User:John Cummings/Articles/Privacy

Privacy, freedom of expression and transparency are essential human rights to the digital age. Online, these rights "interplay and enable a safe and universal Internet ecosystem". These rights also face challenges such as privacy invasion, mass surveillance, filtering or blocking.

The proliferation of the Internet increasingly facilitates the connection and communication between individuals and the rest of the world. It has also been reorganizing aspects of human life in an unprecedented manner. The unique characteristics of technology— e.g. connectivity, openness, resilience and speed—have propelled the Internet to a dual status technology that differs significantly from other interactive communications media (like the telephone) and passive recipient communication media (like radio and TV), making it both a principal communicating medium and a distinctive and extended life sphere that embraces a wide range of human activities and interactions, old or new. The Internet remains a fragmented space where to apply international human rights.

Challenges
The “death of privacy” in the 21st century was first predicted in 2001, inspired by accelerations in the development of technology. The predominating threats to individual privacy since 2010 have gradually shifted from the offline, physical world to an online, virtual world, and the center of privacy protection has accordingly moved from physical to informational privacy, in the context of digitization and connectivity. Threats to privacy, like the corresponding benefits, can be witnessed at different levels, including the individual, societal, national, and international levels.

At individual level
At individual level, privacy is challenged by a multitude of technological innovations: CCTV and video cameras, microphones, thermal sensors, surveillance satellites, drones, smart electricity meters, smart TVs, wearable devices, built-in RFID chips, and the proliferation of biometric technologies including those involving the collection, storage and processing of genetic sequence data, and of the data involved in fingerprint-, facial-, iris-, speech- and gait-recognition used for the identification of human beings for different purposes. The dataization of life can protect aspects of private lives, such as religious, political and sexual orientation, which formerly could only be expressed in a relatively public manner. It may also enable new intrusions and exposures. The United States Supreme Court considers that personal data stored in a smartphone contains "…a broad array of private information never found in a home in any form—unless the phone is [there]…" The Supreme Court goes on to state that smartphones are "…in fact minicomputers that also happen to have the capacity to be used as a telephone…" and that such computer systems "…can be called cameras, video players, Rolodex, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers…". Mounting online threats include hacking, identity theft, fraud, phishing, pharming, spoofing, profiling, spyware, tracking cookies, online witch hunting, bullying and stalking, which may involve a wide range of actions, including the unwanted disclosure of a user’s personal information (sometimes known as “doxing”). Individuals can also be privacy invaders when they master new Information and Communication Technologies to collect information from the Internet or to gain illegal access to private information. As Zittrain noted in 2008, the Internet “enables individuals in many cases to compromise privacy more thoroughly than government and commercial institutions traditionally targeted for scrutiny and regulation”.

At corporate level
Private Information and Communication Technologies companies can misuse personal data that they collect in their daily business for economic benefits, exploiting the increasing value of data as a currency of the information economy. The collection and processing of personal data are now key to some companies’ business models, to the point that some models involve the collection of private information either as a core part of the business or as a means to enhance efficiency, convenience and quality of service. Traditional business enterprises and other entities often do not have adequate controls to protect their consumers’ personal data from external threats—e.g. as emerging from external hackers and from internal employees—especially when lacking necessary technical and financial means.

Information security breaches are reported on a regular basis in relation to customer and citizen data held by corporations and States. Shopacheck, a loan firm in the United Kingdom, lost sensitive financial information pertaining to 1.4 million customers after two back-up tapes went missing in 2012. Commercial entities holding personal data may invade the data subjects’ privacy by the unauthorized sale of the data to other companies or actors. The misuse of medical records and data, leading to unfair treatment of patients and additional data breaches, especially when Binding Corporate Rules (BCRs) are used, and data anonymity and pseudonymity do not provide sufficient anonymization due to increasing capabilities to de-anonymise data based on available information. In 2013, the United Nations Special Rapporteur for Freedom of Expression and Opinion criticized the compliance by companies with State requirements in the design of digital networks and communications infrastructures, in particular "those that enable, support or do not counter illegitimate intrusions by State, developing and deploying new technologies and communications tools in specific ways and being complicit in developing technologies that enable mass or invasive surveillance in contravention of existing human rights standards".

At State level
Privacy invasions are conducted either by Law Enforcement Agencies (LEAs) or by intelligence services in the name of national security and public order. In the digital age, State authorities across the globe have been equipped with the most recent IT technologies, enabling them to monitor and conduct surveillance over individual citizens. Privacy can be legitimately limited for national security reasons but only when the criteria of legality, necessity and proportionality are fulfilled, as prescribed by the standards of the International Covenant on Civil and Political Rights.

In the context of the expanding adoption of e-governance, State authorities may be one of the biggest data hosts and controllers, handling large amounts of personal data. This is prone to challenges on the national cybersecurity and States may have unfiltered authority to access all sorts of personal data.

After the 9/11 attacks in the United States, urgent anti-terrorism needs are successfully employed as arguments to justify massive interceptions of private communications and online activities. Jonida Milaj and Jeanne P. Mifsud Bonnici (2014) consider that mass surveillance is not only a big threat to the privacy and dignity of ordinary individuals, but it can also become, in the long run, a potential source of weakness for State authorities themselves by diminishing trust and credibility.

At the international level
Some threats to individual privacy emerge from cross-nation online privacy breaches and invasions orchestrated by cyber criminals, such as cross-border online frauds, phishing, stalking and harassment, as regularly reported for causing a wide range of losses, including individual monetary losses and the loss of human lives. When national interests are involved, whether these are of a military, political or economic nature, in addition to conflicts of laws and jurisdictions relating to the increasing cross-border data transfers, challenges emerge from the widespread practices of State espionage and large-scale data breaches that are supposedly conducted by national States enjoying technology advantages. The breach of Sony Pictures Entertainment entailed the online publication of documents containing personal information about Sony’s employees. In this context, privacy protection is related to data security which falls within the public security responsibilities of the State, but the ties are more complex when the breached infrastructure is private rather than public.

Definition and characteristics
‘Privacy’ may be defined as the presumption that individuals should have an area of autonomous development, interaction and liberty, a “private sphere” without interactions from others, free from State intervention and from excessive unsolicited intervention by other uninvited individuals. Despite the ubiquity of the notion of, and the need for privacy, there is no universal definition for it. The multiple ideas and conceptions conveyed can be approached from three interdependent clusters. The first cluster concerns physical space, which refers to the extent to which an individual’s physical space is protected from undesired invasion. The second cluster concerns making a choice, referring to an individual’s ability to make certain significant decisions without external interference; i.e. to personal autonomy. The third cluster concerns ‘information privacy’, or the flow of personal information, and refers to an individual’s control over the processing of personal information, including acquisition, disclosure, and use in different forms and for different purposes. In this third sense, the right to privacy refers to the ability of individuals to determine who has information about them and how that information is used. The right to privacy complements other rights and freedoms, including freedom of expression, association and belief. Privacy is unequivocally recognized as an important human right, at both the international and regional levels but the content of this right has not been fully developed by international mechanisms for the protection of human rights.

Data Protection Mechanisms
Data protection laws are designed to protect personal information that is either intended to be part of a filing system or collected, processed and stored by “automated” means. Personal information includes data attributed to an individual, such as home address, telephone number, and social security number that might be used to identify the individual, as well as personal data that is generated on a sporadic basis—such as medical data, credit card purchases, phone calls—which may be used to track the subject’s activities. Personally Identifiable Information (PII) refers to any information, be it stored online or offline, that identifies a person, or information that is not publicly accessible and purely statistical, or information that is certain types of data defined by law as PII. A closely related concept is ‘sensitive personal data’ which refers to personal data revealing racial categorization or ethnic origin, political opinions, religious or other philosophical beliefs, criminal convictions, trade union membership, and personal data concerning health or sexual life. Data protection rules are applied to the limited context of automated data processing or the processing of structured data sets, in contrast to privacy protection rules which can be applied to any information of a person. Data protection rules do not typically recognize a general public interest override, as witnessed in the European Union Directive 95/46/EC with specific exceptions for data processing and data transfer, and limited scope of exemptions allowed to be made by Member States.

International law
In international law, the core privacy principle can be found in Article 12 of the Universal Declaration of Human Rights, and the right to privacy was given formal legal protection in Article 17 of the International Covenant on Civil and Political Rights. The United Nations Human Rights Committee (HRC) states—in General Comment No. 16 on Article 17 of the International Covenant on Civil and Political Rrights — that the right to privacy circumscribes the right to protection "…against all such interferences and attacks whether they emanate from State authorities or from natural or legal persons…" UNESCO has reaffirmed, through the Connecting the Dots conference Outcome Document endorsed by its 38th General Conference in November 2015, that the right to privacy applies and should be respected online and offline in accordance with Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant of Political Rights. The Organization supports the efforts related to the United Nations General Assembly Resolution A/RES/69/166 of December 2014 on the Right to Privacy in the Digital Age, and supports best practices and efforts made by Member States and other stakeholders to address concerns on the Internet.

Council of Europe
The European Convention on Human Rights (ECHR), in Article 8, provides that everyone has the right to respect for a private and family life, a home and correspondence. The European Court of Human Rights (ECtHR) has tried to clarify the scope of the ECHR’s privacy protection, government actions for potential privacy breach and further features of the right. The Council of Europe (CoE) adopted the ‘Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data’—i.e. Convention 108—which entered into force in 1985.

European Union
The adoption of the Lisbon Treaty in late 2009 provided a strong legal ground for the development of a “clear and effective” data protection system. Through a number of amendments of the Treaty, the Charter of Fundamental Rights of the European Union became legally binding, the Union acceded to the European Convention of Human Rights, and the fundamental rights guaranteed by the European Convention on Human Rights became binding principles of the Union law.

Other regional frameworks

 * The African Charter on Human and Peoples’ Rights (ACHR) does not contain elaborated protection for privacy. The relevant provisions of the ACHR state the following: “…No one may be the object of arbitrary or abusive interference with his private life, his family, his home, or his correspondence, or of unlawful attacks on his honor or reputation. Everyone has the right to the protection of the law against such interference or attacks”.
 * Article 11 of the American Convention on Human Rights prescribes that: “Everyone has the right to have his honor respected and his dignity recognized. No one may be the object of arbitrary or abusive interference with his private life, his family, his home or his correspondence, or of unlawful attacks on his honor or reputation. Everyone has the right to the protection of the law against such interference or attacks”.
 * The main Asia-Pacific Economic Cooperation (APEC) rules on privacy can be found in the APEC Privacy Framework, which addresses the need to preserve consumer trust in order to advance economic benefits from electronic commerce. It also acknowledges the need to grant countries flexibility regarding the implementation. The key principles in the framework resemble the UN Guidelines, OECD and European standards. However, as opposed to the European standards, the Framework contains a particular degree of flexibility.

Alternative instruments
Other legal instruments include a law of confidentialities in different professions including, amongst others, medical service, legal services, consulting services, banking services, and journalism. Various instruments can be used as privacy mechanisms, such as self-regulation, co-regulation, market mechanisms for privacy protection, user empowerment measures, nudging mechanisms and professional ethics.

Definition and Characteristics
The term ‘freedom of expression’ has been widely used and conceptualized by various groups, including scholars, politicians, activists, and laypersons. Freedom of opinion and expression is protected under Article 19 of the International Covenant on Civil and Political Rights. It includes the protection of the right to hold opinions without interference, as well as the right to change an opinion whenever and for any reasons a person so freely chooses. Freedom of opinion and expression is taken as embracing the right of access to information held by public bodies regardless of the form in which the information is stored, its source or the date of production.

The United Nations Special Rapporteur on the promotion of freedom of opinion and expression has reiterated that States have a positive obligation to facilitate the enjoyment of the right to freedom of expression and the means necessary to exercise the right, which include the Internet. The Human Rights Committee has underscored that States Parties should take all necessary steps to promote the independence of new media and guarantee access to it to all individuals. The Special Rapporteur highlighted that both Article 19 of the Universal Declaration of Human Rights and Article 19 of the International Covenant on Civil and Political Rights were drafted with forethought to comprise and adapt to future technological developments through which individuals could exercise their right to freedom of expression. He concluded: “the framework of international human rights law remains relevant today and equally applicable to new communication technologies such as the Internet”. The United Nations Human Rights Council adopted a landmark resolution in 2012 affirming “the same rights that people have offline must also be protected online”. In the digital age, Information and Communication Technologies and since the Internet has become a crucial and cheap medium for communicating news to a global audience, most of the offline media have developed online alternatives.

International law
The most authoritative concept in relation to freedom of expression is prescribed by Article 19 of the Universal Declaration of Human Rights and Article 19 of the International Covenant on Civil and Political Rights (ICCPR). The former contains the first and most widely recognized statement on the right to freedom of expression, stating that everyone has the right to freedom of opinion and expression, including freedom to hold opinions without interference and to seek, receive and impact information and ideas through any media and despite the frontiers. The Universal Declaration of Human Rights is a recommendatory resolution adopted by the United Nations General Assembly that, due to time and universal acceptance, has gained the status of customary international law.

Regional law framework

 * Article 11 of the Charter of Fundamental Rights of the European Union defines the right to freedom of expression as including the freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. It also affirms that everyone has the right to freedom of expression and that the freedom and pluralism of the media shall be respected. Article 11 of the EU Charter corresponds to Article 10 of the European Convention on Human Rights (ECHR). However, the latter does not prevent States from requiring the licensing of broadcasting or television.
 * The American Convention on Human Rights—Pact of San Jose, Costa Rica— introduces the right to freedom of thought and expression in Article 13, which in Paragraph 2 states that the exercise of the right shall not be subject to prior censorship but shall be subject to subsequent imposition of liability.
 * The African Charter on Human and Peoples’ Rights introduces the right to express and disseminate opinions within the law by Article 9 Paragraph 2. The Declaration of Principles on Freedom of Expression in Africa reaffirms in its Preamble the right to receive information and the right to free expression, protected by Article 9 of the African Charter on Human and People’s Rights. Article 1 of the Declaration guarantees the freedom of expression and information, including “the right to seek, receive and impart information and ideas, either orally, in writing or in print, in the form of art, or through any other form of communication, including across the frontiers”.

National law framework
All Member States of the European Union have constitutional protections for freedom of opinion and expression, as they have implemented the main provisions of the Treaty on the European Union, the Treaty on the Functioning of the European Union, and the Charter of Fundamental Rights of the European Union.

In the United States, the protection granted by the First Amendment and the related case law have gradually established one of the world’s strongest freedom of expression protection mechanisms, securing a wide range of speeches and speech actions. The mechanism includes several common law exceptions, relating to obscenity, defamation, incitement, incitement to riot or imminent lawless action, fighting words, fraud, speech covered by copyright, and speech integral to criminal conduct. The United States ratified the International Covenant on Civil and Political Rights (ICCPR) in 1992. After ratification, the ICCPR became the “supreme law of the land” under the Supremacy Clause of the United States Constitution, which gives acceded treaties the status of federal law.

Countries in Latin America and the Caribbean provide constitutional guarantees or laws that protect freedom of expression as a fundamental right, though cases of prior censorship have been frequent. Asia and the Pacific have been in the process of aligning with international standards of freedom of expression. The national constitutions of 47 African countries contain a guarantee of the right to freedom of expression.

Definition and Context
Freedom of information (FOI) and transparency are closely related concepts with long traditions in human civilization, which can be interpreted differently, and which cover diverse ideas and practices in various political-societal contexts. Transparency is defined as an overarching concept and value that is a desired result that emerges from the exercising of the right to freedom of expression and information and enables enhanced free flows of information and thereby contributes to "social goods like better governance, accountability and efficiency".

Transparency as a doctrine of governance covers a variety of characteristics, including: There are multiple strains of ideas to be traced as partial forerunners for the modern concept of transparency, including: Since the twentieth century, transparency is found reflected in many doctrines of governance. At the international level, transparency doctrines are important in international governance concerning the way that States relate to one another and to inter- or supra-national bodies, including in diplomacy and the execution of arms control and disarmament treaties. The Paris COP21 agreement includes a transparency framework intended to prevent misreporting of nationally determined contributions to combating greenhouse gases.
 * 1) decision-making in accordance to known and clearly established rather than ad hoc principles, guidelines, rules, processes and procedures;
 * 2) methods of accounting or public reporting that clarify who gains from, and who pays for any public measures; and
 * 3) governance that is intelligible and accessible to the general public.
 * 1) the notion of administration by publicly known rules as one of the oldest ideas in political thought;
 * 2) the doctrine of good society that social affairs more generally should be conducted with a high degree of frankness, openness and candor; and
 * 3) the idea that the social world should be made knowable by methods analogous to those used in the natural sciences.

Since late 1990s, the invention and global diffusion of the Internet and Information and Communication Technologies (ICTs) have made great impacts on Freedom of Information, transparency and openness. The Internet has gradually become a central, prevailing medium for many individuals to disseminate expression, and to access all kinds of information. Governments have increasingly used novel ICTs—e.g. social media—as an efficient means to curtail corruption, promote openness and transparency, and improve e-governance and e-democracy.

International framework
In 2004, the United Nations Special Rapporteur on Freedom of Opinion and Expression co-issued a joint declaration with other rapporteurs, recognizing the right to access information as a fundamental human right based on the principle of maximum disclosure. In 2010, UNESCO marked the World Press Freedom Day by issuing the Brisbane Declaration, which called on national governments that had not already adopted access to information laws to do so “based on international standards and the principle of maximum disclosure”. The Finlandia Declaration at the UNESCO World Press Freedom Day conference in 2016, amplifies these messages.

The United Nations Human Rights Committee (HRC) reviews and comments on the regular reports that States provide to the HRC to implement the ICCPR obligations. It also hears individual complaints about human rights violations from States that have ratified the First Optional Protocol to the ICCPR. In 2011, the HRC published General Comment No. 34 with an authoritative interpretation of the freedom of opinion and expression guaranteed by the ICCPR, expressly acknowledging that Article 19 embraces a general right of access to information held by public bodies.

In 1998, the UN Economic Commission for Europe adopted the Aarhus Convention on Access to Information, Public Participation in Decision-making and Access to Justice in Environmental Matters. The Convention establishes a number of rights of the public with regard to the environment, including the right of everyone to receive environmental information held by public authorities, which can include information on the state of the environment and on policies or measures taken, or on the state of human health and safety where this can be affected by the state of the environment. In Article 13 of ZZ, the Convention against Corruption, which was adopted by the General Assembly Resolution 58/4 in 2003, prescribed that participation should be strengthened by measures such as ensuring that the public has effective access to information.

Council of Europe
In 2008, the Convention on Access to Official Documents and its Explanatory Report were adopted. This first multilateral treaty affirms and articulates an enforceable general right to information that can be exercised by all persons without demonstrating a particular interest in the information requested. The Recommendation Rec (2002) 2 on Access to Official Documents includes general principles on access to official documents. It recommends that Member States guarantee the right of everyone to have access, upon request, to official documents held by public authorities, and highlights that such principle should apply without discrimination on any ground, including national origin.

European Union
Article 42 of the Charter of Fundamental Rights of the European Union and Article 15 of the Treaty on the Functioning of the European Union (TFEU) give “any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, […] a right of access to documents of the institutions, bodies, offices and agencies of the Union, whatever their medium”

The Commonwealth of Nations
In 1980, the Law Ministers of the Commonwealth stated that: “public participation in the democratic and governmental process was at its most meaningful when citizens had adequate access to official information”. In 1991, the Commonwealth adopted the Harare Commonwealth Declaration and ensured each individual’s democratic right to participate in framing his or her society.

The African Region
Article 9 of The African Charter on Human and People’s Rights, which was adopted in 1981, provides that every individual shall have the right to receive information. Article 2 of the Charter emphasizes the importance to promote the establishment of the necessary conditions to foster citizen participation, transparency, access to information, freedom of the press, as well as accountability in the management of public affairs. Article 6 of the African Charter on Values and Principles of Public Service and Administration protects the right of access to information held by public service and administration regarding procedures and formalities pertaining to public service delivery. Article 9 of the African Convention on Preventing and Combating Corruption demands that each party adopts legislative and other measures to give effect to the right of access to any information required to fight against corruption and related offenses. Article 1 of the Declaration of Principles on Freedom of Expression in Africa states that freedom of expression and information—which includes the right to seek, receive and impart ideas—is a fundamental and inalienable human right and an indispensable component of democracy. The Model Law on Access to Information for Africa provides specific guidelines of forms and contents of such legislation.

The American Region
The General Assembly resolution AG/RES. 2516 of the Organization of American States (OAS) demanded the preparation of the Model Inter-American Law on Access to Information. It provides Member States with the legal foundation to guarantee the right to access to information.

National law framework
National laws vary with respect to the rules to be adopted in processing requests for information. Nearly all laws provide time limits for responses to requests for information, which range from 7 to 30 days. The laws usually require public bodies to give written notice of responses to requests of information. Many countries allow applicants to select from a range of forms of access, including: personal inspection of the document in question, transcripts, electronic copies, photocopies, and official copies.

Mutual support
Eric Barendt (2007), considers the relationship between the rights to privacy and to freedom of expression to be "a complex one". The right to privacy is also considered by Special Rapporteur Frank La Rue as "an essential requirement for the realization of the right to freedom of expression", as privacy protection plays a role in the creation of the content required for adequate exercising of the rights to freedom of opinion and expression. Respect for privacy of communications is a prerequisite for trust by those engaging in communicative activities, which is successively a pre-condition for the exercise of the right to freedom of expression. Restrictions on the extent to which offline and online communications may remain anonymous can have an evident chilling effect on victims of all forms of violence and abuse, including by contributing to the fear of double victimization that discourages the reporting of such violence and abuse. Encryption and anonymization technologies appear as an alternative to Frank La Rue and is recognized in the UNESCO CONNECTing the Dots outcome document.

Conflicts and digital intensification
In four general types of circumstances, an individual’s right to privacy conflicts with other individuals’ or legal persons’ right to freedom of speech.
 * An individual’s privacy can be invaded, even if the exercise of freedom of expression and other related rights does not concern the person directly. This may happen where the mere dissemination of information may lead to the invasion of the solitude or seclusion (and therefore the private sphere) of the individual in an online context.
 * The second circumstance refers to SPAM (i.e. unsolicited) e-mails, messages, leaflets and similar materials received against the will of the recipient—e.g. in the absence of a subscription by the recipient—even if such communications would be clearly and truthfully framed as of a commercial nature. While such communications would in some senses operationalize the senders’ right to freedom of expression, they also constitute intrusions into the recipient’s private sphere. anti-spam laws in many countries— including in the EU and the U.S.—offer opt-in and/or opt-out choices.
 * The exercise of the right to freedom of assembly can impact on others’ right to privacy in both online and offline contexts. Online protests or assemblies may take different forms targeting privately owned Internet spheres, like the widespread DDoS attacks (that are criminalized by Convention 185); organized spamming in comment forums to protest online content; and organized spamming emails against some particular individuals.
 * Conflict may also occur between individuals. Someones right to freedom of expression can conflict with another persons right to privacy.

Privacy and transparency
Transparency refers to a cluster of related ideas and concepts such as governmental and organizational action in the open, the availability of information, and accuracy and clarity of the information. According to Schauer, it can be understood in a passive or a negative attribute rather than an activity, like speaking or writing, or a power, referring more to availability and accessibility. Some people argue for personal transparency and urge the acceptance of the idea of “zero privacy” in the digital age, or the notion of “personal transparency”. The idea is that transparency is not just an opportunity for institutions to generate trust and be more effective, but also one for individuals to do the same. The conflict between privacy and transparency can lie in the potential threats to privacy from the access to personal information or personal data held by public bodies or other institutions with public functions.

Information held by public bodies—like information or data of the same nature held by private sector performing public functionalities in the digital age—may concern the privacy of other people who should be protected against potential privacy harm. Accessing and publicly disclosing others’ personal data already openly available to the public, in hands of public bodies, may still constitute potential privacy invasion.

Transparency and freedom of expression
Transparency as a political end can be achieved by protecting and granting access to, and proactive disclosure of, desired information by the general public, for instance, by legal instruments protecting the right of freedom of information. Transparency concerns the accessibility of desired information from the side of information or data controllers, and relates to the availability and usability of such information when requested. Freedom of expression and freedom of information refers to individuals as the subjects disseminating and accessing information for desired purposes. Freedom of expression and freedom of information are positive entitlements, while transparency is rather the desired open state in information flow.

The Google Spain Case
Google Spain is a landmark case in the European Union that has achieved global influence due to the importance of the legal issue it addresses, and the judicial influences of the Court of Justice of the European Union (CJEU). The new boundaries set by the CJEU may be characterised more generically by:
 * 1) the reshaping or extension of the duties and legal status of search engine providers like Google in EU jurisdictions;
 * 2) the exterritorial jurisdiction capacity of EU courts;
 * 3) the right of the plaintiff to protect his/her own data privacy in claiming a ‘right to be forgotten’ or more accurately a ‘right to de-listing’; and
 * 4) the balancing of the right to privacy with other rights.

Public figures
According to the Gertz doctrine public figures include three categories of persons: a) public officials; b) those voluntarily playing prominent roles in specific public controversies; and c) all-purpose public figures. The terms representing the first two categories are self-explanatory. The third category—i.e. ‘all-purpose pubic figures’—refers to those whose names are a household word, normally having prominent positions, persuasive power and influence. Additionally, similar to the second category, there are involuntary public figures who “simply [find themselves] at the center of important societal events” and could in certain circumstances “be thrust into the role of a public figure”.

Other jurisdictions adopt different, and at times substantially distinct, approaches to protecting freedom of expression. For instance, while Japanese law accepts the public figure doctrine, it limits the scope to a very small number of individuals who hold significantly prominent positions—e.g. top corporate executives and leading politicians—and thus are able to substantially affect society. In German law, public figures are clearly distinguished from private ones and organized in three categories, each granted a different type of protection: a) permanent public figures; b) celebrity public figures; and c) temporary public figures. The European Court of Human Rights (ECHR) refers to a public interest test involved, in combination with the distinction between public and private figures. It also considers the nature of the publicized information, such as: a) whether the information is of legitimate interest to the public; b) the formality and methodologies of the publication; c) the proportionality of the interference measures; d) the location of the published images; and e) the style of the expression. The Court has made several decisions relating to the balance between the right to freedom of expression and the right to privacy (closely related to reputation) in online contexts (including online publication), and it still strives to clarify new legal issues and to seek balances between the two rights.

Anti-terrorism legislations
A 2012 United Nations Office on Drugs and Crime report mentioned several uses of the Internet in terrorist activities, including as a propaganda tool, including for the incitement, recruitment and radicalization of individuals or groups of individuals; and as a means of cyberwarfare, including by enabling the financing, planning and execution of cyber-attacks. Counter-terrorism initiatives relating to the use of the Internet can influence the enjoyment of a range of human rights, including the rights to freedom of speech, freedom of association, privacy and fair trial. The collection and analysis of data and metadata for “potentially suspicious behaviour” is a frequently raised issue. The report issued by the United Nations Human Rights Council on the Right to Privacy in the Digital Age pointed out that: “It will not be enough that the measures are targeted to find certain needles in a haystack; the proper measure is the impact of the measures on the haystack, relative to the harm threatened”.

In the United States
In January 2014, the President of the United States called for an end to the NSA’s bulk surveillance on individuals. The United States government has also released a six-year-old report on the NSA’s once-secret programme, which involved the collection of information on American citizens’ calls and emails. On 7 May 2015, a federal appeals court in the US ruled, in a landmark decision, that the bulk collection of telephone metadata that had occurred was unlawful, clearing the way for a full legal challenge against the NSA. The US has also been considering to improve transparency by a truly uniform federal standard for the notification of breaches.

In Europe
In Europe, a United Kingdom tribunal ruled that the regime governing the sharing of electronic communications between Britain and the United States, which were intercepted in bulk, was unlawful until last year. The European Union parliament declared the mass surveillance in some Member States in cooperation with the NSA illegal. The Union has taken steps on privacy and data protection, by means of the European Court of Justice’s (ECJ) invalidating of data retention law, and clarified the house-hold exemption scope in CCTV use. Other efforts in this region include: a) the increased enforcement of European Union Data Protection Rules across the European Union; b) the revision of the Safe Harbour Program and debate around the “Privacy Shield” replacement; and c) the ECJ’s scrutinizing of the Passenger Name Records (PNR) exchange under EU’s data protection principles.

Other countries
The number of countries updating previous data protection laws or adopting new ones—i.e. including, amongst others, Singapore, Australia, Brazil (Data Privacy Bill & Marco Civil da Internet or the “Internet Law”), South Africa, Turkey and Chile—continued to grow throughout 2014.

United Nations institutions
The United Nations Human Rights Council too has made efforts to curtail mass surveillance and protect online privacy. A new Special Rapporteur was appointed in July 2015 and a resolution was passed on the Right to Privacy in the digital age by the General Assembly, strongly affirming the core status of privacy in human freedom.

Private sector
Some private sector organisations have already taken initiatives against mass surveillance by publishing transparency reports that disclose information about requests they receive for access to personal data by United States - and EU-based national authorities. Some mobile companies—e.g. EE, O2 and Three—also took legal action against government agencies which made such requests. Others have rejected requests to cooperate, e.g. Apple’s refusal to compromise default end-to-end encryption within its device OS (operating system), leading to critiques from intelligence services agencies. Other companies—like Google, Microsoft and Apple—have started to build local data centers, to store their consumers’ data within the consumers’ own homeland jurisdictions, and thus follow local law and avoid further judicial conflicts; ultimately gaining consumer trust.

The Global Network Initiative (GNI) has published a report titled Data Beyond Borders: Mutual Legal Assistance in the Internet Age, which recommends that States collaborate in creating a secure electronic system that involves the use of multiple resources for the management of Mutual Legal Assistance (MLA) requests. The United State’s Digital Advertising Alliance (DAA), a consortium of the nation’s largest media and marketing associations, has established self-regulatory standards for online advertising, and was to commence enforcement of the Application of Self-Regulatory Principles to the Mobile Environment (DAA Mobile Guidance) on September 1, 2015.