You have addressed the International Conference at its annual meeting this year, what are your main takeaways from the discussions held in Hong Kong?
I would like to see more harmony in meetings, more efforts to become really global. Clearly the conference has a decision to take: either be a club for those people who are already serious about data protection or a club of for those who want to be serious about data protection. Can it be both? Probably yes. Should it be both? Probably yes.
How do you do you foresee the role of the International Conference in promoting privacy and data protection at international level?
More or less the same but with more innovation, especially in other privacy-related areas, beyond the issue of data protection. I am keen to see the Conference to take a more active role in surveillance. Not surprising! I would be very happy if this could work in synergy with my UN mandate.
Can you tell us more about the ongoing project of a Draft legal Instrument on Government-led surveillance? Which are the next steps and what are your expectation in terms of outcome and delivery?
The legal instrument, developed jointly with EU support and under the special mandate of the UN, led common meetings gathering all stakeholders (e.g. intelligence community, police, civil society, lawyers). All of them behind closed doors in New York, Miami, Paris, Malta… Last week we had the first public meeting in Rome. Each meeting, more people… I am encouraged by the progress made. The text is now public. Nobody contested that we need a clear comprehensive global framework which deals with surveillance but some governments have opposition or reservations on a legally binding agreement. One the contrary, some governments are in favor. We received positive feedbacks on several aspects from the European bar associations, Europol, several Data Protection Authorities, some members from civil society and experts from the Council of Europe. Companies such as Facebook, Microsoft, Google, and Yahoo participated in these meetings as well. All of this is very encouraging.
We should keep on going. The text is far from being in a position to be something ready for inter-governmental discussion let alone signature. We are not there yet. My role so far was has been to facilitate the discussion while identifying issues. And there are still issues of timing to sort out. Two questions are ahead of us: Is the draft ready? No. The answer is clear. There is a need for more consultation and further refinement of ideas, wording and solutions. Is the world ready? No, because as demonstrated, for example, in June 2017 with the issue of IT system security, the world is not able to come to an agreement on matters such as cybersecurity and international law in the field cybersecurity. The failure of the UN GGE (Group of Governmental Experts) is one of the most recent examples and a serious reminder that some countries in the world are not yet ready to come to the table in good faith even if many others are willing to make progress. Nobody can ignore the international climate of distrust, nor the lessons of history looking at how other instruments at UN level were born. They require a long period of preparation and especially time is required for countries to coalesce around the idea.
History teaches us that at least one region, preferably two or three, from the UN family should take the initiative before a new instrument is born. So it needs to be encouraged by a significant number of countries. The next steps are for the MAPPING Project to present the instrument to the EU Commission and EU Parliament in 2018. We look forward to creating synergies over the next three years in order for the draft legal instrument to become part of the EU strategy and part of the EU roadmap on how to engage with the world when it comes to privacy, surveillance and Internet governance. I will be in Geneva on March 5th at the Human Rights Council as special rapporteur, presenting a summary of discussions and I will be including the current text in annex to give an idea of what parts of a future text could look like. But taking into account the timing consideration, I do not foresee making more concrete recommendations just now, I would rather expect that progress at regional level and cross regional collaboration would put the Human Rights Council and the UN General Assembly into a far more receptive mood in three or four years’ time. Those three or four years will be full of work and the ideas that are now public will thus have the time to be refined further, with more consultation with stakeholders in order to gain a better understanding of what can be practically achieved. Baby steps at first…with more to be achieved during upcoming years!
According to you, what is the “next big thing” in the field of privacy and data protection?
Everything that is “smart”, especially in the context of smarts cities, IOT, connected things including AI.
Which word comes first to your mind if you think about privacy?
“Personality”, Privacy is an essential component when it comes to exercising my overarching right to the free development of my personality.