Der Hohe Kommissar der Vereinten Nationen für Menschenrechte (United Nations High Commissioner for Human Rights, UNHCHR) hat vor einem Monat einen Bericht zum Recht auf Privatsphäre im digitalen Zeitalter zuhanden der UNO Generalversammlung veröffentlicht. Der Text lässt in der Deutlichkeit der Sprache kaum Wünsche offen. Einige Abschnitte seien hier dokumentiert.
17. International and regional human rights treaty bodies, courts, commissions and independent experts have all provided relevant guidance with regard to the scope and content of the right to privacy, including the meaning of “interference” with an individual’s privacy. In its general comment No. 16, the Human Rights Committee underlined that compliance with article 17 of the International Covenant on Civil and Political Rights required that the integrity and confidentiality of correspondence should be guaranteed de jure and de facto. “Correspondence should be delivered to the addressee without interception and without being opened or otherwise read”.
Persönliche Daten sind kein legitimes Zahlungsmittel für Online-Dienste:
18. It has been suggested by some that the conveyance and ex change of personal information via electronic means is part of a conscious compromise through which individuals voluntarily surrender information about themselves and their relationships in return for digital access to goods, services and information. Serious questions arise, however, about the extent to which consumers are truly aware of what data they are sharing, how and with whom, and to what use they will be put. According to one report, “a reality of big data is that once data is collected, it can be very difficult to keep anonymous. While there are promising research efforts underway to obscure personally identifiable information within large data sets, far more advanced efforts are presently in use to re identify seemingly ‘anonymous’ data. Collective investment in the capability to fuse data is many times greater than investment in technologies that will enhance privacy.” Furthermore, the authors of the report noted that “focusing on controlling the collection and retention of personal data, while important, may no longer be sufficient to protect personal privacy”, in part because “big data enables new, non-obvious, unexpectedly powerful uses of data”.
Eine Unterscheidung zwischen Meta- oder Randdaten und Inhaltsdaten ist nicht stichhaltig:
19. In a similar vein, it has been suggested that the interception or collection of data about a communication, as opposed to the content of the communication, does not on its own constitute an interference with privacy. From the perspective of the right to privacy, this distinction is not persuasive. The aggregation of information commonly referred to as “metadata” may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication. As the European Union Court of Justice recently observed, communications metadata “taken as a whole may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained.” Recognition of this evolution has prompted initiatives to reform existing policies and practices to ensure stronger protection of privacy.
Bereits das Sammeln von (Vorrats-) Daten stellt eine Verletzung der Privatsphäre dar – und nicht erst eine konkrete Auswertung:
20. It follows that any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association. The very existence of a mass surveillance programme thus creates an interference with privacy. The onus would be on the State to demonstrate that such interference is neither arbitrary nor unlawful.
Eine Unterscheidung zwischen In- und Auslandsüberwachung ist nicht zulässig:
33. The Human Rights Committee has been guided by the principle, as expressed even in its earliest jurisprudence, that a State may not avoid its international human rights obligations by taking action outside its territory that it would be prohibited from taking“at home”. This position is consonant with the views of the International Court of Justice, which has affirmed that the International Covenant on Civil and Political Rights is applicable in respect of acts done by a State “in the exercise of its jurisdiction outside its own territory”, as well as articles 31 and 32 of the Vienna Convention on the Law of Treaties. The notions of “power” and ”effective control” are indicators of whether a State is exercising “jurisdiction” or governmental powers, the abuse of which human rights protections are intended to constrain. A State cannot avoid its human rights responsibilities simply by refraining from bringing those powers within the bounds of law. To conclude otherwise would not only undermine the universality and essence of the rights protected by international human rights law, but may also create structural incentives for States to outsource surveillance to each other.
Firmen, die Personendaten an Staaten liefern, machen sich mitschuldig:
43. There may be legitimate reasons for a State to require that an information and communications technology company provide user data; however, when a company supplies data or user information to a State in response to a request that contravenes the right to privacy under international law, a company provides mass surveillance technology or equipment to States without adequate safeguards in place or where the information is otherwise used in violation of human rights, that company risks being complicit in or otherwise involved with human rights abuses. The Guiding Principles on Business and Human Rights, endorsed by the Human Rights Council in 2011, provide a global standard for preventing and addressing adverse effects on human rights linked to business activity. The responsibility to respect human rights applies throughout a company’s global operations regardless of where its users are located, and exists independently of whether the State meets its own human rights obligations.