil and Political Rights (ICCPR), the right to privacy is not a non-derogable, absolute right under article 15 ECHR and article 27(1) of the American Convention respectively.
In contrast, the African Charter on Human and Peoples Rights (adopted 1 June 1981, entered into force 21 October 1986) does not contain a provision directly referring to the right to privacy. In addressing such gaps, the African Commission on Human and Peoples' Rights (ACommHPR) streamlined the African Charter with international approaches and standards when adopting its Principles and guidelines on human and peoples' rights while countering terrorism in Africa in 2016. It was of the view that the Charter protects the right to privacy indirectly, through such provisions as freedom of conscience, freedom of expression, the right to receive information, freedom of association, the duty on the State to protect the family, and the right to participate freely in the governance of one's country (ACommHPR, 2015, p.36).
Human rights bodies emphasize the importance of individuals having a private sphere free from State interference in order to develop themselves and their relationships with others. The European Court of Human Rights (ECtHR) additionally links psychological wellbeing to the enjoyment of the right to privacy. The Human Rights Committee and Inter-American Court of Human Rights (IACtHR) frequently discuss the right to privacy in conjunction with the protection of other rights, such as freedom of expression.
Regional human rights bodies apply similar criteria to the United Nations bodies when evaluating whether an interference with the right to privacy is lawful. However, there are some subtle variations in which regional and international bodies may interpret particular criteria. For instance, in relation to the right to privacy regarding interference, the ECtHR has determined that in order for a limitation to the right to privacy to be in accordance with the law, domestic law has to contain clear provisions explaining in what circumstances the government officials could monitor an individual's communications, how such officials take decisions related to intercepting communications, and the procedure the officials have to follow in order to intercept information ( Liberty and others v. UK, 2008, paras. 59 and 69). Compare this with the ICCPR standard, which prescribes that in order to be characterized as "law" the provision in question has to be accessible and has to enable persons to regulate their conduct (General Assembly, Human Rights Council report 27/37, 2014, para. 23). This means that individuals should be able to find out what laws regulate State surveillance practices, how such laws apply to them and to plan their affairs accordingly (Human Rights Committee concluding observations CCPR /C/USA/CO/4, para.22).
There are also some differences in terms of the wording and the parameters of different regional provisions. Unlike ICCPR and the American Charter, article 8 ECHR expresslylists legitimate aims a State may invoke to interfere with the right to privacy. It stipulates that, "[t]here shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others." ECHR is unique in its reference to the economic well-being of the country. In practice, the grounds that States may invoke to limit the right to privacy are well settled. The Inter-American system, e.g., recognizes the protection of the rights of others, national security, public order, and public health or morals as legitimate aims (IACommHR, 2009, doc. 51, para. 75). International human rights bodies and IACtHR give considerable attention to examining whether a legitimate aim the State invoked was sufficiently specific (IACommHR, 2013).
Turning to the test of necessity, the approach of the Human Rights Committee and (ECtHR) is comparable. ECtHR has interpreted the test of necessity as the requirement that the measure limiting the enjoyment of the right to privacy be "strictly necessary" to safeguard the democratic institutions ( Klass and others v. Germany, 1978, para. 42). Since terrorists operate in a sophisticated manner, the Court concluded that States may pass a law authorizing secret surveillance of individuals as long as such laws are promulgated under "exceptional conditions" ( Klass and others v. Germany, 1978, para. 48; Uzun v. Germany, 2010, paras. 77-80). The Special Rapporteur for freedom of expression of the Inter-American Commission on Human Rights (IACommHR) interprets "necessity" as requiring that any restriction be adequate and sufficiently justified. The criterion of necessity is met when there are "exceptional circumstances" warranting an authorization to access an individual's communications and personal information. There should be a "clear" risk to the protected interests (IACommHR, 2013, paras. 61-62, 168).
With respect to the application of the principle of proportionality, the greater the interference with the right to privacy, the more justifications human rights bodies require the State to provide. In the case of Uzun v. Germany the ECtHR found that it was a proportionate measure to monitor Mr. Uzun's movements using a global positioning system device because Mr. Uzun was suspected of having committed a serious offence of a terrorist bombing, he had destroyed telephone tapping devices the authorities had installed earlier, and because the police had monitored his movements over a short period of time (IACommHR, 2013, paras.78-80). According to the Inter-American Commission's Special Rapporteur for freedom of expression, authentication requirements for Internet users are only proportionate if the Internet activity in question poses high risk (IACommHR, 2013, para. 136). In addition to treaty obligations, some regions have introduced additional standards and regulations governing privacy related issues, including the protection of data and metadata. In 2018, the European Union adopted the European General Data Protection Regulation 2018 (European Union, EGDT, 2018). Among its detailed requirements, the Directive requires private businesses and public bodies which process or control the personal data of private individuals to inform individuals how they use their personal data and for how long the data is retained, and to only process information for which they have an individual's consent.
One further observation which should be made at this juncture relates to national constitutional and legislative approaches. These can differ greatly between individual States, sometimes diverging from regionally and internationally agreed principles and standards. Noticeably, in some parts of the world - especially where there is no effective regional human rights mechanism such as a court providing an added layer of external scrutiny and accountability of State practices - privacy laws may not be as strong as is desirable including in a counter-terrorism context. More generally too, there can be little or no national regulation on issues such as data retention, storing or handling. This can render gathered data more vulnerable to misuse, both by State officials and by organized criminal groups which may have links to terrorist organizations (see also Module 16). In other countries, even where relevant, e.g., civil codes governing privacy exist, they may not be enforced in practice, and/or weak accountability mechanisms may be in place. Such factors can hinder rather than facilitate international counter-terrorism cooperation including intelligence sharing.
In the box below, some examples of national privacy laws applicable to counter-terrorism contexts are given.
National legislation on surveillance and privacy rights
Here are some examples of different national legislative approaches to surveillance and privacy rights. They reveal differences in the inviolability of privacy (often a constitutional guarantee) as well as the procedural processes and guarantees. You may wish to compare and contrast these with the legislative approaches of your own country.
(1) Notwithstanding any other written law, the public prosecutor, if he considers that it is likely to contain any information relating to the commission of a security offence, may authorize any police officer-
(a) to intercept, detain and open any postal article in the course of transmission by post;
(b) to intercept any message transmitted or received by any communication; or
(c) to intercept or listen to any conversation by any communication.
(2) The public prosecutor, if he considers that it is likely to contain any information relating to the communication of a security offence, may-
(a) require a communications service provider to intercept and retain a specified communication or communications of a specified description received or transmitted, or about to be received or transmitted by that communications service provider; or
(b) authorize a police officer to enter any premises and to install on such premises, any device for the interception and retention of a specified communication or communications of a specified description and to remove and retain such evidence.
Some procedural safeguards specified in sub-sections 3 and 4 regarding the rank of police officer who should normally authorise such inception of communication.
"The provisions of Republic Act No. 4200 (Anti-Wire Tapping Law) to the contrary notwithstanding, a police or law enforcement official and the members of his team may, upon a written order of the Court of Appeals, listen to, intercept and record, with the use of any mode, form, kind or type of electronic or other surveillance equipment or intercepting and tracking devices, or with the use of any other suitable ways and mean for that purpose, any communication, message, conversation, discussion, or spoken or written words between members of a judicially declared and outlawed terrorist organization, association, or group of persons or of any person charged with or suspected of the crime of terrorism or conspiracy to commit terrorism.
Provided that surveillance, interception and recording of communications between lawyers and clients, doctors and patients, journalists and their sources and confidential business correspondence shall not be authorized."
Sects. 8-16 of the Act then provide for strict procedural safeguards to prevent the misuse of sect. 7 powers, such as the requirement for the grant of judicial authorization which is only effective for a maximum period not exceeding 30 days from the date of receipt of the written order. Another notable feature is that the Act punishes any failure to notify the person who is the subject of surveillance, monitoring or interception in certain circumstances.
Law Nº 5241/14 (2014) articles 6, 24-27 which creates the National Intelligence System (SINAI, in Spanish). The key elements are:
Article 6. "Telephone, postal, fax or any other system of communication to deliver objects or transmit images, audio, data packets or any other type of information, file, and/or private documents, or documents that are not meant to be read or accessed by the public shall not be examined, reproduced, intercepted or seized, except with a judicial order, as long as they are indispensable for the specific objectives defined by this law …"
Article 24. "... The information to be obtained must be strictly necessary for the achievement of the State's objectives to protect peace, national security, institutional stability and prevent terrorist threats, organized crime and drug trafficking while defending the constitutional and democratic system."
Article 25. "The procedures described in the previous article are the following:
Article 26. "It is the Secretary of National Intelligence who requests the judicial authorization in order to conduct the proceedings described in the previous article. The request shall be submitted to the Supervisory Criminal Judge on duty in the place in which the proceedings are to be conducted ..."
Article 27. "The Secretary of National Intelligence must hand over the result of the procedure to the judge that ordered it, who shall listen to the content by himself. He may also ask for a written version of the recording or of parts of it that he deems useful, and order the destruction of the recording or a part of it when they do not relate to the procedure, having previously accessed them. The interception of communications and the intrusion on privacy by intelligence institutions have five specific features to take into account: