Declaring Internet access as a human right, given its importance in the exercise of the freedom of opinion and expression, the United Nations Human Rights Council enjoined governments to enact clear and internationally accepted regulations on the use of Internet service providers (ISPs) and other private intermediaries as a tool for Internet censorship and data-privacy protection.
The report, prepared by UN Special Rapporteur Frank La Rue and released on June 3, noted that a unique feature of the Internet is that the transmission of information on the Web depends largely on private enterprises offering platforms that facilitate online communication or transactions between third parties, including giving access to hosting, transmitting and indexing content.
These intermediaries include ISPs, to search engines, blogging services, and online community platforms, among others.
The problem, La Rue said, is that the lack of clear laws governing the operations of these intermediaries has exposed them to liabilities for third-party content and, at the same time, converted them into agents that curtail the Internet users’ right to expression.
“Many states have adopted laws which impose liability upon intermediaries if they do not filter, remove or block content generated by users which is deemed illegal,” the report said.
In Italy three Google executives were convicted for violating the Italian data-protection code after a video depicting cruelty to a disabled teenager was posted by a user on the Google video service. The video was taken down within hours of notification by Italian authorities but they were still convicted.
In China the report said ISPs and Web platforms are required to conduct surveillance on their users, and they are also held directly responsible for content posted by users. Companies that fail to comply with this obligation risk losing their business licenses.
“Holding intermediaries liable for the content disseminated or created by their users severely undermines the enjoyment of the right to freedom of opinion and expression, because it leads to self-protective and over-board private censorship, often without transparency and the due process of the law,” the report said.
Since intermediaries may be held financially and criminally liable if they do not remove contents upon receipt of notification by users regarding unlawful content, they are inclined to err on the side of safety by over-censoring potentially illegal content.
Also, as private entities, they are not best placed to make the determination of whether a particular content is illegal, which requires careful balancing of competing interests and consideration of defenses.
“Generally, companies have played an extremely positive role in facilitating the exercise of the right to freedom of opinion and expression. At the same time, given the pressure exerted upon them by states, coupled with the fact that their primary motive is to generate profit rather than to respect human rights, preventing the private sector from assisting or being complicit in human-rights violations of states is essential to guarantee the right to freedom of expression,” the UN report said.
With this, La Rue suggested that governments adopt the framework of “Protect, Respect and Remedy” which has been developed by the UN Special Representative of the secretary-general on the issue of human rights and transnational corporations and other business enterprises.
The framework rests on three pillars: (a) the duty of the State to protect against human-rights abuses by third parties, including business enterprises, through appropriate policies, regulation and adjudication; (b) the corporate responsibility to respect human rights, which means that business enterprises should act with due diligence to avoid infringing the rights of others and to address adverse impacts with which they are involved; and (c) the need for greater access by victims to effective remedy, both judicial and non-judicial.
La Rue also noted there are insufficient or inadequate data-protection laws in many states that stipulate who is allowed to access personal data, what it can be used for, how it should be stored, and for how long.
This is important, the report said, since large volumes of personal data are collected and stored by intermediaries, and there is a worrying trend of states obliging or pressuring these private actors to hand over information of their users.
“Moreover, with the increasing use of cloud-computing services, where information is stored on servers distributed in different geographical locations, ensuring that third parties also adhere to strict data-protection guarantees is paramount.”
