31 Governments reaffirm the reaffirm the importance of human rights based approaches to cybersecurity

In February 2020, the 31 governments of the Freedom Online Coalition (FOC) reaffirmed and expanded on the 2016 commitment they made to Human Rights based approaches to cybersecurity as embodied in the Internet free and secure recommendations and definition (see https://freeandsecure.online/recommendations)

The 31 Freedom Online Coalition governments and the Freedom Online Coalition multistakeholder Advisory Network determined that it was necessary to reaffirm and expand on the FOC’s commitment given that “new cybersecurity challenges have emerged” including a “rapid increase, persistence and relentlessness of malicious cyber activities against governments, the private sector and civil society”.

The statement includes a set of recommendations addressed to states, as follows:

FOC affirms the recommendations of the FOC working group on human rights based approaches to cybersecurity and the Tallinn Agenda, which confirmed  that  the  same  rights  that  people  have  offline  must  also  be  protected  online  and  that respect  for  human  rights  and  security  online  should  be  treated  as  complementary  concepts,  and  recommends the following:

  • States need to comply with  their  obligations  under  international  human  rights  law  when  considering, developing and applying national cybersecurity policies and legislation.
  • States need to develop and implement cybersecurity-related laws, policies and practices in a manner consistent with international human rights law, and seek to minimise potential negative impacts on vulnerable  groups  and  civil  society,  including  human  rights  defenders  and journalists.  This includes building, where appropriate, supporting processes and frameworks for transparency, accountability, judicial or other forms of independent and effective oversight, and redress towards building trust. It may also include embedding the principles of legitimacy, legality, necessity or proportionality into policy and practice.
  • Cybersecurity-related laws, policies, and practices should be developed through ongoing open, inclusive, and transparent approaches that involve all stakeholders.
  • States should promote international cooperation on cyber issues that focuses on protecting and upholding human rights in order to build mutual trust between all stakeholders.
  • States should seek to implement the rules, norms and principles of responsible State behaviour contained in the (2010, 2013, 2015) consensus reports of the UNGGE.
  • States should find ways to draw attention to acts contrary to these rules, norms and principles of responsible State behaviour in order to increase accountability, transparency and help build patterns of responsible behaviour.
  • As humans are  directly  impacted  by  potential  threats  in  cyberspace,  including  cyberattacks,  due attention should be paid to the human dimension of cybersecurity. This includes direct and indirect harm to individual well-being manifesting itself in a range of ways including loss of life, loss of access to vital services, financial loss, undermining of democratic institutions and processes, suppression of the rights to freedom of expression and freedom of association, and failure to respect the right to be free from arbitrary or unlawful interference with privacy, etc.
  • In compliance with best practice data protection laws and regulations, States should consider, as appropriate, collecting and sharing data, as well as funding research, on the nature and scale of these aforementioned  harms,  to  underpin  and  drive  a  human-focused  international  cybersecurity capacity building agenda.
  • States should encourage education, digital literacy, critical thinking, information exchange and technical and legal training as a means to improve cybersecurity and build collective capacity at local, regional, and global levels.
  • States should encourage  private  sector  actors  to  adhere  to  the  UN  Guiding  Principles  on  Business and Human Rights, to improve their accountability and to share best practices in this respect and help to share lessons learned.
  • States should encourage private sector actors to promote and practice good cyber hygiene.

The full statement can be found here: