“We are at the beginning of a revolution that is fundamentally changing the way we live, work, and relate to one another…The changes are so profound that, from the perspective of human history, there has never been a time of greater promise or potential peril.”
- Karl Schwab, The Fourth Industrial Revolution
We are at an inflection point in history – the 4th industrial revolution as Karl Schwab describes – is marked by unprecedented speed, scale, and interconnectedness. This interconnectedness and integration of technologies, including the ubiquity of the internet, pose significant risks to our privacy. Thus, while the internet and technology are often defined as enhancing our freedoms, let’s consider and address the challenges they pose in order to preserve the rule of law and our freedoms.
Aspired to safeguard privacy in the digital age and preserve the preconditions for rule of law and access to justice, the American Bar Association Rule of Law Initiative (ABA ROLI) launched a new Defending Digital Privacy program that will provide a space for lawyers and experts from across Southeast Asia to develop a common understanding of the core value of digital privacy and explore methods to protect and strengthen it in their jurisdictions.
Working with experts from across the world, including Asia, ABA ROLI will develop a regional training program and resources for lawyers and civil society actors on digital privacy (the collection and use of personal and networked data online by both state and non-state actors) in Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. Through a combination of virtual and in-person events, participants will be able to refine their understanding of privacy and its intersection with technology and understand existing mechanisms to protect privacy and provide redress for victims of privacy rights violations—either within their own jurisdictions, through regional or international mechanisms or private company’s review processes, such as the Oversight Board of Meta.
ABA ROLI will also partner with local bar associations and civil society organizations to support the development of domestically based but regionally connected networks of pro bono lawyers who can provide legal support for both high and low-profile cases in Indonesia, Malaysia, the Philippines, Thailand, and Vietnam; share resources; and develop case law and experience for privacy rights cases across the region.
Privacy: A Prerequisite to Individual Autonomy and Free Democracy
Privacy is what allows us to both exercise our autonomy as a free human being and embark on the perpetual journey of exploring and developing who we are and what kinds of relationship we want to create with the world. This exploration and personal development require a healthy boundary between our individuality and the rest of the world. This “breathing room” shelters us from external outlets related to social control (e.g., dogma, cultural taboos, and government censorship and coercion) and allows for "freedom of thoughts" and all other forms of freedoms that accompany it.
In many liberal democracies–such as Canada, Australia and the US–privacy is viewed as central to our personal autonomy and sense of dignity. In 1890, the idea of a “right to privacy” first came about in the United States through a seminal opinion essay by Warren and Brandeis, “right to be let alone”. Warren and Brandeis conceived that, “[the] intensity and complexity of life...have rendered necessary some retreat from the world…so that solitude and privacy have become more essential to the individual”. Seventy-five years later, this right to privacy was first recognized by the Supreme Court in Griswold v. Connecticut (1965)—a case about the right of married couples to purchase contraceptives—where the court found that several provisions within the US Constitution protected a “zone of privacy”. Subsequent cases in the US lead to the influential Roe v. Wade (1973) decision—providing women the right to an abortion— and expanded this fundamental right to the individual, though primarily around bodily integrity. There are concerns about how the recent decision in Dobbs v. Jackson (2022)—which overturned the decision in Roe v. Wade—may impact privacy in US law.
Privacy as a “Gateway” Right
It is crucial to note that while intrusions of our personal privacy can generate numerous types of harms (most commonly identity theft or reputational damage), it must be understood that the core value of privacy is its establishment as a “gateway” right, which safeguards other fundamental human rights such as freedom of expression, thought, consciousness, belief, association, and assembly, as well as the right to be free from discrimination.
Privacy is central to rights of freedom of expression and belief because it provides a buffer giving individuals space to think free; develop their own voice without intrusion from external acts of suppression; or the self-censorship that accompanies constant monitoring, analyzing, and manipulation. In rule of law systems, freedoms of expression and association are critical to hold both governments and companies to account, and the right to privacy—safeguarding free thought, free expression, and free association—becomes the determinant factor for the survival of free and democratic societies. In the US, courts first recognized the vital relationship between the freedom to associate and to privacy in NAACP v. State of Alabama where the court deemed the threat of the exposure for membership in social justice associations (such as the NAACP) could result in “economic reprisal, loss of employment, threat of physical coercion, and other manifestations of public hostility”, which undermined one’s ability to freely associate.
Globally, we have seen how anonymity or pseudonymity online provides a vital sense of safety for people living under authoritarian regimes, allowing them to speak out, organize and hold their governments accountable. For example, anonymity in online communications was central to initial successes of the Arab Spring in 2011. The positive impacts of anonymity can also be seen with people in open societies, who also engage with these advocacy methods.
With the advent of the multiverse where individuals are increasingly associated with their multiple forms of avatars and online personas, the importance of privacy and the ability to hide parts of your profile from the public will continue to exist, if not expand. This right to privacy must be defined and protected.
How is Privacy Different from Data Protection?
Data protection is about personal information and the control of it—what kinds of data about the individual and their daily behavior get collected; what parties have access to that data; and how much control does the individual have over the data collected. Thus, while data protection plays a critical role in protecting privacy, the idea of privacy is much broader and deeper, as we can see privacy is both a value necessary for human dignity and autonomy, as well as a precondition for other rights and freedoms.
How Effective are Existing Privacy laws?
In recognition of its fundamental role in achieving human rights, the right to privacy can be found in numerous international treaties, including the Universal Declaration of Human Rights in Article 12, as well as Article 17 of the International Covenant on Civil and Political Rights, which provides that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence” and has the “right to the protection of law against such interference”. Indeed, in 2013 the UN High Commissioner for Human Rights cautioned that rapid pace of emerging technologies and the internet blurred the lines between the public and private spheres. And in 2015, a Special Rapporteur for the Right to Privacy was established by the UN Human Rights Council in part to address the enhanced abilities of state and nonstate actors to surveil people. However, it is important to note that even these international ideas of privacy rights are frequently tempered by limitations that enable states to interfere with privacy in the name of public interest (page 114)—law enforcement, national security, public health (such as Covid monitoring).
At the national level most legislation focuses on data protection, which, as set out earlier, encompasses only a portion of issues related to digital privacy. Legislation protecting data alone often relies on a “notice and consent” framework that requires private entities to notify an individual and ask them for their consent before collecting their data. In an age of omnipresent behavioral data collection, this framework is entirely inadequate to protect our privacy. First, the “notice and consent” framework oversimplifies the issue. As we have seen above, privacy is more than data, it is about providing people with space to explore who they are. Second, it assumes people will read and understand the notice, and even if they did, people might have no bargaining power against companies collecting it. Third, in the age of Big Data and machine learning, often it is impossible for users to foresee what companies may do with this data behind the scenes. Finally, much of the legislation is limited to “personally identifiable” or “sensitive” data, which ignores how aggregation of mass amounts of non-personal data can be used to surveil citizens and even manipulate people.
Existing limitations–whether in the failure of laws to adequately safeguard against abuse of data collection and digital privacy by state actors (or their proxies) or the inadequacy of “notice and consent” frameworks, which form the basis of current digital privacy legislation—demonstrate the need for better regulations. Regulations that reflect both the value of privacy to individuals as well as its importance to other fundamental human rights. The indispensability of privacy to freedom and rule of law, along with the growing threats to it necessitate a reconceptualization of legal institutions to safeguard privacy in a systematic way. This is not to say that existing legislation is bad, but rather should be viewed as a first step or building block. It is important to continue to review and revise. If we accept that privacy is dependent on the conditions or current environment, our approach to protecting it must be as well.
The statements and analysis expressed in this paper are solely those of the authors. The Board of Governors of the American Bar Association (ABA) has neither reviewed nor sanctioned its contents. Accordingly, the views expressed herein should not be construed as representing the position or policy of the ABA. Furthermore, nothing contained in this paper is to be considered rendering legal advice for specific cases, and readers are responsible for obtaining such advice from their own legal counsel.