In an interview with German public broadcaster ARD over the weekend, Chancellor Angela Merkel pushed for strengthened international and European agreements on privacy protection, saying that domestic laws were not enough to protect the data of German citizens in a globalized world.
"We want companies in Europe to tell us to whom they give the data," Merkel said. "We have good domestic data protection laws, but when Facebook is registered in Ireland, then Irish law applies, which is why we need a European agreement. Internationally, we should also negotiate a treaty."
The chancellor expressed support for a proposal by Justice Minister Sabine Leutheusser-Schnarrenberger to revise UN provisions on privacy protection. The German federal government has argued that international law lags decades behind the digital reality of the 21st century.
"The security and transparency of our communication networks are a global challenge," the justice minister wrote in a July 9th guest piece for the daily Frankfurter Allgemeine Zeitung. "This challenge will have to be solved globally."
Call to amend UN treaty
Berlin wants to amend the International Covenant on Civil and Political Rights (ICCPR) to bring international law up to speed. Adopted by the UN General Assembly in 1966, the ICCPR expands upon and gives concrete meaning to the Universal Declaration of Human Rights.
Article 17 of the ICCPR states that "no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation." The authors of Article 17 most likely had in mind bugged apartments, wiretapped telephone lines, and the opening of letters in the backrooms of post offices.
In 1990, the UN General Assembly adopted the Guidelines for the Regulation of Computerized Data Files. UN member states were called upon to ensure that personal electronic data was collected only in clearly defined circumstances. According to the guidelines, data collection should "be brought to the attention of the person concerned." And data between states "should be able to circulate as freely as inside each of the territories concerned." The UN member states, however, were left to implement these guidelines on their own.
What all that means for electronic communications is not entirely clearly. Just three years after the UN General Assembly adopted the computerized data guidelines, the first web browser made the Internet accessible to the public at large.
For years, privacy protection activists have been working for a new treaty that would more precisely define privacy rights in the Internet age. The International Conference of Data Protection - which brings together state officials, NGOs and international organizations - issued its Montreux Declaration in 2005. The declaration called on the United Nations to draft "a legally binding instrument which clearly sets out in detail the rights to data protection and privacy as enforceable human rights."
Draft in the works
In light of the NSA scandal, the German government has made the demands of the Montreux Declaration its own. The Justice Ministry has said that it is in the process of drawing up a treaty revision that would regulate intelligence agencies' access to communications data. But a finished draft does not yet exist, and the negotiations over amending Article 17 of the ICCPR will likely take years to complete.
In any case, it's doubtful that an amendment to Article 17 would have any real impact. It would only be applicable to states that signed and ratified the treaty change. If the US does not want to restrict the activities of its intelligence agencies, it could simply refuse to sign the amendment. Washington has done that in similar cases in the past, such as when it refused to ratify the amendment to the ICCPR banning the death penalty.