Internet Governance (5): Human Rights and Internet Governance

Human Rights and Internet Governance is part of a series of research papers on Internet Governance. You can read other parts here:


The international recognition of the great impact of Internet Governance on Human Rights developed through the UN World Summit on the Information Society (WSIS) process that started in 2003. In 2015, reviewing the outcomes of WSIS, the UN General Assembly issued a declaration that stated that:

‘We reaffirm our common desire and commitment to … build a people-centered, inclusive and development-oriented Information Society … premised on the purposes and principles of the Charter of the United Nations and respecting fully and upholding the Universal Declaration of Human Rights’.

The UN Human Rights Council has focused on the different aspects of the Internet’s impact on the enjoyment of human rights especially the right to free expression and access to information, and the right to privacy, through several resolutions, and the reports of the special rapporteurs on both rights. In its “Mandate of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression,” the council “Requests the Special Rapporteur, within the framework of his/her mandate:”

To continue to provide his/her views, when appropriate, on the advantages and challenges of new information and communication technologies, including the Internet and mobile technologies, for the exercise of the right to freedom of opinion and expression, including the right to seek, receive and impart information and the relevance of a wide diversity of sources, as well as access to the information society for all; (UNHRC 2008)

This recognition and affirmation, however, haven’t produced a binding treaty that details States’ and Private Sector actors’ obligations to protect the rights of Internet users. States are bound by different International, regional and domestic legal instruments to protect their citizens’ human rights in general. These instruments are applicable to Internet Governance related activities. However, such instruments don’t take into account the special nature of these activities. On the other hand, Private Sector actors aren’t bound by any instruments to protect or respect human rights. Due to the fact that both groups are the major actors in direct control of Internet Governance through a large number of tools, this paper focuses on looking into their respective roles.

States and their Governments

When we refer to States, this means the three branches of authority in the modern nation-states. These are namely the legislative, the judicial, and the executive branches. The tools a state use to govern are distributed among the three branches; legislating laws, application of laws and resolving disputes, enforcing laws, setting executive regulations, and managing the day-to-day affairs of the state.

States’ responsibilities concerning Human Rights are regulated through International and regional instruments like the Universal Declaration of Human Rights, and the International Covenant on Civil and Political Rights (ICCPR). Most states are held responsible for protecting several of their citizens’ Human Rights by their constitutions.

Pursuant to the same legal instruments, states are also obliged to protect the rights of their citizens against third-party violations.

States have several tools through which they may interfere in Internet Governance, affecting their citizens’ enjoyment of fundamental rights. These tools are legislation, governmental regulatory policies and practices, and direct and indirect (through proxies) interference of states’ agencies with the working of the network and the flow of data through it, either by blocking, rerouting, intercepting, mining, or processing.


Laws and bylaws are the main tools for regulating almost all types of interaction within a society. While all states already have large arsenals of laws that affect people’s behavior and their rights both offline and online, and they do use them for regulating online interactions, there has not been a lack of laws legislated specifically for the purpose of regulating different aspects of the Internet working and online interactions. Most, if not all, of these laws, either positively or negatively, impact if and how people enjoy their fundamental rights, especially the rights to free expression, access to and exchange of information, and privacy.

Examples of existing laws that affect the enjoyment of rights online are libel and defamation laws, which directly impact the right to free expression and in many cases the right to free exchange of information, especially under authoritarian regimes that use such laws to punish whistleblowers.

Some laws are specially legislated for regulating the operation of networks and manipulating data going through them and stored on devices connected to them. Such laws include the ones for regulating the business of Internet services provision. Examples of such laws include Data localization laws. Data localization also called “data residency” is concerned with data about a state’s citizens or residents. The data localization laws require the collection, processing, and/or storing of such data to first occur inside the country usually before it is transferred outside it. This usually means that the data is to be transferred internationally only after making sure it meets local laws of privacy and data protection. They also make sure such data is kept physically inside the country and within its jurisdictional boundary, allowing the county’s regulations to be applicable to it. Data localization laws currently in force range from narrow in scope like those of Nigeria and Vietnam, to the very comprehensive and strict like those of Russia and China.

Other laws require service providers to cooperate with different state institutions and agencies, mainly security and military ones, in ways that violate users’ rights, especially their right to privacy. Laws may require service providers to obtain too much personal data from their clients, retain personal confidential online interactions data for a long time, share personal data with security agencies, or even give them direct access to such data. Legal due process for such practices, like obtaining judges’ prior permits, might be totally neglected or formulated in such a way that renders them redundant.

Cybercrime laws are examples of laws directed specifically to online interactions. In many cases, such laws use rather expansive definitions of incriminated actions or implicate parties with tenuous links to criminal acts. Other laws legalize direct violations of online rights, like blocking websites with little to no judicial supervision; deprivation of access to the Internet for individuals or groups with excuses like copyright infringements; or requiring licenses for creating websites or even social media accounts.

Judicial practices also have a great impact on users’ enjoyment of their digital rights, either directly through judgments in specific cases, or through principles established by such judgments. One such principle is the “access-based jurisdictional principle.” According to this principle, a court will claim the right to hear a case related to activities on the Internet, even if the defendant, a natural or legal person, is based outside its geographic jurisdiction, based on whether the content of concern is accessible within its jurisdiction. For instance, a plaintiff filing a libel lawsuit in the United States against a person in France will manage to have the court hear their case as long as the libel content is published on a website that can be accessed in the United States.

Direct and indirect interference

In many cases, state agencies interfere with network working either directly using network infrastructure monopolized by state-owned entities, or indirectly through forced or voluntary cooperation of private service providers. Such agencies may conduct targeted or mass surveillance of users’ private communications; filter content, blocking some of it based on specific criteria; reroute data flow, either diverting access to specific destinations or obtaining personal data of users using fake pages.

Right at the beginning of the 2017 thematic report by David Kaye, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, he points out a growing tendency of the states to use “digital access industry,” i.e., mainly internet service providers (ISPs) to “control, restrict or monitor expression online.” With the forced or voluntary assistance of ISPs, many states interfere with Internet exchange points (IXPs) which control Internet data traffic into and within a country. They also gain access to private communications going through the networks of telecommunications operators and the private data of their customers. The special rapporteur warns of the crippling effect such practices are sure to have on the right to free exchange of information. These practices also constrain journalists’ ability to investigate news while being safe from persecution. Finally, these practices are deterrents for whistleblowers and human rights defenders.

Filtering content is one of the earliest and most widely practiced operations. These operations are carried out by both Western democratic countries and authoritarian regimes in undemocratic ones. They regularly block access to thousands of websites of all types. The criteria determining which websites and other Internet options to be blocked are rather arbitrary and have to do with the political interests of governments or dominant groups in the concerned country. Conservative prevalent tendencies also have a great impact on deciding what is “immoral” or “offensive.” As per the OpenNet Initiative (ONI), filtering was practiced as early as 2002, when it was carried out by a couple of states, by 2007 ONI reported that “it was underway in 25 out of the 41 countries scrutinized.”

Besides violating the right to privacy of their own citizens, states in many cases “are asserting that they can unilaterally compel Internet Service Providers (ISPs) that operate in their jurisdiction to produce the emails and other private communications that are stored in other nation’s jurisdictions, without regard to the location or nationality of the target.” This simply means that some state authorities don’t stop at their jurisdictional limits and use national security excuses to violate foreign citizens’ rights.

Private Sector Actors

In the annual thematic report for 2016 by David Kaye, titled “Freedom of Expression, States and the Private Sector in the Digital Age,”, he first describes the role of the private sector in the digital age, as “pervasive and ever-growing.” In the same report, Kaye poses the key questions about the private sector’s responsibility concerning human rights, which are:

  • Whether private actors should be as responsible for their clients’ rights as the public authorities are responsible for their citizens’ rights?
  • Which legal obligations should be applied or prioritized, the human rights law, or contractual binding terms of service prepared by the companies themselves and nominally agreed upon by their clients?
  • How should the relationship between private actors and the states be like? What private actors should do when demanded by governments to violate the rights of those very governments’ citizens to serve their purposes?

These questions haven’t been answered yet, regardless of the efforts of the Human Rights Council that endorsed in 2011 the “Guiding Principles on Business and Human Rights: Implementing the United Nations ‘Protect, Respect and Remedy’ Framework.” The Guiding Principles, however, were non-binding for companies. Instead, it reaffirmed the responsibility of the states to protect their citizens’ rights not only by refraining from violating them themselves but also by ensuring no third party, especially businesses working within their territories, violates these rights. However, when it comes to violations committed within cyberspace, in most cases, the private sector actor in question is not under the jurisdiction of the state whose citizens’ rights were violated. Consequently, such obligation is either so difficult or impossible to fulfill even if the said state is willing to fulfill it, which in many cases isn’t true either for economic considerations or because of mutual interests achieved by this very violation.

Big Data and Surveillance Capitalism

The term Big Data always conjures an image of humongous quantities of data curated and processed by powerful servers. When it comes to Human Rights, Big Data is always thought of in relation to the right to Privacy.

All of the above is true. Big Data is usually so big. Bigger than anything human knowledge has experienced in history. It’s responsible for the fact that more than 90% of the data available today has actually accumulated within the last year or two. This is huge!

It’s also true that Big Data is tightly connected to the right to Privacy. It’s drawn from people’s activities, mostly private everyday ones. Beginning with searches one query through Google, their clicks while browsing the web, their whereabouts throughout the day, and not ending with their online bank transactions and shopping. Joseph Cannataci, the former UN Special Rapporteur on the right to privacy, says about the large range of diverse data curated online, in a 2017 report: “Data can be temporal, spatial, or dynamic; structured or unstructured; information and knowledge derived from data can differ in representation, complexity, granularity, context, provenance, reliability, trustworthiness, and scope. Data can also differ in the rate at which they are generated and accessed”

Only a tiny fraction of this data is collected anonymously, if at all, and only if we trust the companies claiming so. Most collected data include identification of its subject with the announced purpose of providing a ‘personalized’ experience and services. For most people this is as far as Big Data goes, and while the mere relinquishing of one’s control over such personal data and trusting it to some company with the as-good-as-nothing protection provided by terms of use crafted, in fine print and convoluted legal language, by the same company, people tend to find no harm in that in exchange for free services that most can no longer imagine their lives without them, like having a Facebook account or searching the web using Google Search.

But the truth is that Big Data is not about being ‘big’, nor is it even about the ‘data’ itself. It is more about how and why data is collected and analyzed. This is what turns personal raw data into personal information. As Joseph Cannataci, the former UN Special Rapporteur on the right to privacy, says in his “Big Data and Open Data interim report” of 2017, it “captures our individuality as human beings.” The ability to identify is what gives personal information its value, and this is what big data curators are after. And it’s not simply with the straightforward purpose of selling us more stuff, that we need or want.

Shoshana Zuboff argues that a reasonable definition of big data can’t be reached if we think of it as “a technological object, effect or capability.” She otherwise suggests that “‘big data’ is above all the foundational component in a deeply intentional and highly consequential new logic of accumulation that [she] calls surveillance capitalism.” Zuboff introduces surveillance capitalism as “a new form of information capitalism.” It aims “to predict and modify human behavior” with the purpose of producing revenue and gaining market control. In brief Big Data under the business model of surveillance capitalism doesn’t simply take away our right to control our own personal data, it robs us of the right to self-determination, and the right to participate in shaping the world in a way that allows us to enjoy the rest of our freedoms and rights.

Free Expression, and Free Access and Exchange of Information

Besides the right to privacy, the most discussed human right when it comes to the private sector’s role in Internet Governance is the right to free expression. Unlike the right to privacy, there seem to be more people around the world concerned about the way information intermediaries like Facebook, Twitter, and Google moderate what can be said through social media platforms and other content publishing services like YouTube. It has been highlighted that information intermediaries wield large powers through the free reign and unaccountable decisions they can take as to what can and can’t be published through their sites.

Another right that is usually overlooked is the right to free exchange of information. In fact, negligence starts with referring to this right almost all the time as the right to free access to information. The difference is crucial. Free access is a one-way right. It is your right to freely access available information through the internet. On the other hand, the free exchange of information is two ways right, besides having the right to freely access available information, you have the right to be able to freely transmit information to others. This is exactly why this right is tightly coupled with the right to free expression, as the last is almost nullified if one can’t have their expression communicated to others.

Information intermediaries violate the right to free exchange of information in many ways by limiting, ranking, and prioritizing what is available through search queries, social media timelines, recommendations, highlights, etc.


This paper has aimed to provide an overview of how human rights are related to Internet Governance. It explored how the two major actors in the field of Internet Governance, nation-states and private sector companies, use the tools at their disposal to preserve their interests and maximize their gains, often at the expense of the human rights of their citizens and clients, respectively. While much effort is being made for reaching a binding agreement that guarantees responsibility and accountability of the private sector towards human rights like those of nation-states, it is obvious that this cannot really ensure those rights. International law’s agreements and treaties haven’t prevented governments from violating their citizens’ rights, nor would they prevent companies from doing the same. Only an Internet under the control of its users can guarantee their enjoyment of their rights and freedoms.


Boyd, Danah, and Kate Crawford. 2012. “Critical Questions for Big Data: Provocations for a Cultural, Technological, and Scholarly Phenomenon.” Information, Communication & Society 15 (5): 662–79.

Cannataci, Joseph. 2017. “Big Data and Open Data interim report.” Report A/72/540. Report of the Special Rapporteur on the right to privacy. UN General Assembly.

Daskal, Jennifer. 2015. “Law Enforcement Access to Data Across Borders: The Evolving Security and Rights Issues.” J. Nat’l Sec. L. & Pol’y 8: 473.

Deibert, Ronald, ed. 2008. Access Denied: The Practice and Policy of Global Internet Filtering. The Information Revolution and Global Politics. Cambridge, Mass: MIT Press.

Deibert, Ronald, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain, eds. 2010. Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. Information Revolution and Global Politics. Cambridge, Mass: MIT Press.

Kaye, David. 2016. “Freedom of Expression, States and the Private Sector in the Digital Age.” A/HRC/32/38. Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression. Human Rights Council.

———. 2017. “The Roles Played by Private Actors.” A/HRC/35/22. Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression. Human Rights Council.

Mayer-Schönberger, Viktor, and Kenneth Cukier. 2013. Big Data: A Revolution That Will Transform How We Live, Work, and Think. Boston: Houghton Mifflin Harcourt.

Ruggie, John. 2011. “Guiding Principles on Business and Human Rights: Implementing the United Nations ‘Protect, Respect and Remedy’ Framework.” A/HRC/17/31. Report of the Special Representative of the SecretaryGeneral on the issue of human rights and transnational corporations and other business enterprises. Human Rights Council.

UNHRC. 2008. “Mandate of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression.” Resolution 7/36. Human Rights Council.

———. 2011. “Human rights and transnational corporations and other business enterprises.” Resolution A/HRC/RES/17/4. Resolutions adopted by the Human Rights Council. Human Rights Council.

Zuboff, Shoshana. 2015. “Big Other: Surveillance Capitalism and the Prospects of an Information Civilization.” Journal of Information Technology 30 (1): 75–89.