Protection of the right to privacy in the digital age

VIETNAM NATIONAL UNIVERSITY - HANOI SCHOOL OF LAW LÊ TRẦN NHƯ TUYÊN PROTECTION OF THE RIGHT TO PRIVACY IN THE DIGITAL AGE: REFLECTION ON THE VIETNAMESE CONTEXT Specialized: Human Rig

VIETNAM NATIONAL UNIVERSITY - HANOI

SCHOOL OF LAW

LÊ TRẦN NHƯ TUYÊN

PROTECTION OF THE RIGHT TO PRIVACY

IN THE DIGITAL AGE: REFLECTION

ON THE VIETNAMESE CONTEXT

MASTER OF LAW THESIS

HANOI - 2019

VIETNAM NATIONAL UNIVERSITY - HANOI

SCHOOL OF LAW

LÊ TRẦN NHƯ TUYÊN

PROTECTION OF THE RIGHT TO PRIVACY

IN THE DIGITAL AGE: REFLECTION

ON THE VIETNAMESE CONTEXT

Specialized: Human Rights Law

Code: 8380101.07

MASTER OF LAW THESIS

Supervisor: Dr NGUYỄN THỊ THANH HẢI

HANOI - 2019

CONFIRMATION

I assure you this is my own research The data and results presented in this thesis are honest and have not been published by anyone in any previous work or thesis The information referenced in the thesis is fully and carefully cited by the author

MASTER‘S STUDENT

Lê Trần Như Tuyên

ACKNOWLEDGEMENTS

Throughout the writing of this thesis I have received a great deal of support and assistance I would first like to express my deep gratitude to my thesis advisor Dr Nguyễn Thị Thanh Hải of the Ho Chi Minh National Academy of Politics for the useful comments, remarks and engagement through the learning process of this master thesis She consistently allowed this paper to be my own work but steered me in the right the direction whenever she thought I needed it

I would also like to thank to my Master of Human Rights Law lecturers for helped me gain a lot of knowledge in this important field Special thanks are given to the Faculty of law at VNU Hanoi and the Department of Constitutional and Administrative Law for helping me during the course

Finally, I must express my very profound gratitude to my parents and

my friends for providing me with unfailing support and continuous encouragement throughout my years of study and through the process of researching and writing this thesis This accomplishment would not have been possible without them

Thank you

Hanoi, August 18, 2019

Lê Trần Như Tuyên

TABLE OF CONTENTS

INTRODUCTION 1

Chapter 1: OVERVIEW OF THE DIGITAL AGE AND THE RIGHT TO PRIVACY 7 1.1 The Digital Age 7

1.2 The Right to privacy 14

1.2.1 History 15

1.2.2 Concepts 17

1.2.3 Right to privacy in the International Human Rights Law 23

1.3 The need for legislation of privacy in Digital Age 30

1.4 Right to privacy laws in other countries 39

1.4.1 European 39

1.4.2 The United States data privacy 44

Chapter 2: THE RIGHT TO PRIVACY IN DIGITAL AGE IN VIETNAM 49

2.1 The impacts of Digital Age on privacy in Vietnam 49

2.2 Legal framework on privacy in Digital Age 57

2.2.1 Privacy stipulated in Vietnamese Constitution 57

2.2.2 Privacy in some specialised laws 59

Chapter 3: DISCUSSION 72

3.1 Discussion on the challenges and gaps of the protection of the right to privacy in Vietnam 72

3.1.1 Conceptual challenges 72

3.1.2 Political challenges 73

3.1.3 Social and cultural challenges 75

3.1.2 Legal challenges 76

3.2 Recommendations 82

CONCLUSION 89

REFERENCES 91

INTRODUCTION

1 The rationale

The Right to privacy (also known as Privacy) is a fundamental human right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built The modern privacy benchmark at an international level can be found in the 1948 Universal Declaration of Human Rights, which specifically protected territorial and communications privacy Other international human rights instruments contain similar provisions

According to opinion polls, concern over privacy violations is now greater than at any time in recent history [38] The world is in the Digital Age,

no countries in the world could avoid the powerful impacts exerted by innovative scientific achievements of the age The technology achievements bring about modern and convenient life, boost economic growth, encourage the developments of medicine, education, and many other fields However, the downside of this miraculous leap is that humans have to face challenges of their rights, including privacy, being violated In the Digital Age, the aspect of information/data privacy in privacy is the most vulnerable one Meanwhile, in many countries, laws have not kept up with the technology, leaving significant gaps in privacy protections

Vietnam is in the period of internationally integrating in many fields, actively observing, and renovating updated technologies for the economic development and people‘s wellbeing New technologies such as AI, Big Data, and IoT, on the one hand, bring about great opportunities, but on the other hand, entails threats of violating personal privacy In Vietnam, the trade of personal data has happened effortlessly and publicly with low costs for years Although the leaking of personal data is a common situation in Vietnam, there

have not been any recorded enforcement actions in relation to such leaking In reality, in Vietnam, people‘s awareness of deploying technology to protect their privacy is still poor, which leads to the fact that the risks of their privacy being violated are more impending than ever

The problem of violating privacy in Vietnam is increasingly serious and complicated, especially with the help of new technologies Meanwhile, the active roles of the State in carrying out the tasks of respecting, protecting, and promoting privacy have not received adequate attentions Together with the Constitution, the legal system in Vietnam, in general, has set up a fundamental basis for the protection of individuals‘ privacy values through laws on certain fields Nevertheless, these provisions mostly are about protecting privacy in general life Some specialised laws have introduced some provisions, mostly in form of general principles which are not specific enough, to especially protect individuals‘ personal information in the internet

or the digital world The issue shows that Vietnam‘s legal frame on protecting personal information on the internet and the digital world is weak Hence, to integrate with international policies in the Digital Age, it is high time for Vietnam to adopt necessary and significant changes to keep in track with the era‘s trends

On a global scale, ensuring privacy and protecting data secrecy and personal information in the Digital Age is a huge concern But the term

―privacy‖, especially the data privacy in the Digital Age, is relatively new in Vietnam There are not many discussions and not much study on privacy, nor

is there a consistent definition of ―privacy‖ in Vietnam It is important to clarify the definition of privacy, the influence of digital technology on privacy, the need for modify provisions on data privacy in specialised laws and formulate a comprehensive law on privacy and data protection These

points need to be analyzed from the theory, context and legal practice to provide information and social critics to identify fruitful avenues for future privacy in the Digital Age

Therefore, in the framework of the master‘s thesis in the Law of

Human Rights, the writer decided to choose topic ―Protection of the Right to

Privacy in the Digital Age: Reflection on the Vietnamese Context‖

2 Research Situation

In recent years, there have been many projects and research work on privacy which have been carried out under different angles and in different areas, such as:

In Vietnam:

- Lê Đình Nghị (2009), PhD law thesis ―Quyền bí mật đời tư theo quy

định của pháp luật Việt Nam‖, Hanoi Law University

- Thái Thị Tuyết Dung (2012), Monograph ―Quyền tiếp cận thông tin

và quyền riêng tư ở Việt Nam và một số quốc gia‖, Vietnam National University - Ho Chi Minh City press

- Nguyễn Thị Ánh Hồng (2014), Research topic ―Bảo vệ quyền đảm bảo bí mật, an toàn thư tín, điện thoại, điện tín của công dân trong pháp luật quốc tế và pháp luật Việt Nam‖, Legal Science Journal 2/2014, p 51

- Nguyễn Thị Huyền Trang (2014), Master‘s thesis ―Quyền được bảo

vệ đời tư trong pháp luật quốc tế và pháp luật Việt Nam‖, School of law – VNU Hanoi

- Lê Văn Sua (2016), Research topic ―Quyền bí mật đời tư cần được hướng dẫn cụ thể‖, Vietnam Lawyers magazine 5/2016, p 27

- Hoàng Lê Minh (2016), Master‘s thesis ―Quyền bí mật đời tư trong Hiến pháp năm 2013 và thực tiễn tại Việt Nam‖, Hanoi Law University

- Vũ Công Giao, Phạm Thị Hậu (2017), Research topic ―Pháp luật bảo

vệ quyền bí mật dữ liệu cá nhân trên thế giới và Việt Nam‖, State and Law Review 2/2017, p 67

- School of law – VNU Hanoi (2018), Monograph ―Quyền về sự riêng tư‖, National political publishing house, Hanoi

In other countries:

- Bratman B E (2002), Research topic ―Brandeis and Warren‘s the

Right to Privacy and the Birth of the Right to Privacy”, Tennessee Law Review, Vol 69, p 344

- Solove D J (2002), Research topic ―Conceptualizing privacy‖, California Law Review, Vol 90, No 4, p 1094

- Solove D J (2011), Monograph ―Nothing to Hide: The False

Trade-off between Privacy and Security‖, New Haven & London, Yale University

Press

- Liu, Ximeng; Yang, Yang; Choo, Kim-Kwang Raymond; Wang, Huaqun (2018), Research topic ―Security and Privacy Challenges for Internet-of-Things and Fog Computing‖, Wireless Communications and Mobile

Computing journal 24 September 2018, p 1–3

These studies have provided great knowledge and information about the theory, the position and role of law in the protection of privacy in Vietnam

in general, as well as preliminary references to the privacy, but until now, there are not many work or study specifically on privacy and data privacy in the Digital Age Therefore, this is a systematic research and in-depth practice

of privacy - reflection on the Vietnamese context to propose orientation and solutions to ensure the right to privacy in modern world

3 The Purpose and Mission of the Study

3.1 The Purpose

This project aims to better understand privacy in the Digital Age and assess the actual situation of the application of this right in Vietnam Based on such theories and practices, the thesis proposes solutions and recommendations to ensure human rights in general and customary privacy in particular in the coming time

- Analysis of the context and the legal situation of privacy in digital in Vietnam

- Propose the orientations, solutions and recommendations to guarantee implementation of privacy in the future

4 Subject and Scope of the Study

Study on the impact of Digital Age in Vietnam on privacy and privacy according to the current laws, including the 2013 Constitution, The 2015 Civil Code and some specialised laws on privacy Provide an overview of protecting privacy in Digital Age and propose the recommendations to protect the right to privacy in Vietnam

5 Methodology and research methods

The thesis applies an methodology in combination with method of analyzing, synthesizing, comparing documents, which attaches the importance

to the summarization of context and laws on privacy, and at the same time,

inherits the results of the works of the earlier authors to clarify the objectives and tasks of the thesis

6 Scientific and practical significance of the thesis

The first step is to understand basic theoretical issues of the privacy and the importance of protecting privacy in the Digital Age

Secondly, analyzing the impacts on privacy of digital and the need for legislation of privacy in Digital Age

Thirdly, clarify the current situation of privacy and some urgent issues

in the implementation of protecting the right to privacy under Vietnamese Laws

Finally, attempts to find some suitable and feasible orientations and solutions to contribute to protecting the right to privacy in a more effective way

The result of this study will provide scientific arguments on the right to privacy to contribute to protecting this right in accordance with the laws in new era

7 Thesis structure

In addition to the Introduction, Conclusion and List of References, the main content of this thesis consists of three chapters:

Chapter 1: Overview of the Digital Age and the Right to Privacy

Chapter 2: The Right to Privacy in Digital Age in Vietnam

Chapter 3: Discussion

Chapter 1: OVERVIEW OF THE DIGITAL AGE AND THE RIGHT TO PRIVACY

The world is changing and changing fast The concept of privacy is also changing due to the development of digital technology This chapter presents the most general overview of Digital Age, the Right to Privacy and International law and some national law on privacy, thereby pointing out the need for legislation of protecting privacy before the impacts of new technology

1.1 The Digital Age

Today, people are living in the Digital Age The growth of digital has opened up a new era of science and technology development, contributing to the promoting the fourth industrial revolution (4IR)

Up until now, the mankind has experienced three major industrial revolutions The first industrial revolution which took place in the late eighteenth century and the early nineteenth century is characterized by the use

of water energy, steam and mechanization of production This revolution opened the new era of mechanical production as well as mechanization for the human beings This was followed by the second industrial revolution that happened during the latter half of the nineteenth century and early twentieth century, when the electric motor, electronics, radio waves and radioactive substances brought civilization as the productivity increased substantially compared with that produced by the steam engine The media such as telegraph and telephone was invented in 1880 and immediately, telephone was used around the world to keep in touch with others, the early twentieth century witnessed a new power engineering field: the electronics and electronic industry which opened a new era of electrification enabling the development of other industries such as metallurgy, machine building,

shipbuilding, military industry, transportation and chemical industry The Third Industrial Revolution, also known as the Digital Revolution, began between the late 1950‘s and 1970‘s It is the development of technology from mechanical and analog to digital The introduction of digital technology also changed the way humans communicates, now via computers, cell phones, and the internet This revolution led way to the Digital Age [3]

The Digital Age is coupled tightly with the advent of personal computers, but many computer historians trace its beginnings to the work of the American mathematician Claude E Shannon In 1948, at age 32 and as a researcher at Bell Laboratories, Shannon published a landmark paper proposing, entitled ―A mathematical theory of communication‖ that information can be quantitatively encoded as a series of ones and zeroes [22,

p 261] Known as the ―father of Information Theory‖ [21, p 16–17], Shannon showed how all information media, from telephone signals to radio waves to television, could be transmitted without error using this single framework

Advances in communication technologies, devices connected to the internet and data analytics are occurring at a much quicker pace than at any other time in history As a result, many believe we are now living through a fourth industrial revolution, referred to as ―industry 4.0‖ [36]

In short, The Digital Age (also known as the Computer Age, Information Age, or New Media Age) is a historic period in the 21st century characterized by the rapid shift from traditional industry that the Industrial Revolution brought through industrialization, to an economy based on information technology The technological advancements in Digital Age impact not only economic but many other sides of society It creates a knowledge-based society surrounded by high technology Besides the

fundamental role of the Internet, the focal point of the Digital Age is now the Artificial Intelligence (AI), the Internet of Things (IoT), Big Data and so on

1) Artificial intelligence

Artificial Intelligence at its most simple, is a sub-field of computer science with the goal of creating programs that can perform tasks generally performed by humans These tasks can be considered intelligent, and include visual and audio perception, learning and adapting, reasoning, pattern recognition and decision-making [32, p 3] ―AI‖ is often used as an umbrella term to describe a collection of related techniques and technologies including machine learning, predictive analytics, natural language processing and robotics

The first work that is now generally recognized as AI was McCullouch and Pitts‘ 1943 formal design for Turing-complete ―artificial neurons‖ [37, p 16] The field of AI research was born at a workshop at Dartmouth College in

1956

AI is relevant to any intellectual task Modern artificial intelligence techniques are pervasive in many areas as Healthcare, Automotive, Education, Finance and economics, Law, Military, Advertising, Art…

During the history of 60 years of artificial intelligence development and machine learning, in order that the machine can self-study to improve the capacity, machine learning is the most vibrant sector Machine learning is a computer science technique that allows computers to ―learn‖ on their own It has dynamic ability to modify itself when exposed to more data Through ingesting data, the machine is training itself by developing its own logic according to the data it has analysed

Recently, with the explosion of data and the results of digitizing and connecting to the internet in many places, science data with the focus of data analysis based on machine learning and statistics, is becoming the foundation

of the 4IR However, the ability to analyze and handle the data volumes

automatically in any explosively informative environment may lead to the risk

of using illegal data which violates the intellectual property rights as well as the right of personal privacy if it is not control properly Considering the ethics of technology and solving the privacy challenges will be essential to the long-term success of AI A balance between technological innovation and privacy considerations will promote the development of socially responsible

AI that can assist in the creation of public value in the long term

2) The Internet of things

The Internet of things is the extension of Internet connectivity into physical devices and everyday objects Embedded with electronics, Internet connectivity, and other forms of hardware (such as sensors), these devices can communicate and interact with others over the Internet, and they can be remotely monitored and controlled [9] The definition of the Internet of things has evolved due to the convergence of multiple technologies, real-time analytics, machine learning, commodity sensors, and embedded systems Traditional fields of embedded systems, wireless sensor networks, control systems, automation (including home and building automation), and others all contribute to enabling the Internet of things

The concept of a network of smart devices was discussed as early as

1982, with a modified Coke vending machine at Carnegie Mellon University becoming the first Internet-connected appliance, able to report its inventory and whether newly loaded drinks were cold or not The term ―Internet of things‖ was likely coined by Kevin Ashton of Procter & Gamble, later MIT's Auto-ID Center, in 1999, though he prefers the phrase ―Internet for things‖

The Internet of things includes the peak of wireless technology, electrical mechanical system (MEMS), microservice and the Internet The

micro-extensive set of applications for IoT devices is often divided into consumer, commercial, industrial, and infrastructure spaces

One of the key factors that make up the IoT is the access and process of data, the fact that organizations and individuals collect and store data from multiple sources can lead to security vulnerabilities as well as infringe the privacy rights The IoT concept has faced prominent criticism, especially in regard to privacy and security concerns related to these devices and their intention of pervasive presence

3) Big Data

The term ―Big data‖ has been in use since the 1990s, with some giving credit to John Mashey for popularizing the term [42] Big data usually includes data sets with sizes beyond the ability of commonly used software tools to capture, curate, manage, and process data within a tolerable elapsed time Big data requires a set of techniques and technologies with new forms of integration to reveal insights from datasets that are diverse, complex, and of a massive scale

In summary, ―Big data‖ is a field that treats ways to analyze, systematically extract information from, or otherwise deal with data sets that are too large or complex to be dealt with by traditional data-processing application software [8, p 61–65]

Big data challenges include capturing data, data storage, data analysis, search, sharing, transfer, visualization, querying, updating, information privacy and data source Data sets grow rapidly- in part because they are increasingly gathered by cheap and numerous information - sensing Internet

of things devices such as mobile devices, aerial (remote sensing), software logs, cameras, microphones, radio -frequency identification (RFID) readers and wireless sensor networks

Research on the effective usage of information and communication technologies for development (also known as ICT4D) suggests that big data technology can make important contributions but also present unique challenges to International development [50] Advancements in big data analysis offer cost – effective opportunities to improve decision - making in critical development areas such as health care, employment, economic productivity, crime, security, agriculture and natural disaster and resource management Additionally, user -generated data offers new opportunities to give the unheard a voice However, longstanding challenges for developing regions such as inadequate technological infrastructure and economic and human resource scarcity exacerbate existing concerns with big data such as privacy, imperfect methodology, and interoperability issues

There is no doubt that the Digital Age is the era of significant scientific and technical development, enable the mankind to put a big step forward However, we should also be aware of the challenges in this era, especially the difficulties in protecting human rights in general and the privacy rights in particular

1.2 The Right to privacy

The Right to privacy (also known as Privacy) is a fundamental human right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are recognized

The Right to privacy enables us to create barriers and manage boundaries to protect ourselves from unwarranted interference in our lives, which allows us to negotiate who we are and how we want to interact with the world around us The Right to privacy helps us establish boundaries to limit who has access to our bodies, places and things, as well as our communications and our information The right to privacy gives every person the ability to protect themselves in difficult situations, especially in relation to powerful people or organizations

The rules of privacy give us the ability to assert our rights in the face of significant power imbalances As a result, privacy is an essential way we seek

to protect ourselves against arbitrary and unjustified use of power, by reducing what can be known about us and done to us, while protecting us from others who may wish to exert control

Privacy is essential to who we are as human beings, and we make decisions about it every single day It gives us a space to be ourselves without judgement, allows us to think freely without discrimination, and is an important element of giving us control over who knows what about us

To society, protecting privacy is also about creating and protecting the foundation of the community A community cannot exist if its members are not protected from the infringement of privacy in particular and of human rights in general Protecting the privacy of each person contributes to ensuring the democracy, civilization and stable development of the society The right

to privacy has become one of the most important human rights issues of the modern age

1.2.1 History

In spite of the fact that privacy only became a generally accepted right

in the 19th-20th century, privacy had existed long before this era Privacy has roots deep in history, it has its origins already in the ancient societies Even the Bible has some passages where the violation of privacy appeared in its early form [34] From a legal point of view, the Code of Hammurabi contained a paragraph against the intrusion into someone‘s home, or the Roman law also regulated the same question [41, p 4] These protections mostly focused on the right to solitude The idea of privacy traditionally comes from the difference between ―private‖ and ―public‖, which distinction comes from the natural need of the individual to make a distinction between himself/herself and the outer world The limits between private and public differ according to the given era and society, which will cause the on-going change throughout history of what people consider private

In the ancient societies people had a relatively limited possibility for self-determination as their (private) lives were strongly influenced by the state Plato illustrates this phenomenon in his dialogue the Laws, where the complete life of the individual was determined by the state and its aims, there was no place for individual freedom and autonomy Thus, the book describes

a very extreme state (which in totality was never realised), some elements of

it came true in ancient societies, and the life of the individual was strongly influenced by the public interests In the Medieval Age there was no privacy

as a societal value in today‘s sense, the individual existed as a member of a community, so his/her private life was affected by the constant ―monitoring‖ conducted by other members [1, p.257]

The appearance of ―real‖ privacy relates to the transformation of these small communities: the appearance of cities During the 19th century the new changes in the economy and in the society led to the transformation of the way people lived and these new changes had consequences for privacy too, as physical and mental privacy were separated and started to evolve in two different ways Due to urbanization, the population of cities started to grow, and it led to the physical loss of privacy as people in cities had to live in crowded places On the other hand, citizens could experience a new ―type‖ of privacy, as they ceased to live under the always watching eyes of their village neighbours and the constant moral control set up by them Another very important change was the appearance and growth of (tabloid) newspapers, which were a fertile area for gossip and photojournalism [7, p 344] It was Samuel D Warren and Louis D Brandeis who first recognized the threats to privacy caused by the technological and societal developments in their famous article The Right to Privacy in 1890 In this paper the authors argued that as political, social and economic changes occur in the society, the law has

to evolve and create new rights in order to ―meet the demand of society‖ and ensure the full protection of the person and the property [53, p 193] They recognized two phenomena that posed a threat to privacy: technological development (namely instantaneous photographs) and gossip, which became a trade in newspapers Considering these changes, they were the first to demand the recognition of the right to privacy (which they defined as ―the right to be let alone‖) as a separate and general right Although this early vague legal concept did not describe privacy in a way that made it easy to design broad legal protections of privacy, it strengthened the notion of privacy rights for individuals, basically ensured protection against the unwanted disclosure of private facts, thoughts, emotions, etc and began a legacy of discussion on

those rights In 1967 a new milestone was reached with the publication of Alan Westin‘s Privacy and Freedom when he defined privacy in terms of self-determination: privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others [54, p 7] Since then, the right to privacy has become widely known and acknowledged, started to evolve and became a fundamental human right in occidental societies

1.2.2 Concepts

Privacy is a noun in the common language only originally means the state or condition of being free from being observed or disturbed by other people Privacy has been legalized and became a right (The Right to Privacy) Today, the term Privacy is understood by default to be a legally recognized right

Despite the fact that the claim for privacy in universal, there was no universal definition of privacy could be created The boundaries and content

of what is considered private differ among cultures and individuals but share common themes

There are many different ways privacy can be interpreted, and many aspects of privacy exist As already presented, Warren and Brande are defined privacy as ―the right to be let alone‖ and Westin defined privacy as ―the claim

of an individual to determine what information about himself or herself should be known to others‖ According to Israel law professor Ruth Gavison

―our interest in privacy [ ] is related to our concern over our accessibility to others: the extent to which we are known to others, the extent to which others have physical access to us, and the extent to which we are the subject of others‘ attention‖ [16, p 423] American jurist and economist Richard Posner avoid giving a definition but states ―that one aspect of privacy is the

withholding or concealment of information‖ [33, p 393] American Edward Bloustein argued that intrusion into privacy has a close connection with personhood, individuality and human dignity [6, p 973-974] Máté Dániel Szabó, Hungarian jurist argued that ―privacy is the right of the individual to decide about himself/herself‖ Vietnamese professor Dr.Nguyễn Đăng Dung defined privacy as the right of the individual to be protected from any nosiness, ensuring that their action or secrecy is not exposed to the public [57,

tr 34]

All these definitions state something very important about what we should consider private But there is a problem with all these definitions, their scope is either too narrow or too broad These authors use a traditional method of conceptualizing privacy, and as a result their definitions only highlight either some aspects of privacy, or they are too broad and do not give

an exact view on the elements of privacy So, Daniel Solove created six categories for these definitions according to which privacy is: (1) the right to

be let alone, (2) limited access to the self, (3) secrecy, (4) control of personal information, (5) personhood and (6) intimacy [40, p 1094]

The right to be let alone is the right of a person to choose seclusion from the attention of others if they wish to do so, and the right to be immune from scrutiny or being observed in private settings, such as one's own home

Limited access to the self refers to a person's ability to participate in society without having other individuals and organizations collect information about them Various theorists have imagined privacy as a system for limiting access to one's personal information Edwin Lawrence Godkin wrote in the late 19th century that ―nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, and to decide for himself to what extent they shall be the subject of public

observation and discussion‖ [19, p 729–39] Sissela Bok also said that

privacy is ―the condition of being protected from unwanted access by others—either physical access, personal information, or attention‖ [4, pp 10–11]

Privacy is sometimes defined as an option to have secrecy In various legal contexts, when privacy is described as secrecy, a conclusion if privacy is secrecy then rights to privacy do not apply for any information which is already publicly disclosed When privacy-as-secrecy is discussed, it is usually imagined to be a selective kind of secrecy in which individuals keep some information secret and private while they choose to make other information public and not private

Control of personal information is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others Charles Fried said that

―Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves Nevertheless, in the era of big data, control over information is under pressure‖ [5]

Privacy may be understood as a necessary precondition for the development and preservation of personhood Jeffrey Reiman defined privacy

in terms of a recognition of one's ownership of his or her physical and mental reality and a moral right to his or her self-determination

The intimacy theory imagines privacy to be an essential part of the way that humans have strengthened or intimate relationships with other humans Because part of human relationships includes individuals volunteering to self-disclose some information, but with holding other information, there is a

concept of privacy as a part of the process by means of which humans establish relationships with each other

Solove‘s categories can be understood as the main elements when it comes to the content of privacy In my view privacy is the right of the individual to be let alone, limited access to the self, secrecy, control of personal information, personhood and human intimacy

Privacy protection is frequently seen as a way of drawing the line at how far society can intrude into a person's affairs The Global Internet Liberty Campaign published a report in 2004, entitled ―privacy and human right An International Survey of Privacy Laws and Practice‖ that provides details of the state of privacy in fifty countries from around the world According to the report privacy can be divided into the following facets [18]:

1) Information Privacy, which involves the establishment of rules governing the collection and handling of personal data such as credit information and medical records;

2) Bodily privacy, which concerns the protection of people's physical selves against invasive procedures such as drug testing and cavity searches;

3) Privacy of communications, which covers the security and privacy of mail, telephones, email and other forms of communication; and

4) Territorial privacy, which concerns the setting of limits on intrusion into the domestic and other environments such as the workplace or public space

According to the International Human Rights Law, right to privacy is a fundamental right but not an absolute human right Every person to be protected against arbitrary or unlawful interference whether they emanate from State authorities or from natural or legal persons But as all persons live

in society, the protection of privacy is necessarily relative However, the competent public authorities should only be able to call for such information relating to an individual‘s private life the knowledge of which is essential in the interests of society Privacy underpins human dignity and other key values such as freedom of association and freedom of speech

The nature of technological advances in the digital age is the remarkable developments of storage technology and sensors which allow collecting great deals of data from the society While petrol or electricity served as power sources to operate machinery achievements in the industrial age, data now can be regarded as ―a power source‖ to operate technological achievements in the digital age Data play the most important and critical roles to all progress made in this age Almost all the new accomplishments of this age, such as Artificial Intelligence, Big data, or Internet of things, make progress based on the collecting and analysing data In medicine, for example, data gathered via sensors all over the body are linked to build a data library, which can be used by AI to prognosticate strokes and abnormal medical conditions, or can be analysed by Big data to make up the most appropriate prescriptions for patients

Despite the mentioned benefits, technologies entail threats when personal data are collected illegally by violating people‘s privacy and are used for nefarious purposes such as manipulating the public Due to these crucial roles, data are gradually becoming a tempting commodity of great values In many cases, people steal others‘ personal data regardless of their privacy Sciences, whose initial purposes are to promote liberal and humane values, can now be improperly employed and put human rights under the threats of being violated For instance, personal date can be collected, analysed, and utilised in marketing products and services As technologies continue to

develop, conceptualisations of privacy have developed alongside them Privacy concerns are nowadays focused to lies mainly on users‘ control of their personal information/data

Attorney Daniel J Solove wrote extensively on the topic in ―A Taxonomy of Privacy‖ He lists four general categories of privacy-harming activities: information collection, information processing, information dissemination, and invasion He then subdivides each of these categories, creating an impressive taxonomy of no less than 16 ways that privacy can be breached

Information Collection addresses how data is acquired, either through

―surveillance‖ (where someone is watched) or ―interrogation‖ (where someone is questioned)

Information Processing talks about what someone does once they‘ve acquired that data It includes ―aggregation‖ (where data is combined),

―identification‖ (where data is connected to an individual), ―secondary use‖ (where data is used for a reason other than was intended), ―exclusion‖ (where data isn‘t revealed to the person it was collected from), and ―insecurity‖ (where data is leaked)

Information Dissemination discusses activities that release information

It includes ―breach of confidentiality‖ (where a privacy promise is broken),

―disclosure‖ (where true data is released), ―distortion‖ (where false or misleading data is released), ―exposure‖ (where nudity or other intimate data

is released), ―increased accessibility‖ (where the availability of data is amplified), ―blackmail‖ (where the release of data is threatened), and

―appropriation‖ (where an identity is stolen)

Finally, Invasion focuses on attacks upon private affairs rather than activities regarding data It includes ―intrusion‖ (where personal privacy is

violated) and ―decisional interference‖ (where one‘s right to make decisions is impacted)

The challenge of data privacy is to use data while protecting an individual‘s privacy preferences and their personally identifiable information

1.2.3 Right to privacy in the International Human Rights Law

The law of privacy can be traced as far back as 1361, when the Justices

of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers [23, p 15] Various countries developed specific protections for privacy in the centuries that followed In 1776, the Swedish Parliament enacted the "Access to Public Records Act" which required that all government-held information be used for legitimate purposes In 1792, the Declaration of the Rights of Man and the Citizen declared that private property is inviolable and sacred France prohibited the publication of private facts and set stiff fines in 1858 [49]

The modern privacy benchmark at an international level can be found

in the 1948 Universal Declaration of Human Rights, which specifically protected territorial and communications privacy Article 12 states: ―No-one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation Everyone has the right to the protection of the law against such interferences or attacks‖ According to Article 12 of the UDHR, it can be seen that the connotation of private life‘s values needs protecting, not only those of each individual but also of their families, residence, and correspondence, but also those of dignity and personal credit Although the qualities of private life‘s values are not fully conveyed in international laws, their interpretations are relatively specific and detailed This makes it easier for countries to make use of the definitions and put them into their laws instead of ―devising‖ the values themselves

Numerous international human rights covenants give specific reference to privacy as a right:

The International Covenant on Civil and Political Rights (ICCPR), Article 17: (1) No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation;

The UN Convention on Migrant Workers, Article 14: (1) No migrant

worker or member of his or her family shall be subjected to arbitrary or unlawful interference with his or her privacy, family, correspondence or other communications, or to unlawful attacks on his or her honour and reputation Each migrant worker and member of his or her family shall have the right to the protection of the law against such interference or attacks;

The United Nations Convention on the Rights of the Child, Article 16: (1) No child shall be subjected to arbitrary or unlawful interference with his

or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation

Convention on the Rights of Persons with Disabilities, Article 22 Respect for privacy: (1) No person with disabilities, regardless of place of residence or living arrangements, shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence or other types of communication or to unlawful attacks on his or her honour and reputation Persons with disabilities have the right to the protection of the law against such interference or attacks

Through the provisions and definitions of the rights to protection of private life, the International Human Rights Law mainly focuses on the duties

of governments in protecting privacy with laws When the law‘s birth context

is taken into consideration, the reasons for acknowledging the protection of

private life were ―the increasing danger level of interventions‖ and ―intricate interventions via the development of technologies‖ (such as electronic surveillance by state agencies) Therefore, limiting the arbitrary interventions

of states into private life of residents is important

The emphasis on the protecting roles of laws, though suitable with the International Human Rights Law, unintentionally eclipses individuals‘ duties

to protect their own private life, which normally is more effective than relying

on the help by states since the application of laws, in general, needs to go through certain procedures that may slow down the restoration of the violated private life‘s values

On the regional level, these rights are becoming enforceable The 1950 Convention for the Protection of Human Rights and Fundamental Freedoms [11], Article 8 states:

(1) Everyone has the right to respect for his private and family life, his home and his correspondence

(2) There shall be no interference by a public authority with the exercise of this right except as in accordance with the law and is necessary in

a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others

The Convention created the European Commission of Human Rights and the European Court of Human Rights to oversee enforcement Both have been particularly active in the enforcement of privacy rights and have consistently viewed Article‘s protections expansively and the restrictions narrowly [29] The Commission found in its first decision on privacy:

For numerous Anglo-Saxon and French authors, the right to respect

―private life‖ is the right to privacy, the right to live, as far as one wish, protected from publicity In the opinion of the Commission, however, the right to respect for private life does not end there It comprises also, to a certain degree, the right to establish and develop relationships with other human beings, especially in the emotional field for the development and fulfilment of one is own personality [56]

The Court has reviewed member states‘ laws and imposed sanctions on several countries for failing to regulate wiretapping by governments and private individuals [14] It has also reviewed cases of individuals access to their personal information in government files to ensure that adequate procedures were implemented [25]

Article 11 of the American Convention on Human Rights sets out the right to privacy in terms similar to the Universal Declaration [38] In 1965, the Organization for American States proclaimed the American Declaration of the Rights and Duties of Man, which called for the protection of numerous human rights including privacy [30] The Inter-American Court of Human Rights has also begun to address privacy issues in its cases African Charter

on the Rights and Welfare of the Child also has an article about protection of Privacy: ―No child shall be subject to arbitrary or unlawful interference with his privacy, family home or correspondence, or to the attacks upon his honour

or reputation, provided that parents or legal guardians shall have the right to exercise reasonable supervision over the conduct of their children The child has the right to the protection of the law against such interference or attacks‖ [2, Article 10]

Arab charter on human rights article 17 states: ―Privacy shall be inviolable, and any infringement thereof shall constitute an offence This

privacy includes private family affairs, the inviolability of the home and the confidentiality of correspondence and other private means of communication‖ According to ASEAN human rights declaration article 21, every person has the right to be free from arbitrary interference with his or her privacy, family, home or correspondence including personal data, or to attacks upon that person‘s honour and reputation Every person has the right

to the protection of the law against such interference or attacks The Right to privacy is also recognized in the many other international and regional treaties Protection of privacy rights including privacy, family, home, correspondence, honour and reputation

CCPR General Comment No 16 of UN Human Rights Committee (HRC) explains some aspects of article 17 about right to privacy In the view

of the Committee this right is required to be guaranteed against all such interferences and attacks whether they emanate from State authorities or from natural or legal persons The obligations imposed by this article require the State to adopt legislative and other measures to give effect to the prohibition against such interferences and attacks as well as to the protection of this right There is no interference can take place except in cases envisaged by the law General comment number 16 also defines ―illegal intervention‖ and

―Arbitrary intervention‖ into the rights to private life of others Accordingly,

―illegal intervention‖ is the intervention not based on any legal provisions which are made suitable for regulations and purposes of ICCPR On a higher degree of violation, the term ―arbitrary intervention‖ refers to the intervention which, though based on legal provisions, is not appropriate or inconsistent

with regulations and purposes of ICCPR

Interest in the right of privacy increased in the 1960s and 1970s with the advent of information technology The surveillance potential of powerful

computer systems prompted demands for specific rules governing the collection and handling of personal information, two crucial international instruments evolved The Council of Europe‘s 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data [10] and the Organization for Economic Co-operation and Development‘s (OECD) Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data [31] articulate specific rules covering the handling of electronic data The rules within these two documents form the core of the Data Protection laws of dozens of countries These rules describe personal information as data which are afforded protection at every step from collection through to storage and dissemination The right of people to access and amend their data is a primary component of these rules

The expression of data protection in various declarations and laws varies only by degrees All require that personal information must be:

1) Obtained fairly and lawfully;

2) Used only for the original specified purpose;

3) Adequate, relevant and not excessive to purpose;

4) Accurate and up to date; and

5) Destroyed after its purpose is completed

These two agreements have had a profound effect on the adoption of laws around the world Over twenty countries have adopted the Council of Europe‘s convention and another six have signed it but have not yet adopted it into law The OECD guidelines have also been widely used in national legislation, even outside the OECD countries

Because of its importance and essentiality, privacy is recognized in the

UN Declaration of Human Rights, the International Covenant on Civil and

Political Rights and in many other international and regional treaties However, these provisions mostly are about protecting privacy in general life The connotation of privacy is not fully conveyed in current international laws

In this context of the current digital technology development, international laws on privacy have not kept up with the technology and make it more difficult to protect privacy in the digital age In fact, there is currently no international treaty to protect privacy in Digital Age, especially data privacy Two Data Protection instruments (the Council of Europe‘s 1981 Convention and the OECD) just can only take influence in the region or just a non-binding guideline

Privacy is a basic human right and the reasonable expectation of every person With technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged As the technology gets more sophisticated, so do the uses of data And that leaves every facing an incredibly complex risks for ensuring that personal information is protected

1.3 The need for legislation of privacy in Digital Age

Without question, the Digital Age has resulted in broad social impacts and widespread lifestyle changes It has increased and improved the ability to communicate and find important information Additionally, it has made globalization possible which has, in turn, resulted in more effective and efficient business productivity But Digital Age may has decreased personal privacy Digital is a double-edged sword On the one hand, it makes our lives better and improves society, but on the other, it is used to spy on our every move ―Government and businesses are becoming ‗digital-by-default‘ in their service provision‖ [28]

Theoretical and legal conversations about the relationship between technology and privacy date back to the 1890s As technologies continue to develop, conceptualisations of privacy have developed alongside The Digital Age began in earnest with the widespread use of the Internet [52, p 41] and

no technology has reached more people in as short a space of time as the Internet — and it has not finished yet [35] The internet is one of the areas in which informational privacy, the protection of personal information, has become crucial Internet users do ―not want to be left alone‖; they want to partake in the offerings of the internet and participate in what has become one

of their most important social spheres Privacy concerns are nowadays focused to a large extent on the information we share or generate on the internet, often publicly, rather than what we wish to conceal within the private confines of our homes The notion of privacy has adapted to those changing circumstances and today the focus lies mainly on users‘ control of their personal information/data

According to opinion polls, concern over privacy violations is now greater than at any time in recent history [39, p 143] The Boston Consulting

Group found that for 75% of consumers in most countries, privacy of personal information remains a top issue, and that people aged 18-24 are only slightly less cautious than older generations [24] Human rights groups are concerned that much of technology is being exported to developing countries which lack adequate protections Currently, there are few barriers to the trade in surveillance technologies while AI technology is growing up every day

There are three longstanding pillars of information privacy stemming from the OECD Guidelines are:

1) Collection limitation: collection of personal information should

be limited to only what is necessary; personal information should only be collected by lawful and fair means; and where appropriate, should be collected with the knowledge and/or consent of the individual

2) Purpose specification: the purpose of collecting personal information should be specified to the individual at the time of collection

3) Use limitation: personal information should only be used or disclosed for the purpose for which it was collected, unless there is consent or legal authority to do otherwise

The underlying goal of these intertwined principles is to minimise the amount of information any one organisation holds about an individual, and to ensure that the way the information is handled is consistent with the expectations of that individual AI fundamentally challenges all three of these principles

The very nature of many AI techniques, particularly machine learning, rely on ingesting massive amounts of data in order to train and test algorithms Collecting such large amounts of data can assist the development

of AI, but it can also directly oppose the collection limitation principle Technological developments in IoT devices, smartphones and web tracking

means that the data being fed into AI systems is often not collected in a traditional transaction whereby people consciously provide their personal information to someone who is asking for it In fact, many individuals are often not fully aware of the amount of information being collected about them from their devices and subsequently being used as input data for AI systems This creates a level of conflict as limiting the collection of personal information is incompatible with the functionality of AI technologies and the devices that collect data to support it but collecting such vast amounts of information creates inherent privacy risks

Providing an explanation of the purpose of collection (generally through a collection notice) is how most organisations adhere to the purpose specification principle The ability of AI to extract meaning from data beyond what it was initially collected for presents a significant challenge to this principle In some cases, organisations may not necessarily know ahead of time how the information will be used by AI in the future There is a risk of excessive data collection beyond what is necessary ―just in case‖, using overly broad collection notices and privacy policies in an attempt to ―catch-all‖ This kind of practice allows organisations to claim technical compliance with their privacy obligations, but it is disingenuous and inconsistent with the underlying goal of the collection limitation principle Further, it undermines the ability of individuals to exercise meaningful control over their personal information

Once collected, the use limitation principle endeavours to ensure personal information is only used for the purpose for which it was collected

In general, organisations are also permitted to use personal information for a secondary purpose that would be ―reasonably expected‖ by the individual This raises the question of whether information being used as input data for

an AI system can be considered a ―reasonably expected secondary purpose‖, given that in many instances, the outcome of doing so would be unknown to the individual Just as AI can highlight patterns and relationships in data unforeseen by humans, it could also reveal new potential uses for that information Combining this with the issues of purpose specification above, organisations are likely to find it difficult to ensure personal information is only used for the purpose it was collected for when using AI technologies AI

is likely to blur the distinction between what is considered a primary and secondary purpose to the extent that the practicality of the use limitation principle may need to be reconsidered

It is now common wisdom that the power, capacity and speed of information technology is accelerating rapidly The extent of privacy invasion increases correspondingly Beyond these obvious aspects of effective capacity and low cost, there are a number of important technology trends that contribute to privacy invasion:

1) Globalisation: removes geographical limitations to the flow of data The development of the Internet is perhaps the best-known example of a global technology

2) Convergence is leading to the elimination of technological barriers between systems Modern information systems are increasingly interoperable with other systems and can mutually exchange and process different forms of data

3) Multi-media fuses many forms of transmission and expression of data and images so that information gathered in a certain form can be easily translated into other forms

These technological trends bring a lot of impact on privacy in each area

of the Digital Age Although Big Data has proved useful in many application

areas, but privacy advocates are concerned about the threat to all three of privacy principles (as mentioned above) Due to the low costs, globalisation, convergence and technical advances of storage technologies, masses of personal data can easily be stored, exchange

In many countries, data protection laws are inadequate or do not even exist, so data are analysed without the prior consent of users Moreover, the safe anonymisation of data cannot be ensured anymore when large data volumes are collected and collated Convergence makes data are often automatically cross-referenced, computerised tools allow individuals to be re-identified from insufficiently anonymised data sets Once disclosed, these data may be retained forever, often without the knowledge of the individuals concerned, and be removed with difficulty Hence, it has become hard for individuals to manage and control their personal spheres Perhaps the most significant challenge to privacy is that the right can be compromised without the individual being aware With other rights, you are aware of the interference - being detained, censored, or restrained With other rights, you are also aware of the transgressor - the detaining official, the censor, or the police

Many of the world‘s most data-intensive companies hail from the US – and are criticised for what is perceived to be an excessive accumulation and use of their users‘ personal data Piled on top of this, we know that the National Security Agency (NSA) of the United States has been at the forefront of a group of intelligence agencies that have been using that and other data to build massive databases containing information on millions of people living everywhere that today‘s information and computer technologies reach We only know this thanks to Edward Snowden‘s revelations, a Central Intelligence Agency (CIA) employee and subcontractor

The increasing sophistication of information technology with its capacity to collect, analyze and disseminate information on individuals has introduced a sense of urgency to the demand for legislation Furthermore, new developments in medical research and care, telecommunications, advanced transportation systems and financial transfers have dramatically increased the level of information generated by each individual Computers linked together

by high speed networks with advanced processing systems can create comprehensive dossiers on any person without the need for a single central computer system

In our modern Digital Age, beside big data and AI, IoT also increasingly pose privacy dilemmas One of the key drivers of the IoT is data The success of the idea of connecting devices to make them more efficient is dependent upon access to and storage and processing of data For this purpose, companies working on the IoT collect data from multiple sources and store it in their cloud network for further processing This leaves the door wide open for privacy and security dangers

Philip N Howard, a professor and author, writes that the Internet of things offers immense potential for empowering citizens, making government transparent, and broadening information access Howard cautions, however, that privacy threats are enormous, as is the potential for social control and political manipulation [26] The U.S National Intelligence Council in an unclassified report maintains that the intelligence community views the Internet of things as a rich source of data [27, pp 1–3] Chances are big data and the Internet of things will make it harder for us to control our own lives,

as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us