On this day 25 years ago, in the sterile bar of an anonymous business hotel in Luxembourg, I hosted the first meeting of the global watchdog Privacy International.
Numerically tiny as it was, that moment – in many respects – marked the commencement of the international privacy advocacy movement. I recall that attendees included UK privacy expert Steward Dresner, Canadian tech expert Tom Riley and the late and unsurpassable Professor Jon Bing from Norway. They were supported by visionaries such as renowned Australian professor Graham Greenleaf, Justice Michael Kirby and the influential US advocate Marc Rotenberg.
Those were strange times. Privacy was an arcane subject that was on very few radar screens. The Internet had barely emerged, digital telephony was just beginning, the NSA was just a conspiracy theory and email was almost non-existent (we called it electronic mail back then). We communicated by fax machines, snail mail – and through actual real face to face meetings that you travelled thousands of miles to attend.
I’d started PI after surviving several years in this field. It was because all of us in this arena were handicapped by lack of communication between nations and disciplines. Campaigners in one country rarely knew what was happening in another country. And yet the forces of surveillance were increasingly linking arms each day.
Of course, in truth, there isn’t a single day that you could ascribe to the actual silver jubilee of Privacy International. Throughout 1989 and 1990 the organisation had cemented itself into the international ecosystem through numerous milestones. And since its birth, through its efforts, the field has transformed into a true litmus test of democracies. We helped expose national security abuses, police corruption, corporate thuggery and government excesses in fifty countries. PI should mark the entirety of 2015 as its birthday.
We noted in our initial 1990/1991 report that the international response to the initiative was overwhelming.
Professor Ruth Gavison of the Association for Civil Rights in Israel observed:
I share the feeling that invasions of privacy through computers and surveillance will become more important in the future, and that an international organisation may have some relative advantage in dealing with these problems than national civil rights groups, committed as they may be.
The Egyptian Organisation for Human Rights saluted the initiative, and confirmed the view that the formation of a privacy network would fill a void in the international scene. In a letter to Simon Davies, Secretary General Bahey El Din Hassan said:
We are happy to hear of the formation of Privacy International. We believe that such an organisation will fill a certain gap in the structure of the international human rights movement. Giving more attention than customary to civil rights we salute your initiative in this regard and we appreciate your vigorous pursuit of a truly international scope for Privacy International.
A very clear decision had to be made from the outset about the countries that would be involved in the organisation. This decision was dependent, largely, on the outcome of discussions relating to the scope of Privacy International.
Canadian privacy advocate Pierrot Peladeau was eloquent in his argument for unrestricted membership. He wrote:
The organisation must be involved with countries which do not formally embrace privacy concerns. We cannot efficiently protect privacy interests in OECD countries without a clear vision of what is happening throughout the world, the north with responsibilities toward the south, the west toward the east. The organisation must also be involved with countries that blatantly violate privacy rights and interests. We must support those countries’ civil rights organisations and advocates working on privacy issues by including them in our information links and collaboration networking, but also by giving them the expertise and international pressure they ask for. For this, a fully independent, non-governmental organisation is needed.
We engaged “Human Rights Internet” based at Harvard Law School to identify organisations in developing countries that might have an interest in the privacy and data protection area. A substantial list was compiled, and a selection of these were approached. About sixty per cent of human rights organisations in developing countries responded favourably. Mirna Anaya, General Coordinator of the Comision para la Defensa de los Derechos Humanos en CentroAmerica in Costa Rica set the following response:
In general, the privacy issue is one that we in Central America, deal with on a constant basis. Most of the organisations in the “popular sector” throughout Central America are watched and threatened by para-military and military forces. It is often the case that this surveillance and harassment, obviously an infringement of numerous rights that fall under the notion of privacy rights, is followed by illegal captures, lengthy illegal detentions with torture, and disappearance.
Last week I asked some of PI’s founding members from that time to offer observations on PI’s significance and also to ponder on what has changed in that quarter century:
Professor Colin J. Bennett
Department of Political Science
University of Victoria
“When Privacy International was first established in the early 1990s, it dedicated itself to the simple proposition that personal data should not be captured, disclosed, mined, profiled, processed and otherwise manipulated without the individual having some say in the matter. That is a principle that should endure regardless of the organization, and regardless of the technology. The 25th Anniversary of Privacy International should allow us to reflect on what has NOT changed over this time.”
Robert Ellis Smith
Publisher, Privacy Journal
When PI convened the usual suspects in Washington in spring 1990, it brought a few of the international activists whose work we were learning about for the first time. American advocates were focused then on persistent abuses in credit bureaus, elemental negligence by organizations in handling the new capability of sending mail electronically to each other, incidents of “computer crime” (not yet called hacking), use of medical information for marketing, whether the U.S. wiretapping law covered the emerging cell-phone technology, “target marketing” to identify likely customers based on stored data about them, and the pros and cons of “Caller ID,” which sends the caller’s number to the recipient’s telephone. This opened our eyes to international concerns: a coming directive on data protection in Europe, oppressive surveillance in regimes around the world, and the requirement of possessing a national identity card.
Marc Rotenberg, President
Electronic Privacy Information Center
“First, it should be said simply on the 25th anniversary of Privacy International, that this initiative was both brilliant and timely. With the launch of PI, Simon helped establish a political movement that spanned the globe. He put in place a network of expert advisors. He began formal reporting on privacy developments and initiated campaigns to safeguard a fundamental right of enormous importance in the information age. The media took note as did governments. He was catalyst, advocate, strategist, and architect. And he could not be ignored.*
“What has changed over 25 years? Much that could be expected. Technology has become more sophisticated and more intrusive. The demands for personal information by government and business have vastly increased. New systems for mass surveillance have been put in place. But the public now debates these issues. There are campaigns and there is opposition. Reports inform decisions and expert advisors and NGO leaders across borders collaborate in support of a valued human right. A political movement has gained force.
The Hon Justice Michael Kirby
Chair of the OECD Expert Group On Transborder Data Barriers and the Protection of Privacy 1978-80
Chair of the OECD Expert Group on Security of Information Systems 1991-92
Australian Privacy Medal 2009 and EPIC International Privacy Champion Award 2010
Twenty five years ago, when Privacy International was established, many well-respected commentators were ready to declare that privacy was dead. This was so, although, in 1980, the OECD Expert Group that I had the privilege to chair had produced a series of influential guidelines on the basic rules that needed to be observed if the human value of privacy was to be safeguarded. Those guidelines influenced the development of legal protections, both in the public and private sectors in countries of Europe, North America and the Asia-Pacific region. However, the pundits predicted that the burgeoning growth of collections of private data together with astonishing developments in information technology would make it next to impossible to afford effective protections.
The deep feelings that people persistently expressed about invasions of privacy and the sense of outrage that many notable instances occasioned, seem to demonstrate that privacy was far from dead. But it needed strong friends and allies if effective remedies were to be fashioned. The OECD guidelines of 1980 had already drawn upon initiatives earlier taken by the Nordic Council, the Council of Europe and the European nations. These initiatives together stimulated further developments in the European Union, APEC,ASEAN and parts of Africa. These initiatives have been helpfully described by Lee A Bygrave in his book “Data Privacy Law – An International Perspective’’ (OUP, 2014). Remarkably (even astonishingly) developments began to occur throughout Asia. These have been collected by Graham Greenleaf in his wonderful recent book ‘’Asian Data Privacy Laws – Trade and Human Rights Perspectives ‘’ (OUP 2014). Whilst several of the laws there described are tentative and ineffective, others are strong and defensive. They suggest that privacy is, after all, a universal value known to every continent and culture. They also demonstrate the effectiveness of global trade as a stimulus to the provision of privacy defences, as the price exacted for transborder data trade.
Nonetheless, the decades since 1980 – and especially since Privacy International was founded in 1990 – have continued to manifest new and puzzling challenges to effective protections for privacy. These challenges include social networks, increased surveillance in the name of antiterrorism and the avalanche of meta data that governments and powerful private interests demand access to. These concerns are reviewed in the excellent survey edited by Kieron O’Hara and his colleagues in the Digital Enlightenment Yearbook 2014 (IOS Press, Amsterdam 2014). Lawmaking finds it difficult to keep up with complex technology, changing social values and powerful new interests. Yet Democratic pressures relentlessly instance popular demands for protection and remedies.
The Universal Declaration of 1948 recognised privacy as a fundamental and universal human right of all people, everywhere. Preserving and protecting that right is a duty of governments, corporations and individuals throughout our increasingly interconnected world. Privacy International, as a global civil society organisation, plays an important role in voicing concerns, identifying dangers and suggesting protections both legal and technological. For this role, we must be grateful.