This document endeavours to provide access to the many international instruments that influence privacy laws in jurisdictions all over the world. Particularly important instruments are in bold-face type. If you’re aware of errors or omissions, please let us know.
- Instruments with Direct Worldwide Implications
- The Universal Declaration of Human Rights (UDHR 1948)
- The (UN) International Convention on the Elimination of … Racial Discrimination (1965)
- The (UN) International Covenant on Economic, Social and Cultural Rights (1976)
- The (UN) Convention on the Elimination of … Discrimination against Women (1979)
- The (UN) Convention against Torture (1984)
- The United Nations Convention on the Rights of the Child (1989)
- The United Nations Guidelines [re] Computerized Personal Data Files (1990)
- The (UN) Convention on the Rights of Persons with Disabilities (2006)
- The International Covenant on Civil and Political Rights (ICCPR 1966)
- The OECD Guidelines (OECD 1980)
- The Universal Declaration of Human Rights (UDHR 1948)
- Significant Regional Instruments
- The Council of Europe (Europe of the 47)
- The European Union (Europe of the 28)
- Other Regional Instruments
The document is at http://www.un.org/en/universal-declaration-human-rights/index.html. It includes:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
This was adopted in 1965, and entered into force in 1969. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CERD.aspx
This was adopted in 1966, and entered into force in 1976. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CESCR.aspx
This was adopted in 1979, and entered into force in 1981. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CEDAW.aspx
This was adopted in 1984, and entered into force in 1987. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CAT.aspx
This was adopted on 20 November 1989, and entered into force on 2 September 1990. The document is at http://www.ohchr.org/en/professionalinterest/pages/crc.aspx. It includes:
1. No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.
2. The child has the right to the protection of the law against such interference or attacks.
This was adopted by the General Assembly on 14 December 1990. The UN’s web-site management is so incredibly incompetent that it’s very difficult to find. Try https://epic.org/privacy/intl/guidelines_for_the_regulation_.html
This was adopted in 2006, and entered into force in 2008. The document is at https://www.un.org/development/desa/disabilities/convention-on-the-rights-of-persons-with-disabilities.htmlx
The document is at http://www.austlii.edu.au/au/other/dfat/treaties/1980/23.html. UN organisations are incapable of sustaining any URL for longer than a couple of years. So here’s a mirror of the original ICCPR document.
For an overview of the many Articles that relate to privacy, see Clarke (2014). The most-often-quoted is:
- No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour or reputation.
- Everyone has the right to protection of the law against such interference or attacks.
The ICCPR is the subject of a General Comment (1988), at http://tbinternet.ohchr.org/Treaties/CCPR/Shared%20Documents/1_Global/INT_CCPR_GEC_6624_E.doc. And here’s a mirror of that document. This includes clarification of the sloppy wording in Art. 17.2. The UN declares that “The obligations imposed by [Art. 17] require the State to adopt legislative and other measures to give effect to the prohibition against such interferences and attacks as well as to the protection of this right”.
Organisation for Economic Cooperation and Development’s:
- Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, Paris, 1980)
- Revision of 2013
Note that the OECD is all about economic development, and social issues and civil liberties are constraints / nuisances.
Here is the OECD’s Information and Security page.
And be warned the OECD’s site appears to have been outsourced to some organisation that cares little for sustaining longstanding links. As a fallback measure, here is a mirror of the 1980 Principles
The document is at http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm. It includes:
Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
(Lee Bygrave comments that Article 8 uses language similar to but not identical with UDHR Article 12, that it sets out the criteria for justifying interference with private life, and that it has generated a great deal of case law).
Convention No 108 is at http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108.
There is an Additional Protocol regarding supervisory authorities and transborder data flows (2001), at http://conventions.coe.int/Treaty/en/Treaties/Html/181.htm
Convention 185 is at https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680081561.
The E.U. has a considerable collection of laws and institutions relating to Data Protection.
The Charter of Fundamental Rights of the European Union (2000)
Article 7 – Respect for private and family life
Everyone has the right to respect for his or her private and family life, home and communications.
- Everyone has the right to the protection of personal data concerning him or her.
- Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- Compliance with these rules shall be subject to control by an independent authority.
[Warning: The EU has an atrocious track-record of reorganising its web-sites every few years and breaking all bookmarks]
Here’s a copy of the thoroughly inadequate ‘Safe Harbor’ document that the EC let US corporations get away with for well over a decade until the EU courts got a chance to rule on it.
Here’s the also inadequate ‘Privacy Shield’ that the EC permitted to be substituted for ‘Privacy Safe Harbor’. It hasn’t been evaluated by the courts yet.
Until the EU publishes an accessible and adequate-quality copy, use this document.
The ‘Privacy Shield’ arrangements will be even more inadequate in comparison with the GDPR, but it might take a decade of privacy abuse before the EU courts get a chance to review it.
The APEC Privacy Framework was approved in November 2004.
APEC’s web-site management is just as incompetent as that of the other international agencies. (And that’s in addition to it being dominated by the USA, and hence highly anti-privacy in its stance). So here’s a mirror.
The [Inter-]American Declaration of the Rights and Duties of Man (Art V)
The [Inter-]American Convention on Human Rights (Art 11)
African Union Convention on Cyber Security and Personal Data Protection  IDPrivAgmt 1 (24 June 2014)
Valuable resources on the web are as follows:
- AustLII’s World Subject-Index for Privacy
- AHRC’s Page on Rights and Freedoms
- Privacy International’s ‘State of Privacy’
- GILC’s International Survey of Privacy Laws and Practice
- EPIC’s International Privacy Sites
In print, see:
- Bygrave L. (1998) ‘Data Protection Pursuant to the Right to Privacy in Human Rights Treaties’ International Journal of Law and Information Technology, 1998, 6, 247-284, at http://folk.uio.no/lee/oldpage/articles/Human_rights.pdf
- Bygrave L. (2002) ‘Data Protection Law: Approaching its Rationale, Logic and Limits’ Kluwer Law International, 448 pp. (August 2002), esp. chapters 2-4
- Greenleaf G.W. & Waters N. (Eds.) (1994-2006) ‘Privacy Law & Policy Reporter’, monthly, available from http://www.austlii.edu.au/au/journals/PrivLawPRpr/
- Holvast J., Madsen W. & Roth P. (2000-) ‘The Global Encyclopaedia on Data Protection Regulation’, Looseleaf, Kluwer Law International
- Rotenberg M. (1999) ‘The Privacy Law Sourcebook’, EPIC, 1999, available from EPIC
This resource could be developed only by standing on the shoulders of giants, namely:
- AustLII (Australian Legal Information Institute)
- EPIC (Electronic Privacy Information Center)
- GILC (Global Internet Liberty Campaign)
- Privacy International
Thanks also to other contributors, particularly Lee Bygrave and Graham Greenleaf.