LIST OF UNITED NATIONS REGULATIONS ON DATA PRIVACY
| Sr. No. | Resolution Number | Details of the Resolution |
| 1. | General Assembly Resolution 45/95 | Passed in 1990. Passed in response to in response to the need for specific rules governing the collection and use of personal data or personal information. Led to the emergence of a new concept i.e. ‘informational privacy’ or ‘right to informational self-determination’Comprises of 10 principles related to minimum guarantees that must be provided for in national laws. They are as follows: Principle of lawfulness and fairnessPrinciple of accuracyPrinciple of purpose specificationPrinciple of interested person accessPrinciple of non-discriminationPower to make exceptionsPrinciple of securitySupervision and sanctionsTransborder data flowsField of applicationPart B of the Resolution relates to the application of the guidelines to personal data files kept by intergovernmental bodies. |
| 2. | General Assembly Resolution No. 68/167 | Passed in 2013Member States were called to respect and protect the right to privacy, including in the context of digital communication, and to take legislative and other measures to put an end to violations of those rights, and to create the conditions to prevent such violations.States were also asked to review their procedures, practices and legislation with a view to upholding the right to privacy by ensuring the full and effective implementation of all their obligations under international human rights law regarding: surveillance of communicationtheir interception the collection of personal data, including mass surveillance, interception and collection, Independent, effective domestic oversight mechanisms capable of ensuring transparency, as appropriate, and accountability for State surveillance of communications, their interception and the collection of personal data, were also asked to be established or maintained.Resolution asked the High Commissioner for Human Rights to submit a report on the protection of the right to privacy in the context of domestic and extra-territorial surveillance and/or the interception of digital communications and the collection of personal data, including on a mass scale, to the Human Rights Council, with views and recommendations, for consideration by Member States. |
| 3. | Report of the High Commissioner for Human Rights A/HRC/27/37 | Submitted in June 2014.The Report concluded that practices in many Member States have revealed a lack of adequate national legislation and/or enforcement, weak procedural safeguards, and ineffective oversight, all of which have contributed to a lack of accountability for arbitrary or unlawful interference in the right to privacy.The Report opined that, States should review their own national laws, policies and practices to ensure full conformity with international human rights law, and, in particular, that effective and independent oversight regimes and practices are in place |
| 4. | Resolution A/HRC/RES/28/16 of the Human Rights Council | Passed in March 2015. Set up for a period of 3 years a Special Rapporteur on the Right to Privacy. The tasks of the Rapporteur were:Gathering relevant information on national framework, studying trends, challenges to right to privacy and suggest recommendations. Seeking, receiving and responding to information. Identifying possible obstacles to the promotion and protection of the right to privacy.Participating in and contributing to relevant international conferences and events.Raising awareness concerning the importance of promoting and protecting the right to privacy. Integrating a gender perspective throughout the work of the mandateReporting on alleged violations of the right to privacysubmitting an annual report to the Human Rights Council and to the General Assembly |
| 5. | General Assembly Resolution 71/199 | Passed on 25th January 2017Business enterprises were requested to inform users about the collection, use, sharing and retention of their data that may affect their right to privacy and to establish transparency policies, as appropriate. Finally, business enterprises were encouraged to work towards enabling secure communications and the protection of individual users against arbitrary or unlawful interference with their privacy, including by developing technical solutions. |
| 6. | Resolution A/HRC/RES/34/7 of the Human Rights Council | Passed in March 2017. The High Commissioner was requested to organize an expert workshop with the purpose of identifying and clarifying principles, standards and best practices regarding the promotion and protection of the right to privacy in the digital age, including the responsibility of business enterprises in this regard, to prepare a report and to submit it to the Council.2 |
| 7. | Report of the High Commissioner for Human Rights A/HRC/39/29 | Submitted in August 2018. The Report discusses the different privacy interferences, responsibilities of states and business enterprises and remedies, and recommends the minimum standards for the processing of personal data.The Report makes the following recommendations to States: Recognize the full implications of new technologies, in particular data-driven technologies, for the right to privacy, but also for all other human rights; Adopt strong, robust and comprehensive privacy legislation, including on data privacy, that complies with international human rights law in terms of safeguards, oversight and remedies to effectively protect the right to privacy; Ensure that data-intensive systems, including those involving the collection and retention of biometric data, are only deployed when Member States can demonstrate that they are necessary and proportionate to achieve a legitimate aim; Establish independent authorities with powers to monitor state and private sector data privacy practices, investigate abuses, receive complaints from individuals and organizations, and issue fines and other effective penalties for the unlawful processing of personal data by private and public bodies; Ensure, through appropriate legislation and other means, that any interference with the right to privacy, complies with international human rights law, including the principles of legality, legitimate aim, necessity and proportionality, regardless of the nationality or location of the individuals affected, and clarify that authorization of surveillance measures requires reasonable suspicion that a particular individual has committed or is committing a criminal offence or is engaged in acts amounting to a specific threat to national security.Ensure that the mechanisms required for State surveillance are competent and adequately resourced to monitor and enforce the legality, necessity and proportionality of surveillance measures; Review laws to ensure that they do not impose requirements of blanket, indiscriminate retention of communications data on telecommunications and other companies;Take steps to enhance transparency and accountability in the acquisition of surveillance technologies by States;Fully implement their duty to protect against abuses of the right to privacy by business enterprises in all relevant sectors, including the ICT sector, by taking appropriate steps to prevent, investigate, punish and redress such abuse through effective policies, legislation, regulations and adjudication;Ensure that all victims of violations and abuses of the right to privacy have access to effective remedies, including in cross-border cases.The Report makes the following recommendations to the business enterprises: Fully operationalize the Guiding Principles on Business and Human Rights, which implies conducting effective human rights due diligence across their operations and in relation to all human rights, including the right to privacy, and taking appropriate action to prevent, mitigate and address actual and potential impacts; Seek to ensure a high level of security and confidentiality of any communications they transmit and personal data they collect, store or otherwise process. Conduct assessments on how best to design and update the security of products and services on an ongoing basis; Comply with the key privacy principles referred to in paragraphs 29–31 of the report and ensure the greatest possible transparency in their internal policies and practices that implicate the right to privacy of their users and customers; Cooperate in remediation through legitimate processes where they have caused or contributed to adverse impacts, including through effective operational-level grievance mechanisms; Contribute to the work of the Office of High Commissioner of Human Rights accountability and remedy project on developing guidance and recommendations to enhance the effectiveness of non-State-based grievance mechanisms in relation to abuses of the right to privacy in the digital space. |
| 8. | General Assembly Resolution 73/179 | Passed in December 2018. Member States were asked to Develop adequate legislation, with effective sanctions and appropriate remedies, that protects individuals against violations and abuses of the right to privacy, namely through the unlawful and arbitrary processing of personal data by individuals, governments, business enterprises and private organizations.Maintain preventive measures against infringement of right to privacy which affects women, children and those who are marginalized and vulnerable. Develop gender-responsive policies that promote and protect the right of all individuals to privacy in the digital age.Promote digital literacy and technical skills to effectively protect privacy. Emphasize on development of legislation by taking into consideration the free, explicit and informed consent of individuals while processing, using, sharing personal data. Business enterprises were asked to:Inform users in a clear and easily accessible way about the collection, use, sharing and retention of their data that may affect their right to privacy Establish transparency policies, as appropriate, as well as to implement administrative, technical and physical safeguards to ensure that data are processed lawfully, Ensure that such processing is limited to what is necessary in relation to the purposes of the processing and its legitimacy. 3Work towards enabling secure communications and the protection of individual users against arbitrary or unlawful interference with their privacy, including by developing technical solutions. |
| 9. | Resolution A/HRC/RES/42/15 of the Human Rights Council | Passed in September 2019. Member States were requested to ensure that measures taken to counter terrorism which infringed on right to privacy were consistent with the principles of legality, necessity and proportionality, and compliant with their obligations under international law. |
| 10. | Report A/HRC/43/29 of the Secretary-General | Submitted on 4th March 2020. Secretary-General recommends States, private companies and other stakeholders to: fully recognize the need to protect and reinforce all human rights in the development, use and governance of new technologies as their central objective, and ensure equal respect for and enforcement of all human rights online and offline; reaffirm and fulfil the obligations of States to adopt legislative measures, including measures concerning private sector activities, so that new technologies contribute to the full enjoyment of human rights by all, including economic, social and cultural rights, and adverse impacts on human rights are prevented, and;accelerate efforts to bridge digital divides and technological gaps between and within countries, and promote an inclusive approach to improving accessibility, availability, affordability, adaptability and quality of new technologies |
| 11. | Report A/HRC/44/24 of the High Commissioner for Human Rights | Submitted on 24th June 2020. Contains recommendations regarding facial recognition technology. Following recommendations were given to Member States: Systematically conduct human rights due diligence before deploying facial recognition technology devices, and throughout the entire life cycle of the tools deployed; Establish effective, independent and impartial oversight mechanisms for the use of facial recognition technology, such as independent data protection authorities, and consider imposing a requirement of prior authorization by an independent body for the use of facial recognition technologies in the context of peaceful assembly; Put in place strict privacy and data protection laws that regulate the collection, retention, analysis and otherwise processing of personal data, including facial templates; Ensure transparency about the use of image recordings and facial recognition technology in the context of assemblies, including through informed consultations with the public, experts and civil society, and the provision of information regarding the acquisition of facial recognition technology, the suppliers of such technology and the accuracy of the tools; When relying on private companies to procure or deploy these facial recognition technologies, request that companies carry out human rights due diligence to identify, prevent, mitigate and address potential and actual adverse impact on human rights and, in particular, ensure that data protection and non-discrimination requirements be included in the design and the implementation of these technologies |
| 12. | General Assembly Resolution 75/176 | Passed in December 2020. Asked States to take appropriate measures to ensure that digital or biometric identity programmes are designed, implemented and operated with appropriate legal and technical safeguards in place, and in full compliance with the obligations of States under international human rights law.Business enterprises were encouraged to work towards enabling technical solutions to secure and protect the confidentiality of digital communications, which may include measures for encryption, pseudonymization and anonymity. States were called upon not to interfere by way of restrictions with the use of such technology and comply with the obligations of States under international human rights law, and to enact policies that recognize and protect the privacy of individuals’ digital communications. |
| 13. | Report of the High Commissioner for Human Rights A/HRC/48/31 | Submitted in September 2021. Contained negative effects of use of Artificial Intelligence [AI]Recommendations given to Member States were as follows: Fully recognize the need to protect and reinforce all human rights in the development, use and governance of AI as a central objective. Ensure that the use of AI is in compliance with all human rights and that any interference with the right to privacy and other human rights through the use of AI is provided for by law, pursues a legitimate aim, complies with the principles of necessity and proportionality and does not impair the essence of the rights in questionExpressly ban AI applications that cannot be operated in compliance with international human rights law and impose moratoriums on the sale and use of AI systems that carry a high risk for the enjoyment of human rights, unless and until adequate safeguards to protect human rights are in place.Impose a moratorium on the use of remote biometric recognition technologies in public spaces, at least until the authorities responsible can demonstrate compliance with privacy and data protection standards. Adopt and enforce, through independent, impartial authorities, data privacy legislation for the public and private sectors as an essential prerequisite for the protection of the right to privacy in the AI context. Adopt legislative and regulatory frameworks that adequately prevent and mitigate the multifaceted adverse human rights impacts linked to the use of AI by the public and private sectors. Enhance efforts to combat discrimination linked to the use of AI systems by States and business enterprises, including by conducting, requiring and supporting systematic assessments and monitoring of the outputs of AI systems and the impacts of their deployment. Ensure that public-private partnerships in the provision and use of AI technologies are transparent and subject to independent human rights oversight. Following recommendations were given to Member States as well as business enterprises. Systematically conduct human rights due diligence and human rights impact assessment throughout the life cycle of AI systems. Dramatically increase the transparency of their use of AI, including by adequately informing the public and affected individuals and enabling independent and external auditing of automated systems.Advance the explanation ability of AI-based decisions, including by funding and conducting research towards that goal.Following recommendations were specifically given to business enterprises: Make all efforts to meet their responsibility to respect all human rights, including through the full operationalization of the Guiding Principles on Business and Human Rights; Enhance their efforts to combat discrimination linked to their development, sale or operation of AI systems; Take decisive steps in order to ensure the diversity of the workforce responsible for the development of AI; Provide for or cooperate in remediation through legitimate processes where they have caused or contributed to adverse human rights impacts, including through effective operational-level grievance mechanisms. |
REFERENCES:
- Ref. pages 9 to 21 of the following document.
