ebook img

Human rights guidelines for Internet service providers PDF

16 Pages·2008·1.48 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Human rights guidelines for Internet service providers

H/Inf (2008) 9 Human rights guidelines for Internet service providers Developed by the Council of Europe in co-operation with the European Internet Services Providers Association (EuroISPA) Directorate General of Human Rights and Legal Affairs Council of Europe 2008 Contents Understanding the role and position of Internet service providers in respecting and promoting human rights, page 3 Scope of these guidelines . . . . . . . 4 Human rights guidelines for Internet service providers, page 5 Guidelines for ISPs providing Guidelines for ISPs providing other Guidelines for ISPs with regard to access services. . . . . . . . . . . . . . . . . 5 information society services the right to respect for private life (hosting, applications and data protection. . . . . . . . . . . . . 6 and content). . . . . . . . . . . . . . . . . . . 6 Extracts from existing Council of Europe standards relevant to the roles and responsibilities of ISPs, page 8 Recommendation No. R (99) 5 of Declaration of the Committee of Recommendation No. Rec (2007) the Committee of Ministers to Ministers on human rights and the 16 of the Committee of Ministers to member states for the protection of rule of law in the Information member states on measures to privacy on the Internet . . . . . . . . . 8 Society . . . . . . . . . . . . . . . . . . . . . . 10 promote the public service value of the Internet. . . . . . . . . . . . . . . . . . .10 Declaration of the Committee of Recommendation No. Rec (2007) Ministers on freedom of 11 of the Committee of Ministers to Recommendation No. CM/Rec communication on the Internet . 9 member states on promoting (2008) 6 on measures to promote freedom of expression and the respect for freedom of information in the new information expression and information with and communications regard to Internet filters. . . . . . . .11 environment . . . . . . . . . . . . . . . . . 10 Everyone has the right to freedom of expression and information. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authorities and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises. The exercise of these freedoms, since it carries with it duties and respon- sibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic soci- ety, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for pre- venting the disclosure of information received in confidence, or for main- taining the authority and impartiality of the judiciary. Article 10 of the European Convention on Human Rights Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. Article 8 of the European Convention on Human Rights Understanding the role and position of Internet service providers in respecting and promoting human rights 1. Internet service providers tion society, in particular to seek and users, to states and, most impor- (ISPs), in providing the basic infra- impart information and ideas, to cre- tantly, to ISPs themselves. structure and the basic services that ate and to access knowledge and 9. In this regard, ISPs are encour- allow users to access and use the education. aged to take note of, discuss and Internet and thereby exercise their 5. Access-providers, in particular make their best efforts to comply rights to benefit from the informa- those serving home-users and fami- with the following guidelines (over- tion society, deliver services with a lies, can be seen as fulfilling a part leaf ) and to consider making refer- significant public service value to public service role that promotes ence to them on their websites and in society. their customers’ rights to benefit their end-user agreements. 2. ISPs have a unique position and from the information society and, to 10. ISPs, in co-operation with asso- possibility of promoting the exercise this end, strengthen the exercise and ciations of ISPs, member states, and, of and respect for human rights and enjoyment of their rights and where appropriate, with the assis- fundamental freedoms. In addition, freedoms. tance of the Council of Europe, are the provision of Internet services is 6. Equally, to the extent that also encouraged to make key person- increasingly becoming a prerequisite access-providers and particularly nel in their organisations aware of for a comprehensive participatory host-providers may enforce deci- these guidelines and the issues raised democracy. ISPs also play an impor- sions and actions with regard to the therein. tant role vis-à-vis states which are accessibility of services (e.g. remove, 11. Associations of ISPs can play an committed to protecting and pro- block or filter content), this can important role by assuming collec- moting these rights and freedoms as impact on rights and freedoms. tive responsibility with regard to part of their international law obliga- 7. ISPs have access to varying raising awareness and providing tions. amounts of information (content information about the issues raised 3. ISPs provide a variety of services and/or traffic data) which underlines in these guidelines. They are encour- to their customers, be it as access- their important role and position vis- aged to actively promote these guide- providers or as providers of other à-vis the rights and freedoms of lines among their members, for information society services (appli- users. ISPs should not be put under a instance by making reference to or cation-providers, content-providers general obligation to actively moni- incorporating them in their own and/or host-providers). It is recog- tor content and traffic data; however codes of conduct and by providing nised in these guidelines that not all there may be specific cases defined expert knowledge. ISPs have the same roles and respon- by law and upon specific orders 12. As regards the information that sibilities vis-à-vis users but that these where an ISP may need to assist in should be provided towards custom- may depend on the types of services monitoring content or data or impart ers, ISPs may choose to provide this the ISP delivers and what segment of information about a user to a third information via associations of ISPs, customers the ISP serves. party. Such cases could have an particularly in the case of small 4. Access-providers facilitate entry impact on freedom of expression or enterprises and in those cases where to the Internet and therefore to a the right to private life. the information is not provider-spe- diversity of information, culture and 8. Overall, there is considerable cific (such as information about risks languages; they are often the first potential for ISPs, particularly host on the Internet). Associations of ISPs point of contact and trust for users. and content providers, to promote can furthermore contribute to a har- Their role is a prerequisite for ena- the opportunities and benefits of the monisation of user information and bling and empowering users to information society, and this should aggregate knowledge as regards the access the benefits of the informa- be underlined and communicated to issues raised in the guidelines. In Human rights guidelines for Internet service providers 3 Understanding the role and position of Internet Service Providers in respecting and promoting human rights addition they can provide for European Union Safer Internet Plus junction with the obligations appli- cooperation and exchange of knowl- Programme. cable to ISPs and their activities edge with existing structures in the 13. The guidelines are without prej- under national, European and inter- field of Internet safety, such as the udice to and must be read in con- national law. Scope of these guidelines 14. The following guidelines are services). The second chapter applies to all Internet service providers grouped in several chapters, accord- to providers of other information accordingly. ing to the respective roles of the ISPs. society services, such as is the case 15. The guidelines do not apply to The first chapter applies to Internet for providers of hosting services, mere transit providers. access providers (providers of on- content providers and application demand or dedicated Internet access providers. The third chapter applies 4 Human rights guidelines for Internet service providers Human rights guidelines for Internet service providers Guidelines for ISPs providing access services • 16. Ensure that your customers ing), bullying, stalking and other 16.2. Security risks have access to information about forms of harassment. Although you potential risks to their rights, secu- will not be expected to advise on • If appropriate, explain what you rity and privacy online, including what content or behaviours are ille- are doing to protect your customers information on what you are doing to gal and/or harmful, the information against security risks. Such risks may help your customers counter those you give could usefully include: concern data integrity (viruses, risks. Provide information about worms, trojans, etc.), confidentiality available tools and software that your – explanations on what you are (e.g. when making transactions customers may use to protect them- doing to counter such content and online), network security or other selves further. If you provide this behaviour, particularly your risks (e.g. phishing). cooperation with hotlines against information yourself, ensure that it is • Raise your customers’ awareness illegal content (e.g. Inhope); provided in the most accurate, acces- or link your customers to further sible and up-to-date way possible. If – guidance on how users can pro- information on how to counter risks you do not provide this information tect themselves against the risks of to their security on the Internet. yourself, link your customers to ade- encountering illegal and/or harmful quate information resources, partic- content and 16.3. Privacy risks ularly those of associations of ISPs or networks in the field of Internet – behaviour (e.g. by linking them to • Provide for information or link to safety. In particular information on relevant information on Internet information about potential risks of the following risks could be made safety websites); customers to their privacy when available: – information on available software using the Internet. Such risks may tools designed to protect users concern the hidden collection, against illegal and/or harmful con- recording and processing of data 16.1. Illegal and/or harmful tent, including information about (spyware, profiling). If appropriate, content, risks for children how the tools work and can be link to websites of your national adapted by the users to meet their authorities with available informa- • Provide information or link to individual needs. tion of applicable laws on privacy information about risks of encoun- and protection of personal data. tering or contributing to the dissemi- • Provide information or link to • Offer further information and nation of illegal content on the Inter- information on what your customers guidance to your customers about net as well as the risks for children of can do to protect their children the technical means which they may being exposed to harmful content or online. Make reference to websites use to protect themselves against pri- behaviour when they are online. The with child-friendly content and to vacy risks (anti-spyware tools etc.). latter may include content or behav- available online safety resources such iour capable of adversely affecting as the Council of Europe Internet • 17. When your customers need the physical, emotional and psycho- Literacy Handbook (www.coe.int/ support in dealing with the risks logical well-being of children, such as internet-literacy), the Council of identified above, ensure that they can online pornography, the portrayal Europe online game Through the either make further enquiries in the and glorification of violence and self- Wild Web Woods (www. appropriate form (e.g. telephone, harm, demeaning, discriminatory or wildwebwoods.org) or websites of e-mail, writing, personal contact) or racist expressions or apologia for Internet safety nodes (www. link them to appropriate informa- such conduct, solicitation (groom- saferinternet.org). tion resources. Human rights guidelines for Internet service providers 5 Human rights guidelines for Internet service providers • 18. Be careful about blocking or • 19. Cutting access to individual contractual obligations or intentional degrading the quality of your serv- customer accounts constitutes a abuse, while having regard to legal ices for the use of certain applica- restriction on your customer’s rights safeguards that may be applicable tions or software based on a given to access the benefits from the infor- under national law. The customer technical protocol. If you apply mation society and to exercise their should, where appropriate, be prop- bandwidth caps, filter or block cer- rights to freedom of expression and erly warned and informed before- tain traffic, make sure that your cus- information. Cutting access should hand, be given adequate reasons for tomers are informed about such only be done for law enforcement or the cutting of access and be service restrictions in a clear man- other legitimate and strictly neces- instructed of the steps to be taken to ner beforehand. sary reasons, such as a violation of re-establish the access. Guidelines for ISPs providing other information society services (hosting, applications and content) • 20. Make sure any filtering or right to freedom of expression and on risks to children when using blocking of services carried out is information. application services provided by you legitimate, proportional and trans- • 22. Inform your customers about (chat rooms, messageboards etc.), in parent to your customers in accord- your general policy dealing with particular the risks of encountering ance with the Council of Europe Rec- complaints on alleged illegal content harmful content or behaviour ommendation on measures to you might be hosting. Give clear (grooming, bullying, etc.) when promote the respect for freedom of indications to the general public on using your services. expression and information with how to complain, and to your cus- • 25. When providing applications regard to Internet filters, CM/Rec tomers on how to respond to such for e-mailing to your customers (2008) 6. Inform your customers of complaints. make sure that any measures you any filtering or blocking software • 23. If you provide your customers provide, such as spam-recognition or installed on your servers that may with specific application services, spam-filtering software, are effective lead to a removal or inaccessibility of such as the use of chat, e-mail, blogs (recognising or filtering spam while content as well as the nature of the etc., you should take care to ensure not interfering with legitimate e- filtering that takes place (form of fil- the use of the applications is as safe mails) and your customers are tering, general criteria used to filter, as possible and that your customers properly informed about their func- reasons for applying filters). are made aware of the way the appli- tionality and methodology as well as cations work. When providing facili- the possibility to adapt their configu- • 21. In respect of filtering, block- ties such as chat rooms or discussion ration. ing or removal of illegal content, you forums, make sure that clear rules for should do so only after a verification user registration and use of nick- • 26. If you provide content serv- of the illegality of the content, for names are established and that users ices to your customers, such as web- instance by contacting the compe- are informed about the rules in a based information or news services, tent law enforcement authorities. clear manner before they start using consider offering users a right of Acting without first checking and your services. reply allowing the rapid correction of verifying may be considered as an • 24. Although you will not be incorrect information along the lines interference with legal content and expected to provide advice on what of the minimum principles contained with the rights and freedoms of those content or behaviours are illegal and/ in the Council of Europe Recom- creating, communicating and access- or harmful, you could usefully give mendation (2004) 16 on the right of ing such content, in particular the information to teachers and parents reply in the new media environment. Guidelines for ISPs with regard to the right to respect for private life and data protection • 27. Establish appropriate proce- be adapted to the type of service you firewalls, encryption technology or dures and use available technologies provide accordingly. digital signatures, etc.). to protect the privacy of users and • 29. When acting with regard to secrecy of content and traffic data, • 28. Offer further information and the communications of users (for especially by ensuring data integrity, guidance to your customers about example by allowing the intercep- confidentiality as well as physical and the technical means they may use to tion or monitoring of users’ e-mails) logical security of the network and of protect themselves against security such action should only be under- the services provided over the net- risks to data and communications taken in case of a legal duty to do so, work. The level of protection should (such as anti-spyware software tools, on specific orders or instructions 6 Human rights guidelines for Internet service providers Guidelines for ISPs with regard to the right to respect for private life and data protection from a competent public authority be handled through the competent legitimate purposes in accordance made in accordance with the law. Do authorities in your country. with data protection laws. Do not not actively monitor the content of store data for longer than required by • 31. Inform your customers in communications on your network. law or than is necessary to achieve which circumstances you are under a Furthermore, the deletion and modi- the purpose of processing of the legal duty to reveal their identifica- fication of the user’s correspondence data. tion, connection or traffic data by (e.g. by spam-filters) should depend • 33. Do not use personal data on request from law enforcement agen- on the explicit consent of the user users for your own promotional or cies etc. Such information could par- before the spam-filter, etc. is acti- marketing purposes unless the user ticularly be provided by associations vated. concerned, after having been of ISPs to whom you might want to • 30. Do not to reveal the identity informed, has given his or her con- link. If you receive a request to dis- of users, their traffic data or the con- sent and this consent has not been close such data, make sure to check tent of data accessed by them to a revoked. Do not make personal data the authenticity of the request and third party, unless under a legal duty publicly available! Such publication that it is made by a competent to do so or following specific orders may infringe other people’s privacy authority in accordance with the law. or instructions from the competent and may also be prohibited by law. public authority made in accordance • 32. Do not collect, process or with the law. Requests in this respect store data about users, unless this is brought to you from abroad should necessary for explicit, specified and Human rights guidelines for Internet service providers 7 Extracts from existing Council of Europe standards relevant to the roles and responsibilities of ISPs Recommendation No. R (99) 5 of the Committee of Ministers to member 1 states for the protection of privacy on the Internet Guidelines for the natures. Offer such technical means 9. Do not store data for longer than at a cost-oriented price, not a deter- is necessary to achieve the purpose protection of individuals rent price. of processing. with regard to the collection and processing 4. Before accepting subscriptions 10. Do not use data for your own of personal data on and connecting users to the Inter- promotional or marketing purposes net, inform them about the possibili- unless the person concerned, after information highways ties of accessing the Internet anony- having been informed, has not which may be incorporated mously, and using its services and objected or, in the case of processing in or annexed to codes of paying for them in an anonymous of traffic data or sensitive data, he or conduct way (for example, pre-paid access she has given his or her explicit con- cards). Complete anonymity may not sent. III. For Internet service providers be appropriate because of legal con- 11. You are responsible for proper straints. In those cases, if it is per- use of data. On your introductory 1. Use appropriate procedures and mitted by law, offer the possibility of page highlight a clear statement available technologies, preferably using pseudonyms. Inform users of about your privacy policy. This state- those which have been certified, to programmes allowing them to search ment should be hyperlinked to a protect the privacy of the people and browse anonymously on the detailed explanation of your privacy concerned (even if they are not users Internet. Design your system in a practice. Before the user starts using of the Internet), especially by ensur- way that avoids or minimises the use services, when he or she visits your ing data integrity and confidentiality of personal data. site, and whenever he or she asks, tell as well as physical and logical secu- him or her who you are, what data rity of the network and of the serv- 5. Do not read, modify or delete you collect, process and store, in ices provided over the network. messages sent to others. what way, for what purpose and for 2. Inform users of privacy risks pre- 6. Do not allow any interference how long you keep them. If neces- sented by use of the Internet before with the contents of communica- sary, ask for his or her consent. At they subscribe or start using serv- tions, unless this interference is pro- the request of the person concerned, ices. Such risks may concern data vided for by law and is carried out by correct inaccurate data immediately integrity, confidentiality, the security a public authority. and delete them if they are excessive, of the network or other risks to pri- out of date or no longer required and vacy such as the hidden collection or 7. Collect, process and store data stop the processing carried out if the recording of data. about users only when necessary for user objects to it. Notify the third explicit, specified and legitimate pur- parties to whom you have communi- 3. Inform users about technical poses. cated the data of any modification. means which they may lawfully use Avoid the hidden collection of data. to reduce security risks to data and 8. Do not communicate data unless communications, such as legally the communication is provided for 12. Information provided to the user available encryption and digital sig- by law. must be accurate and kept up to date. 1. Adopted on 23 February 1999. Human rights guidelines for Internet service providers 8 Freedom of communication on the Internet 13. Think twice about publishing 14. Before you send data to another fer is permissible. You may have to data on your site! Such publication country seek advice, for example ask the recipient to provide safe- may infringe other people's privacy from the competent authorities in guards necessary to ensure protec- and may also be prohibited by law. your country, on whether the trans- tion of the data. Declaration of the Committee of Ministers on freedom of communication 2 on the Internet Principle 6 – Limited Extracts from the This paragraph of Principle 6 does not prevent public authorities in liability of service Explanatory memorandum member states from obliging service providers for Internet to the Declaration on providers in certain cases, for exam- content freedom of communication ple during a criminal investigation, on the Internet to monitor the activities of their cli- Member states should not impose on ents. service providers a general obligation to monitor content on the Internet to Principle 6 – Limited liability of which they give access, that they service providers for Internet content 2nd paragraph – “Mere conduit” transmit or store, nor that of actively seeking facts or circumstances indi- Here it is established that as a gen- In the case of mere transmission of cating illegal activity. eral rule intermediaries in the com- information or providing access to munication chain should not be held communication networks, inter- Member states should ensure that liable for content transmitted mediaries should not be held liable service providers are not held liable through their services, except in cer- for illegal content. When the role of for content on the Internet when tain limited circumstances. Along intermediaries goes beyond that, in their function is limited, as defined the lines of Articles 12-15 of the particular when they initiate the by national law, to transmitting Directive on electronic commerce, transmission, select the receiver of information or providing access to the exemptions to liability take into the transmission or select or modify the Internet. account the different types of activi- the information transmitted, their In cases where the functions of serv- ties of the intermediaries, namely liability may be invoked. ice providers are wider and they providing access to communication The activity of the intermediary store content emanating from other networks, transmitting data and which is at stake here, and which parties, member states may hold hosting information. The degree of should be exempt from liability, is them co-responsible if they do not liability depends on the possibilities sometimes referred to as “mere con- act expeditiously to remove or disa- of service providers to control the duit” (cf. Article 12 of the Directive ble access to information or services content and whether they are aware on electronic commerce). as soon as they become aware, as of its illegal nature. The limitations defined by national law, of their ille- on liability do not apply if intermedi- gal nature or, in the event of a claim 3rd paragraph – “Hosting” aries intentionally disseminate ille- for damages, of facts or circum- gal content. stances revealing the illegality of the In the case of hosting content ema- activity or information. nating from third parties, intermedi- 1st paragraph – No general aries should in general not be held When defining under national law obligation to monitor liable (cf. Article 14 of the Directive the obligations of service providers on electronic commerce). This does as set out in the previous paragraph, This paragraph is based on Article 15 not apply, however, when the third due care must be taken to respect the of the Directive on electronic com- party is acting under the control of freedom of expression of those who merce. Member states should not the intermediary, for example when a made the information available in the impose any general obligation on newspaper company has its own first place, as well as the correspond- service providers to monitor the server to host content produced by ing right of users to the information. information on the Internet to which its journalists. However, if the host In all cases, the above-mentioned they give access, that they transmit becomes aware of the illegal nature limitations of liability should not or store. Nor should they be subject of the content on its servers or, in the affect the possibility of issuing to a general obligation to actively event of a claim for damages, of facts injunctions where service providers seek facts or circumstances indicat- revealing an illegal activity, it may are required to terminate or prevent, ing illegal activity, since this might reasonably be held liable. The precise to the extent possible, an infringe- have the effect of curbing freedom of conditions should be laid down in ment of the law. expression. national law. 2. Adopted on 28 May 2003. Human rights guidelines for Internet service providers 9

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.