The popular uprisings in Tunisia and Egypt were to a large extent made possible by social networking, primarily on Facebook. Democracy activists posted details of anti-regime gatherings, and word spread from one network to the next with the efficacy of just a few clicks. The resultant mass street protests were perhaps the most compelling example so far of how online connectivity – with its unprecedented reach and immediacy – can translate into real-life, positive social change.
This observation must also, however, give rise to a different human rights question: if information is flowing freely enough over social networks to precipitate revolution, what protections are in place to ensure that our personal data cannot be trawled from those networks and put to altogether different, less salutary purposes?
In particular, this question should be examined in line with the individual’s right to privacy, which is an integral element of Article 8 of the European Convention on Human Rights. We have tended to regard social networking as user-driven, and therefore unlikely to incur unwanted infringements on our privacy. But this is a false sense of security.
A vast and growing repository of personal data
In terms of scale, consider this: if Facebook were a nation state it would be the third most populous in the world with over 600 million registered “inhabitants”, behind only China and India and much larger than any state in Europe.
From each and every subscriber, Facebook and the other Social Networks have collected personal details, e-mail addresses, telephone numbers, logs of contacts and chats, preferences in pastime, photographs and videos – not only of the users themselves, but also of their friends, families and associates.
Social Networks accordingly host a vast and growing repository of personal data, all of it in digital form.
Social Networks are vulnerable to “dataveillance”
More often than most of those who volunteer their data might imagine, it is being monitored, archived, searched and analysed, shared and used on an ongoing basis. Many entities that use the personal data are non-state, commercial actors seeking to market their products more effectively. But the same data could also be drawn upon by state authorities.
For several years state-led mass surveillance – employing tools ranging from CCTV to “spyware” – has increased. The information so gathered has contributed to numerous law enforcement initiatives, including ever more robust and intrusive counter-terrorist measures.
Likewise our personal data inputted to Social Networks are vulnerable to “dataveillance”, both as a matter of routine monitoring, and by agencies targeting persons who fit a particular generic “profile”. There is enormous uncertainty surrounding the potential nature and scope of such “dataveillance”, and the state actions it could permissibly support.
Data protection should be reinforced to encompass Social Networks
There are certain long-established limits, or regulations, on the extent to which the state can intrude into our private lives, and the ways in which the authorities process our personal data: so called “data protection”. Indeed, the Council of Europe Convention for Protection of Personal Data, Convention 108, has existed for 30 years.
It is paramount that our human rights instruments are updated to reflect the most recent developments, including the inexorable rise of social networking. The current process of “modernising” Convention 108, based on wide-ranging public consultations, is especially welcome and the participation of Social Networks such as Facebook should be encouraged.
It falls to our national and international authorities to ensure that our individual rights to privacy and data protection are not sacrificed to Social Networks, but rather reinforced to recognise and meet the range of new challenges these powerful new media present.
Thomas Hammarberg