Extended Slovník

Human Rights

Human rights in cybersecurity refer to the application of fundamental human rights - such as privacy, freedom of expression, and non-discrimination - to the digital sphere and the ethical considerations within the design, implementation, and use of cybersecurity technologies and policies.

Human rights in cybersecurity encompass the broad spectrum of rights that individuals possess, which are impacted by digital technologies and cybersecurity practices. This includes, but is not limited to, the right to privacy (e.g., data protection, freedom from unlawful surveillance), freedom of expression (e.g., combating censorship, ensuring access to information), freedom of assembly and association (e.g., organizing online), and the right to non-discrimination. As technology evolves, cybersecurity measures, while necessary for protection, must also respect and uphold these fundamental rights.

What are human rights in the context of cybersecurity?

Human rights in the context of cybersecurity refer to the application of universally recognized fundamental rights — such as the right to privacy, freedom of expression, freedom of assembly, and non-discrimination — to the digital realm. As outlined by the Office of the United Nations High Commissioner for Human Rights (OHCHR), the same rights that people have offline must also be protected online. This means that cybersecurity technologies, policies, and governance frameworks must be designed and implemented in ways that safeguard individuals' dignity and freedoms in the digital sphere. The ethical implications of data collection, AI-driven algorithms, surveillance technologies, and online content moderation all fall within this scope.

Why are human rights important for cybersecurity policy?

Human rights serve as the foundational ethical and legal framework that should guide the development of cybersecurity policy. Without integrating human rights considerations, cybersecurity measures risk becoming tools of oppression rather than protection. Organizations such as the Electronic Frontier Foundation (EFF) and Amnesty International consistently advocate for policies that balance security with civil liberties. The United Nations Guiding Principles on Business and Human Rights further emphasize that both states and private enterprises have responsibilities to ensure that their digital governance and compliance frameworks prevent human rights abuses while promoting a free, open, and secure internet.

How do cybersecurity practices impact human rights?

Cybersecurity practices can both protect and threaten human rights, depending on how they are designed and deployed:

  • Data collection and surveillance: While threat detection systems require monitoring network traffic, excessive or indiscriminate data collection can violate the right to privacy. For example, governments using surveillance software to monitor dissidents directly infringes on rights to privacy and freedom of association.
  • Content moderation: Platforms implementing security measures to combat disinformation may inadvertently block legitimate political speech, infringing on freedom of expression. Social media platforms that over-censor content demonstrate this tension clearly.
  • AI and algorithms: Automated cybersecurity tools using machine learning can perpetuate biases, leading to discrimination against certain groups in how threats are identified or access is granted.
  • Encryption: Strong encryption protects individuals' privacy and security, but efforts to weaken encryption for law enforcement purposes can expose vulnerable populations to greater risk.

Organizations like Human Rights Watch actively document cases where cybersecurity technologies have been misused to undermine fundamental freedoms.

When are human rights violated by state-sponsored cyber activities?

Human rights violations through state-sponsored cyber activities occur in several key scenarios:

  • Mass surveillance programs: When governments conduct bulk interception of communications without adequate legal oversight, proportionality, or transparency, they violate the right to privacy as recognized by the Council of Europe and international human rights law.
  • Targeted surveillance of activists and journalists: The deployment of spyware such as Pegasus against human rights defenders, journalists, and political opposition constitutes a direct violation of privacy and can have chilling effects on freedom of expression and assembly.
  • Internet shutdowns and censorship: State-imposed internet blackouts during protests or elections violate rights to access information, freedom of expression, and assembly.
  • Offensive cyber operations: State-sponsored cyberattacks that disrupt critical infrastructure — such as healthcare systems or power grids — can violate the right to life and security of person.

The Internet Governance Forum (IGF) provides a multi-stakeholder platform for addressing these issues at the international level.

Which human rights are most relevant to cybersecurity?

The following human rights are most directly affected by cybersecurity technologies and policies:

  • Right to privacy: Encompasses data protection, freedom from unlawful surveillance, and control over personal information. This is arguably the most frequently impacted right in the cybersecurity domain.
  • Freedom of expression: Includes the right to seek, receive, and impart information, which is affected by content filtering, platform moderation, and government censorship.
  • Freedom of assembly and association: The ability to organize and communicate online, which can be undermined by monitoring of social media activities or disruption of communication platforms.
  • Right to non-discrimination: Ensures that cybersecurity tools and algorithms do not disproportionately target or exclude individuals based on race, gender, religion, or other protected characteristics.
  • Right to security: Individuals have a right to be protected from cybercrime, identity theft, and other digital threats, which underscores the necessity of robust cybersecurity measures.
  • Right to due process: Cyber enforcement actions, including account suspensions, sanctions, and digital evidence gathering, must adhere to principles of fairness and legal procedure.

Ensuring that these rights are respected requires ongoing collaboration between governments, the private sector, civil society, and technical communities to create cybersecurity frameworks that are both effective and rights-respecting.

← Back to Glossary