Public Privacy #2: Thougts on the Rule of Law in Cyberspace

Posted on December 5, 2014


When we introduce the human rights we know to the Internet, we must remember to consider the complex social worlds that it entails. The needed guidelines must be balanced between information and opinion, where we are free to use our rights, but without violating others. In this essay, I will discuss ‘the Rule of Law’ and whether this concept is applicable in the Internet. To concretize the discussion further in on ‘the Rule of Law’, I will outline definitions of security in the internet and e-Democracy. Lastly, I will discuss the multi-stakeholder approach as a possible way to achieve the protection and realization of human rights in cyberspace.

The Rule of Law – From the offline to the online

In 2011 UN Special Rapporteur Frank de la Rue presented his report on freedom of expression and the Internet to the Human Rights Council. He strongly advocated for a development of concrete guidelines and laws to protect human rights online and highlighted that privacy and freedom are interlinked.  After that human rights in relation to the internet have been discussed more and more in detail, and more and more stakeholders have announced their interest in finding common ground in the internet. Therefore more international organizations have called for a guarantee of human rights in the internet, and one of those calls was from the Council of Europe that stated these essential words:

“Internet governance arrangements must ensure the protection of all fundamental rights and freedoms and affirm their universality, indivisibility, interdependence and interrelation in accordance with international human rights law. They must also ensure full respect for democracy and the rule of law and should promote sustainable development (…)”

Declaration by the Committee of Ministers on Internet governance principles, Council of Europe 2011

In short this call argues, that the questions might not be which new norms to implement, but how to implement the ones we already got. And this approach was confirmed by the UN Human Rights Council that passed a resolution in 2012 stating, that ‘the same rights that people have offline must also be protected online’. A very important statement that lifts internet human rights from being a specific case to being a priority in the general work with human rights.

To take a step back, we must briefly clarify what the Rule of Law means. Rule of law refers to a society with a developed legal system based on the principles of equality before the law and separation of state and the sovereignty of the people. So the next question is how this would look like online.

The Question of E-Democracy

E-Democracy means using information and communications technology (ICT) to promote democratic behavior and actions. It allows internet users to use ICT to participate equally in the proposal and the larger decision making process on the local, national or international level. This participation via internet can result in common agreements, norms, rules and laws to govern communities. To practice e-democracy, citizens and users need to have free and equal access to the internet. If this is not possible – e-democracy is not possible. E-democracy differs from general democracy by requiring a certain set of practical circumstances. As Janet Caldow (2004) agues, leaders need to acknowledge the importance e-democracy and the need to understand why information technology infrastructures are essential towards e-democracy. Caldow call for a more strategic view that “promotes the philosophy and practice of democracy in the free world” (2004:11).

The Question of Security

So the internet is a great way of communicating and exercising freedoms. But how what about our security – how are we free and safe in the internet? UNDP’s general definition from 1994 says that human security is a people-centered view of security that is necessary for national, regional, and global stability. It is about securing ‘freedom from want’ and ‘freedom from fear’ for all persons as the best path to tackle the problem of global or local insecurity. Political security is a different matter. This is concerned with whether people live in a society that honors their basic human rights. Political Security is more likely to achieved, if people can participate in decision making and legislative processes of their country according to international human rights law standards; and if these laws later are complied with, e.g. by the Rule of Law (UNDP 1994).

But what about cyber-security then? A study group of experts from ITU came up with this proposal in 2014: “The collection of tools, policies, security concepts, guidelines, safe guards, actions, trainings, insurances – strives to ensure the attainment and maintenance of the security properties of users’ assets against relevant security risks in the cyber environment. The general security objective comprises the following: integrity of information and data, authenticity and repudiation, and confidentiality.” It becomes clear that people’s assets and/or data need to be protected in order to run an effective and prosperous society, but the question is then if there is data that should not remain private but rather public? I would argue that the question of security is not an either/or question. Data intended for public use does not require confidentiality, but on the other hand all data requires some protection to ensure veracity and availability. I opened this essay by stating that we must consider the complex social worlds that the internet entails, and the question of security is yet another complex question of social, cultural and legal contexts that intertwine and interact.

The Multi-stakeholder Approach

In the wake of ‘the Arab Spring’ and the case of Edwards Snowden, it becomes more and more obvious that we need a common agreement on freedom in the internet. In the discussion paper of Internet & Society Co:llaboratory (2012), which is a policy venture platform, it is underlined that the internet emerged from a specific cultural sphere with a governance that have become more globalized. This raises the issue that cultural differences have become more apparent and the limits of freedom of speech are challenged around the world. The point is that the question of governance is not just technical but also political, and therefore requires innovative and value-oriented solutions. Searching for modes of governance it is important that we address the technical and cultural challenges of our complex and interdependent online and offline lives (2012:5). This suggests that a single body of authority is not enough, but multiple. This leads us to the multi-stakeholder approach.

In order to keep the Internet global and open, there is a need for “a growth- and freedom-oriented, participative, bottom-up perspective on security that has human rights at its core.” This was stated in a joint Governmental Statement from the UN Human Rights Council in 2013. One way of shaping this could be through an international regime (Haas 2013), meaning a set of different actors – as state governments, international organizations, NGOs, and experts – that decide on common rules and standards; a criticism towards this constellation though, is that only states can decide on agreements. An alternative multi-stakeholder approach then came from the UN, including much more actors – as Public sector, private sector, NGOs, governmental representatives, the media – aiming to give all participants same terms, yet not voting rights. A multi-stakeholder measure that has been taken is the International Internet Governance Forum (IGF) – but the IGF cannot make official recommendations, only summaries. To meet the growing need for laws and regulations, one could propose a compromise; for example, the IGF could be expanded with a mandate to make official recommendations.


The international community attains to secure freedom and privacy in cyberspace through international agreements – and an example of this is UNs Resolution on Privacy. The resolution is relevant for all member states, and all have agreed to it; but how they want to imply and implement it locally is up to them. It is not legally binding, which highlights the importance of independent monitoring bodies. The resolution is an important tool, but it should not be overestimated. Protecting human rights in cyberspace depends highly on the political set up and will of various institutions, but also how we use the online tools ourselves, how we practice and participate. If you engage with an institution and make use of their services, you are part of the legitimization process. If you refrain from the interaction, there is no legitimacy. This means that citizens and costumers are very closely engaged with human rights in the internet, and therefore we must remember to consider the complex social worlds that the internet entails – and therefore the multi-stakeholder approach is a solid and useful suggestion for how to transfer ‘the Rule of Law’ to the internet.

This text was originally written for the MOOC Public ‘Privacy: Cyber Security & Human Rights’ at