The right to privacy in digital age Reflection on the Vietnamese context The right to privacy in digital age Reflection on the Vietnamese context The right to privacy in digital age Reflection on the Vietnamese context
Trang 1THE RIGHT TO PRIVACY IN DIGITAL AGE: REFLECTION ON THE VIETNAMESE CONTEXT
Lê Trần Như Tuyên and Vũ Công Giao
The Right to privacy is a fundamental right, essential to autonomy and the protection of human dignity While the righ to privacy has become one of the most important human rights issues of the modern age, the level of privacy continues to diminish owing to the continued, rapid pace of technological advances Without question, the Digital Age has resulted in broad social impacts and widespread lifestyle changes It has increased and improved the ability to communicate and find important information Additionally, it has made globalization possible which has, in turn, resulted in more effective and efficient business productivity But Digital Age may poses incredibly complex risks to privacy Meanwhile, in many countries, laws have not kept up with the technology, leaving significant gaps in protections Understanding the privacy issues is so importand and needed to identify fruitful avenues for future privacy in the digital age
1 Overview of the Digital Age and the Right to privacy
In this day, we are living in the digital age The growth of digital has opened up a new era of science and technology for humanity, which is also the key factor promoting the fourth industrial revolution (4IR)
The Digital Age (also known as the Computer Age, Information Age, or New Media Age) is a historic period in the 21st century characterized by the rapid shift from traditional industry that the Industrial Revolution brought through industrialization, to an economy based on information technology The technological advancements in digital age impact not only economic but many other sides of society It creates a knowlegde-based society surrounded by high technology Besides the fundamental role of the Internet, the focal point of the digital age is now the Artificial Intelligence (AI), the Internet of Things (IoT), Big Data and so on There is no doubt that the digital age is the era of significant scientific and technical development, enable the mankind to put a big step forward However, we should also be aware of the challenges in this era, especially the difficulties in protecting human rights in general and the privacy rights in particular
The Right to privacy (also known as Privacy) is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built The righ to privacy has become one of the most important human rights issues of the modern age
In spite of the fact that privacy only became a generally accepted right in the 19th-20th century, privacy had existed long before this era Privacy has roots deep in history, it has its origins already in the ancient societies Even the Bible has some passages where the violation of privacy appeared in its early form702 From a legal point of view, the Code of Hammurabi
702
Richard Hixson (1987), Privacy in a Public Society: Human Rights in Conflict 3 See Barrington Moore(1984), Privacy:
Trang 2contained a paragraph against the intrusion into someone‘s home, or the Roman law also regulated the same question703 These protections mostly focused on the right to solitude The idea of privacy traditionally comes from the difference between ‗private‘ and ‗public‘, which distinction comes from the natural need of the individual to make a distinction between himself/herself and the outer world The limits between private and public differ according to the given era and society, which will cause the on-going change throughout history of what people consider private
During the 19th century the new changes in the economy and inthe society led to the transformation of the way people lived and these new changes had consequences for privacy too, as physical and mental privacy were separated and started to evolve in two different ways Another very important change was the appearance and growth of (tabloid) newspapers, which were a fertile area for gossip and photojournalism704 It was Samuel D Warrenand Louis D Brandeis who first recognized the threats to privacy caused by the technological and societal developments in their famous article The Right to Privacy in 1890 In this paper the authors argued that as political, social and economic changes occur inthe society, the law has to evolve and create new rights in order to ‗meet the demand of society‘ and ensure the full protection of the person and the property705 They recognized two phenomena that posed a threat to privacy: technological development (namely instantaneous photographs) and gossip, which became a trade in newspapers Considering these changes, they were the first to demand the recognition of the right to privacy (which they defined as ‗the right to be let alone‘) as a separate and general right Although this early vague legal concept did not describe privacy in a way that made it easy to design broad legal protections of privacy, it strengthened the notion of privacy rights for individuals, basically ensured protection against the unwanted disclosure of private facts, thoughts, emotions, etc and began a legacy of discussion on those rights
Despite the fact that the claim for privacy in universal, there was no universal definition of privacy could be created The boundaries and content of what is considered private differ among cultures and individuals, but share common themes There are many different ways privacy can be interpreted and many aspects of privacy exist Privacy can be understand as the right of the individual to be let alone, limited access to the self, secrecy, control of personal information, personhood and human intimacy
Privacy protection is frequently seen as a way of drawing the line at how far society can intrude into a person's affairs The Global Internet Liberty Campaign published a report in 2004, entitled ‗privacy and human right An International Survey of Privacy Laws and Practice‘ that provides details of the state of privacy in fifty countries from around the world According to
Studies in Social and Cultural History
Trang 3the report privacy can be divided into the following facets706: 1) Information Privacy; 2) Bodily privacy; 3) Privacy of communications; 4) Territorial privacy According to the International Human Rights Law, right to privacy is a fundamental right but not an absolute human right Every person to be protected against arbitrary or unlawful interference whether they emanate from State authorities or from natural or legal persons But as all persons live in society, the protection of privacy is necessarily relative However, the competent public authorities should only be able to call for such information relating to an individual‘s private life the knowledge of which is essential in the interests of society Privacy underpins human dignity and other key values such as freedom of association and freedom of speech
As technologies continue to develop, conceptualisations of privacy have developed alongside them Privacy concerns are nowadays focused to lies mainly on users‘ control of their personal information/data Attorney Daniel J Solove wrote extensively on the topic in ‗A Taxonomy of Privacy‘ He lists four general categories of privacy-harming activities: information collection, information processing, information dissemination, and invasion He then subdivides each of these categories, creating an impressive taxonomy of no less than 16 ways that privacy can be breached The challenge of data privacy is to use data while protecting an individual's privacy preferences and their personally identifiable information
2 Right to privacy in the International Human Rights Law
The modern privacy benchmark at an international level can be found in the 1948 Universal Declaration of Human Rights707, which specifically protected territorial and communications privacy According to Article 12 of the UDHR, it can be seen that the connotation of private life‘s values needs protecting, not only those of each individual but also of their families, residence, and correspondence, but also those of dignity and personal credit Although the qualities of private life‘s values are not fully conveyed in international laws, their interpretations are relatively specific and detailed This makes it easier for countries to make use of the definitions and put them into their laws instead of ‗devising‘ the values themselves Numerous international human rights covenants give specific reference to privacy as a right: The International Covenant on Civil and Political Rights (ICCPR), Article 17; The UN Convention on Migrant Workers, Article 14; The United Nations Convention on the Rights of the Child, Article 16; Convention on the Rights of Personswith Disabilities, Article 22
Through the provisions and definitions of the rights to protection of private life, the International Human Rights Law mainly focuses on the duties of governments in protecting privacy with laws When the law‘s birth context is taken into consideration, the reasons for acknowledging the protection of private life were ‗the increasing danger level of interventions‘ and ‗intricate interventions via the development of technologies‘ (such as electronic surveillance by state agencies) Therefore, limiting the arbitrary interventions of states into
Trang 4private life of residents is important The emphasis on the protecting roles of laws, though suitable with the International Human Rights Law, unintentionally eclipses individuals‘ duties to protect their own private life, which normally is more effective than relying on the help by states since the application of laws, in general, needs to go through certain procedures that may slow down the restoration of the violated private life‘s values
On the regional level, these rights are becoming enforceable The 1950 Convention for the Protection of Human Rights and Fundamental Freedoms708, Article 8 states: (1) Everyone has the right to respect for his private and family life, his home and his correspondence; (2) There shall be no interference by a public authority with the exercise of this right except as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others The Convention created the European Commission of Human Rights and the European Court of Human Rights to oversee enforcement Both have been particularly active in the enforcement of privacy rights and have consistently viewed Article's protections expansively and the restrictions narrowly
Article 11 of the American Convention on Human Rights sets out the right to privacy in terms similar to the Universal Declaration709 In 1965, the Organization for American States proclaimed the American Declaration of the Rights and Duties of Man, which called for the protection of numerous human rights including privacy710 The Inter-American Court of Human Rights has also begun to addresses privacy issues in its cases African Charter on the Rights and Welfare of the Child711, Arab charter on human rights712, ASEAN human rights declaration713 also has articles about protection of Privacy
Interest in the right of privacy increased in the 1960s and 1970s with the advent of information technology (IT) The surveillance potential of powerful computer systems prompted demands for specific rules governing the collection and handling of personal information, two crucial international instruments evolved The Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data714 and the Organization for Economic Co-operation and Development's Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data715 articulate specific rules covering the handling of electronic data The rules within these two documents form the core of the Data Protection laws of dozens of countries These rules
O.A.S Res XXX, adopted by the Ninth Conference of American States, 1948 OEA/Ser/ L./V/I.4 Rev (1965)
711 African Charter on the Rights and Welfare of the Child, Article 10, http://www.achpr.org/instruments/child/
Trang 5describe personal information as data which are afforded protection at every step from collection through to storage and dissemination The right of people to access and amend their data is a primary component of these rules.The expression of data protection in various declarations and laws varies only by degrees All require that personal information must be: 1) Obtained fairly and lawfully; 2) Used only for the original specified purpose; 3) Adequate, relevant and not excessive to purpose; 4) Accurate and up to date; and 5) Destroyed after its purpose is completed
These two agreements have had a profound effect on the adoption of laws around the world Over twenty countries have adopted the COE convention and another six have signed it but have not yet adopted it into law The OECD guidelines have also been widely used in national legislation, even outside the OECD countries Privacy is a basic human right and the reasonable expectation of every person With technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged As the technology gets more sophisticated, so do the uses of data And that leaves every facing an incredibly complex risks for ensuring that personal information is protected
3 The Need For Legislation of privacy in Digital Age
The digital age began in earnest with the widespread use of the Internet716 and no technology has reached more people in as short a space of time as the Internet — and it has not finished yet717 The internet is one of the areas in which informational privacy, the protection of personal information, has become crucial Internet users do ‗not want to be left alone‘; they want to partake in the offerings of the internet and participate in what has become one of their most important social spheres Privacy concerns are nowadays focused to a large extent on the information we share or generate on the internet, often publicly, rather than what we wish to conceal within the private confines of our homes The notion of privacy has adapted to those changing circumstances and today the focus lies mainly on users‘ control of their personal information/data There are three longstanding pillars of information privacy stemming from the OECD Guidelines are:
1) Collection limitation: collection of personal information should be limited to only what is necessary; personal information should only be collected by lawful and fair means; and where appropriate, should be collected with the knowledge and/or consent of the individual
2) Purpose specification: the purpose of collecting personal information should be specified to the individual at the time of collection
3) Use limitation: personal information should only be used or disclosed for the purpose for which it was collected, unless there isconsent or legal authority to do otherwise
716
Victor X Wang (Florida Atlantic University, USA) (2012), Handbook of Research on Technologies for Improving the
21st Century Workforce: Tools for Lifelong Learning, Chapter 3: Engaging Adult Learners with Innovative Technologies - Dennis Beck (University of Arkansas, USA) and Claretha Hughes (University of Arkansas, USA), p.41 717 Richard Hodson (2018), Digital revolution, An explosion in information technology is remaking the world, leaving few
aspects of society untouched, https://www.nature.com/articles/d41586-018-07500-z
Trang 6The underlying goal of these intertwined principles is to minimise the amount of information any one organisation holds about an individual, and to ensure that the way the information is handled is consistent with the expectations of that individual AI fundamentally challenges all three of these principles The very nature of many AI techniques, particularly machine learning, rely on ingesting massive amounts of data in order to train and test algorithms In fact, many individuals are often not fully aware of the amount of information being collected about them from their devices and subsequently being used as input data for AI systems This creates a level of conflict as limiting the collection of personal information is incompatible with the functionality of AI technologies and the devices that collect data to support it, but collecting such vast amounts of information creates inherent privacy risks
Providing an explanation of the purpose ofcollection (generally through a collection notice) is how most organisations adhere to the purpose specification principle In some cases, organisations may not necessarily know ahead of time how the information will be used by AI in the future.There is a risk of excessive data collection beyond what is necessary ‗just in case‘, using overly broad collection notices and privacy policies in an attempt to 'catch-all' This kind of practice allows organisations to claim technical compliance with their privacy obligations, but it is disingenuous and inconsistent with the underlying goal of the collection limitation principle Further, it undermines the ability of individuals to exercise meaningful control over their personal information Once collected, the use limitationprinciple endeavours to ensure personal information is only used for the purpose for which it was collected In general, organisations are also permitted to use personal information for a secondary purposethat would be 'reasonably expected' by the individual This raises the question of whether information being used as input data for an AI system can be considered a 'reasonably expected secondary purpose', given that in many instances, the outcome of doing so would be unknown to the individual Organisations are likely to find it difficult to ensure personal information is only used for thepurpose it was collected for when using AI technologies
In many countries, data protection laws are inadequate or do not even exist, so data are analysed without the prior consent of users Moreover, the safe anonymisation of data cannot be ensured anymore when large data volumes are collected and collated Convergence makes data are often automatically cross-referenced, computerised tools allow individuals to be re-identified from insufficiently anonymised data sets Once disclosed, these data may be retained forever, often without the knowledge of the individuals concerned, and be removed with difficulty Hence, it has become hard for individuals to manage and control their personal spheres Perhaps the most significant challenge to privacy is that the right can be compromised without the individual being aware With other rights, you are aware of the interference - being detained, censored, or restrained With other rights, you are also aware of the transgressor - the detaining official, the censor, or the police Many of the world‘s most data-intensive companies hail from the US – and are criticised for what is perceived to be an
Trang 7excessive accumulation and use of their users‘ personal data Piled on top of this, we know that the National Security Agency (NSA) of the United States has been at the forefront of a group of intelligence agencies that have been using that and other data to build massive databases containing information on millions of people living everywhere that today‘s information and computer technologies reach We only know this thanks to Edward Snowden's revelations, a Central Intelligence Agency (CIA) employee and subcontractor
The increasing sophistication of information technology with its capacity to collect, analyze and disseminate information on individuals has introduced a sense of urgency to the demand for legislation In our modern digital age, beside big data and AI, IoT also increasingly pose privacy dilemmas Philip N Howard, a professor and author, writes that the Internet of things offers immense potential for empowering citizens, making government transparent, and broadening information access Howard cautions, however, that privacy threats are enormous, as is the potential for social control and political manipulation718 The U.S National Intelligence Council in an unclassified report maintains that the intelligence community views the Internet of things as a rich source of data719 Chances are big data and the Internet of things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us
As we know, The Right to privacy is a fundamental right, essential to autonomy and the protection of human dignity Otherwise, the development of technology in digital age makes our lives better and improves society but it also poses incredibly complex risks to privacy Technology is developing exponentially and the number of internet users is increasing every passed minutes The privacy of millions of people can be threatened Meanwhile, in many countries, laws have not kept up with the technology, leaving significant gaps in protections So beside technical means, legal means is so importand and needed to protect privacy and to (re)establish the individuals' control
4 The Right to privacy in VietNam
4.1 Context
The nature of technological advances in the digital age is the remarkable developments of storage technology and sensors which allow collecting great deals of data from the society While petrol or electricity served as power sources to operate machinery achievements in the industrial age, data now can be regarded as ―a power source‖ to operate technological achievements in the digital age Data play the most important and critical roles to all progress made in this age Almost all the new accomplishments of this age, such as Artificial Intelligence, Big data, or Internet of things, make progress based on the collecting and analysing data Despite the mentioned benefits, technologies entail threats when personal data are collected illegally by
718
Liam Tung (13 October 2015), Android security a 'market for lemons' that leaves 87 percent vulnerable, https://www.zdnet.com/article/android-security-a-market-for-lemons-that-leaves-87-percent-insecure/
719 Liu, Ximeng; Yang, Yang; Choo, Kim-Kwang Raymond; Wang, Huaqun (24 September 2018), Security and Privacy
Challenges for Internet-of-Things and Fog Computing, Wireless Communications and Mobile Computing, pp.1–3
Trang 8violating people‘s privacy and are used for nefarious purposes such as manipulating the public Due to these crucial roles, data are gradually becoming a tempting commodity of great values For instance, personal date can be collected, analysed, and utilised in marketing products and services Furthermore, there are governments, like the Chinese one, with coercive apparatus and enormous financial potentials, that desire to manage the society through a social credit system
In Vietnam, there are still not many applications of AI, IoT, or Big data which are closely related to people‘s life However, the trade of personal data has happened effortlessly and publicly with low costs for years Googling ‗buy personal data‘ or ‗customer list‘ reveals many sites and Facebook accounts selling all kinds of personal data such as names, ages, phone numbers, email addresses, occupations, positions, incomes, or even account balances Although the leaking of personal data is a common situation in Vietnam, there have not been any recorded enforcement actions in relation to such leaking With the help of data science, each person‘s information is analysed in order to reveal their tendency of purchasing and consuming goods, which are then applied to commercial activities To interpret the data, AI and Machine Learning are deployed After data being collected, they are processed by some certain AI‘s algorithms to predict if the users want to buy houses or insurance This, superficially, brings about benefits for internet users since AI, with the outstanding ability to analyse data, can make sensible suggestions on concerned fields However, the hidden part of the iceberg, which only a few can be aware of, is the threats of people being watched and robbed of data on the internet
The prevalence of the internet also entails the risks to privacy protection The press violates privacy by publicise information and images of individuals onto the internet Many individuals, especially famous ones, become victims of this sort of violation In reality, there have been many cases with agonising consequences because the children‘s personal information is leaked For example, a 15 years old girl living in Dong Nai, whose sex tape was uploaded onto the internet, was embarrassed, could not stand the pressure by hateful comments of netizens, and finally drank herbicide to kill herself720
In this digital age, apart from the advantages brought about by technological advances, the issues of violating privacy are also more alarming However, in reality, in Vietnam, people‘s awareness of deploying technology to protect their privacy is still poor, which leads to the fact that the risks of their privacy being violated are more impending than ever A consistent and comprehensive legal provision which can keep up with technological advances is really a challenge to lawmakers
4.2 Legal framework
- Privacy stipulated in Vietnamese Constitution
The protection of individuals‘ privacy values has been acknowledged since the foundation of the Democratic Republic of Vietnam, which was clearly stated in Article 11, the 1946 Constitution of the country Although in the 1946 Constitution, only privacy of
720 Thanh Bình (2018), Đau lòng những vụ tự tử vì bị đăng clip lên mạng xã hội, https://baomoi.com/dau-long-nhung-vu-tu-tu-vi-bi-dang-clip-len-mang-xa-hoi/c/25232269.epi
Trang 9correspondence and residence were acknowledged as inviolable, the acknowledgment could be regarded as an innovation with regard to the Government being newly formed and inexperienced The 1959 Constitution (Article 28), The 1980 Constitution (Article 71) and the 1992 Constitution (Article 73) continued protecting the privacy of correspondence and residence more specifically
The 2013 Constitution includes new and important adjustments, the most significant of which being provisions for human rights and citizen rights Together with many other rights, privacy of individuals is extended and embrace more closely the provisions on privacy by the Universal Declaration of Human Rights (Article 12) In comparison with previous Constitutions, the 2013 Constitution‘s Articles 21 and 22 provide some adjustments:
First, for the first time, the Constitution identifies human rights as inherent (not granted by the State or any other subjects), which indirectly admits the roles and the tasks of the State in acknowledging, respecting, protecting, and ensuring human rights as stated in Article 3 and clause 1 Article 14 of the Constitution With the said spirit, regulations to protect individuals‘ private exchange of information in clause 2, Article 21, have partially shown the principle that the State shall not illegally intervene by controlling and confiscating the private information exchanged by individuals
Second, instead of using the word ‗citizen‘ as the subject of privacy like in previous Constitutions, the 2013 Constitution acknowledges that the subject of privacy is ‗everyone‘ The terminology change has reflected the true nature of rights, which are not limited to Vietnamese citizens only, but also offer protection to everybody who has not acquired Vietnamese citizenship but is residing within the territory of the country
Third, the sphere of protected privacy is extended, embracing the privacy ensured by the International Human Rights Law While the 1992 Constitution only established inviolable rights to residence, the 2013 Constitution has acknowledged the inviolable rights to personal privacy, personal secrecy, and familial secrecy of individuals The extension of privacy protecting sphere in the 2013 Constitution is really of great significance, helps avoid the situation where laws are not comprehensive Besides, in addition to the protection of privacy on conventional communications like correspondence, telephone conversations, and telegrams, the 2013 Constitution has also included defence for other forms of exchange of personal information with a view to keeping up with the strong developments of technologies in the digital age
- Privacy in some specialised laws
In 2015, the new Civil Code was passed by the National Assembly and included many amendments, among which were changes to the privacy, which is then different from the one in the 2005 Civil Code Article 38 in the 2015 Civil Code is titled as ‗Right to private life, personal secrets and familial secrets‘, emphasising privacy Regulations on privacy in the 2015 Civil Code is necessary, important, and serves as an example to reflect the viewpoints and qualifications of Vietnam‘s legislative activities Everyone has the rights to be protected against
Trang 10the violation of privacy Human rights are ensured not only when individuals reside within the country‘s territory but when they reside in another country as well The 2015 Civil Code has changed the use of terminologies, deploying ‗Rights to private life‘ instead of ‗Rights to personal secrets‘, and also adding the terms ‗personal secrets‘ as well as ‗familial secrets‘
Privacy values is rather broadly recognized and protected by law Apart from general principles, however, there is no single consolidated law The right to privacy is granted in a number of different laws The laws that apply depend on the nature of the matter For example, respecting the rights of patients, keeping information on health conditions and private life in medical record as secret (as in clause 2, Article 3, the 2009 Law on Medical Examination and treatment), keeping information on organ donors and recipients as secret (clause 4 in Article 4, the 2006 Law on Donation, Removal, and Transplantation of Human Tissues and Organs and Donation and Recovery of Cadavers), ensuring the secrecy of correspondence (clasue 2 in Article 4, the 2010 Postal Law), ensuring the secrecy of information transferred through telecommunication means of all organisations and individuals, not revealing information of individuals using telecommunication services including names, addresses, calling numbers, receiving numbers, location of calling numbers, location of receiving numbers, call logs, and information provided when users sign in the contracts with service providers (clause 3 and 4 in Article 6, the 2009 Law in telecommunications)… These are important legal bases for guaranteeing individuals‘ privacy
The person who reveals others‘ secrets with serious purposes may be help responsible The 2015 Penal Code sets regulations on ‗Act of infringing upon the secrecy or safety of letters, telephone conversations, or telegraphs of other persons‘ in Article 159 Apart from provisions in laws, rights to private life of individuals are also sufficiently established in prosecution laws Articles of these laws stipulate public trials, publicising proof and evidence, however, providing testimonies of witnesses may not be done in order to ensure the reasonable request of protecting their privacy, and closed trials are also conducted for the same reasons
The institutionalisation of the 2013 Constitution‘s regulations on privacy in laws is being implemented through amendment as well as the making of new legal documents Meanwhile, the nonstop development of sciences and technologies in the digital age has rendered remarkable impacts on privacy in Vietnam These impacts are mainly on the privacy of personal data/ information
Articles 21 and 22, the 2006 Law on Information Technology, set requirements for the protection of individuals‘ personal data when collected, analysed, used, and stored on the internet Specifically, the law requires individuals and organisations, when collecting, analysing, using, or revealing personal data of users, must acquire the consent of the individuals and must take measures to ensure the safety of the personal data as well as make sure that the data are used for proper purposes The legislation, however, does not define what qualifies as proper The mentioned provisions of the law prove relatively suitable for three longstanding pillars of information privacy stemming from the OECD Guidelines including Collection