It is not just the contents of our communications that need to be protected, but also the metadata that accompanies every action we take online — such as the location, time, and recipients of messages or phone calls. Taken as a whole, even this supposedly innocuous information can reveal significant detail about one’s life and therefore compromise privacy.
Equally concerning, in the modern age of big data is the ability to make inferences based on the collective data of large groups of people. Collectively, data about the movements, behaviours, or preferences of large groups of people can be used to surreptitiously manipulate behaviour or to make inferences about people who are not even a part of that specific dataset. Both targeted and bulk (mass) surveillance are frequently implemented by governments around the world. Furthermore, the private sector is increasingly active in this space as well, as was demonstrated by the Cambridge Analytica scandal of 2018.
Encryption is therefore viewed as a critical tool in the defence of freedom of expression online, allowing journalists, lawyers, human rights activists, and ordinary people to communicate safely and securely in the face of numerous threats. Encryption is coming under increasing threat around the world by governments and law enforcement agencies seeking to access the communications of suspects in order to prevent crime.
Media Defence has developed a series of summary modules that provide an overview of the multi-faceted right to freedom of expression and how it is protected under international law. These modules touch on topics of relevance to the conversation about surveillance and encryption, such as how the right to privacy is enshrined in international law, and the issues of national security and fighting cybercrime, which are often used as justifications for surveillance and the breaking of encryption.
Media Defence’s series of Advanced Modules on Digital Rights and Freedom of Expression online provide a more comprehensive review of current developments and jurisprudence in the field of digital rights. In combination with the Summary Modules above, these resources form the basis of our introductory and advanced litigation surgeries. The Advanced Modules have been designed to assist lawyers representing journalists, bloggers and other online media in East, West and Southern Africa. They include emerging trends in digital rights as well as tools and advice on litigating cases at the national and regional levels.
These Advanced Modules explore ways in which freedom of expression online is under threat in the modern age, including through digital surveillance by both public and private sector actors, and highlights what can be done about it by reviewing existing case law and campaigns to protect privacy online.
Key Case Law
Case law on government-led surveillance has advanced in recent years with notable cases in the United Kingdom and South Africa. Likewise the Schrems and Schrems II cases in the European Union constituted progressive judgements on the collection of data by private entities and the cross-border transfer of that data. Nevertheless, the tools to implement data-driven surveillance are constantly evolving as new technology develops, often outpacing the rate at which regulators or the courts can develop the law.
The Supreme Court of India held that the right to privacy was a constitutionally protected right in India, as well as being incidental to other freedoms guaranteed by the Indian Constitution.
The High Court of South Africa held that journalists are not required to reveal their sources, subject to certain exceptions.
The Court of Justice of the European Union held that data transferred from the EU to a country without sufficient data protection laws (the US) violated the data subject’s rights, and declared the Safe Harbour Decision invalid.
The European Court of Justice held that a European Union directive requiring Internet Service Providers (ISPs) to store telecommunications data in order to facilitate the prevention and prosecution of crime was found to be invalid.