Is the collection use and storage of data by private companies a threat to human rights?
While states are responsible for protecting privacy rights under human rights law, it is arguably private companies which provide digital infrastructure, products and services that have the greatest impact on them.
Personal data is a valuable commodity and a major asset, routinely collected, analysed, aggregated and stored on a massive scale.
The consumer benefits are clear – and increasingly, so are the risks.
Algorithms can be unintentionally discriminatory.
Metadata can be used to deduce someone’s background, religion, political beliefs, gender identity, and – as researchers at Stanford University have shown – even medical conditions.
Since the Facebook/ Cambridge Analytica scandal broke last year, the role of the big tech companies such as Facebook, Google and Apple in protecting the right to privacy is increasingly coming under scrutiny, with greater pressure for regulation.
The increasingly rapid development of Artificial Intelligence presents some of the most challenging ethical and social questions – in both the public and private sector.
Purpose of the inquiry
The key human right at risk is the right to private and family life (Article 8 ECHR), but freedom of expression (Article 10 ECHR), freedom of association (Article 11), and non-discrimination (Article 14 ECHR) are also at risk.
The right to privacy is also protected in domestic law by the Data Protection Act 2018 , and the UN Guiding Principles on Business and Human Rights 9: see Note 1 below.
Send us your views
As a first step, before focusing its inquiry further, the Joint Committee on Human Rights seeks written evidence on the threats posed to human rights by the collection, use and storage of personal data by private companies and examples of where they have been breached.
In particular we are interested in the following questions:
- Are some uses of data by private companies so intrusive that states would be failing in their duty to protect human rights if they did not intervene?
- If so, what uses are too intrusive, and what rights are potentially at issue?
- Are consumers and individuals aware of how their data is being used, and do they have sufficient real choice to consent to this?
- What regulation is necessary and proportionate to protect individual rights without interfering unduly with freedom to use and develop new technology?
- If action is needed, how much can be done at national level, and how much needs international cooperation?
- To what extent do international human rights standards, such as the UN Guiding Principles on Business and Human Rights, have a role to play in preventing private companies from breaching individuals rights to privacy?
Submissions should be no more than 3,000 words.
The deadline for written submissions has been extended to Thursday 28 March.
Please use the written submission form.