Introduction

This document endeavours to provide access to the many international instruments that influence privacy laws in jurisdictions all over the world. Particularly important instruments are in bold-face type. If you’re aware of errors or omissions, please let us know.


Contents


UN Instruments

The Universal Declaration of Human Rights (UDHR 1948)

The document is at http://www.un.org/en/universal-declaration-human-rights/index.html. It includes:

Article12

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

The (UN) International Convention on the Elimination of … Racial Discrimination (1965)

This was adopted in 1965, and entered into force in 1969. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CERD.aspx

The (UN) International Covenant on Economic, Social and Cultural Rights (1976)

This was adopted in 1966, and entered into force in 1976. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CESCR.aspx

The (UN) Convention on the Elimination of … Discrimination against Women (1979)

This was adopted in 1979, and entered into force in 1981. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CEDAW.aspx

The (UN) Convention against Torture (1984)

This was adopted in 1984, and entered into force in 1987. The document is at http://www.ohchr.org/EN/ProfessionalInterest/Pages/CAT.aspx

The UN Convention on the Rights of the Child (1989)

This was adopted on 20 November 1989, and entered into force on 2 September 1990. The document is at http://www.ohchr.org/en/professionalinterest/pages/crc.aspx. It includes:

Article16

1. No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.
2. The child has the right to the protection of the law against such interference or attacks.

The UN Guidelines [re] Computerized Personal Data Files (1990)

This was adopted by the General Assembly on 14 December 1990. The UN’s web-site management is so incredibly incompetent that it’s very difficult to find. Try https://epic.org/privacy/intl/guidelines_for_the_regulation_.html

The (UN) Convention on the Rights of Persons with Disabilities (2006)

This was adopted in 2006, and entered into force in 2008. The document is at https://www.un.org/development/desa/disabilities/convention-on-the-rights-of-persons-with-disabilities.htmlx


The International Covenant on Civil and Political Rights (ICCPR 1966)

The document is at http://www.austlii.edu.au/au/other/dfat/treaties/1980/23.html. UN organisations are incapable of sustaining any URL for longer than a couple of years. So here’s a mirror of the original ICCPR document.

For an overview of the many Articles that relate to privacy, see Clarke (2014). The most-often-quoted is:

Article 17

  1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour or reputation.
  2. Everyone has the right to protection of the law against such interference or attacks.

The ICCPR is the subject of a General Comment (1988), at http://tbinternet.ohchr.org/Treaties/CCPR/Shared%20Documents/1_Global/INT_CCPR_GEC_6624_E.doc. And here’s a mirror of that document. This includes clarification of the sloppy wording in Art. 17.2. The UN declares that “The obligations imposed by [Art. 17] require the State to adopt legislative and other measures to give effect to the prohibition against such interferences and attacks as well as to the protection of this right”.


The OECD Guidelines (1980)

Organisation for Economic Cooperation and Development’s:

Note that the OECD is all about economic development, and social issues and civil liberties are constraints / nuisances.

Here is the OECD’s Information and Security page.

And be warned the OECD’s site appears to have been outsourced to some organisation that cares little for sustaining longstanding links. As a fallback measure, here is a mirror of the 1980 Principles


The Council of Europe’s Convention on Human Rights (1950)

The document is at http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm. It includes:

Article 8 – Right to respect for private and family life

Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

(Lee Bygrave comments that Article 8 uses language similar to but not identical with UDHR Article 12, that it sets out the criteria for justifying interference with private life, and that it has generated a great deal of case law).


The Council of Europe Convention 108 [re] Personal Data (1981)

Convention No 108 is at http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108.

There is an Additional Protocol regarding supervisory authorities and transborder data flows (2001), at http://conventions.coe.int/Treaty/en/Treaties/Html/181.htm

The Council of Europe Convention 185 on Cybercrime (2001)

Convention 185 is at https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680081561.


The European Union

The E.U. has a considerable collection of laws and institutions relating to Data Protection.

The Charter of Fundamental Rights of the European Union (2000)
Article 7 – Respect for private and family life

Everyone has the right to respect for his or her private and family life, home and communications.

Article 8 – Protection of personal data

  1. Everyone has the right to the protection of personal data concerning him or her.
  2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
  3. Compliance with these rules shall be subject to control by an independent authority.

The EU Directives (1995-2018, 1997 and 2002)

The primary document is EU Directive 95/46/EC, mirrored here.

The EU provides a page listing EU Legislative Documents and case law relating to Data Protection

[Warning: The EU has an atrocious track-record of reorganising its web-sites every few years and breaking all bookmarks]

Here’s a copy of the thoroughly inadequate ‘Safe Harbor’ document that the EC let US corporations get away with for well over a decade until the EU courts got a chance to rule on it.

Here’s the also inadequate ‘Privacy Shield’ that the EC permitted to be substituted for ‘Privacy Safe Harbor’. It hasn’t been evaluated by the courts yet.

The EU General Data Protection Regulation (GDPR – 2018-)

Until the EU publishes an accessible and adequate-quality copy, use this document.

The ‘Privacy Shield’ arrangements will be even more inadequate in comparison with the GDPR, but it might take a decade of privacy abuse before the EU courts get a chance to review it.


Asia-Pacific Economic Cooperation (APEC)

The APEC Privacy Framework was approved in November 2004.

APEC’s web-site management is just as incompetent as that of the other international agencies. (And that’s in addition to it being dominated by the USA, and hence highly anti-privacy in its stance). So here’s a mirror.


Other Known International Instruments

The [Inter-]American Declaration of the Rights and Duties of Man (Art V)

The [Inter-]American Convention on Human Rights (Art 11)

African Union Convention on Cyber Security and Personal Data Protection [2014] IDPrivAgmt 1 (24 June 2014)


Resources

Valuable resources on the web are as follows:

In print, see:

  • Bygrave L. (1998) ‘Data Protection Pursuant to the Right to Privacy in Human Rights Treaties’ International Journal of Law and Information Technology, 1998, 6, 247-284, at http://folk.uio.no/lee/oldpage/articles/Human_rights.pdf
  • Bygrave L. (2002) ‘Data Protection Law: Approaching its Rationale, Logic and Limits’ Kluwer Law International, 448 pp. (August 2002), esp. chapters 2-4
  • Greenleaf G.W. & Waters N. (Eds.) (1994-2006) ‘Privacy Law & Policy Reporter’, monthly, available from http://www.austlii.edu.au/au/journals/PrivLawPRpr/
  • Holvast J., Madsen W. & Roth P. (2000-) ‘The Global Encyclopaedia on Data Protection Regulation’, Looseleaf, Kluwer Law International
  • Rotenberg M. (1999) ‘The Privacy Law Sourcebook’, EPIC, 1999, available from EPIC

Acknowledgements

This resource could be developed only by standing on the shoulders of giants, namely:

Thanks also to other contributors, particularly Lee Bygrave and Graham Greenleaf.