In February 2020, the 31 governments of the Freedom Online Coalition (FOC) reaffirmed and expanded on the 2016 commitment they made to Human Rights based approaches to cybersecurity as embodied in the Internet free and secure recommendations and definition (see https://freeandsecure.online/recommendations)
The 31 Freedom Online Coalition governments and the Freedom Online Coalition multistakeholder Advisory Network determined that it was necessary to reaffirm and expand on the FOC’s commitment given that “new cybersecurity challenges have emerged” including a “rapid increase, persistence and relentlessness of malicious cyber activities against governments, the private sector and civil society”.
The statement includes a set of recommendations addressed to states, as follows:
FOC affirms the recommendations of the FOC working group on human rights based approaches to cybersecurity and the Tallinn Agenda, which confirmed that the same rights that people have offline must also be protected online and that respect for human rights and security online should be treated as complementary concepts, and recommends the following:
- States need to comply with their obligations under international human rights law when considering, developing and applying national cybersecurity policies and legislation.
- States need to develop and implement cybersecurity-related laws, policies and practices in a manner consistent with international human rights law, and seek to minimise potential negative impacts on vulnerable groups and civil society, including human rights defenders and journalists. This includes building, where appropriate, supporting processes and frameworks for transparency, accountability, judicial or other forms of independent and effective oversight, and redress towards building trust. It may also include embedding the principles of legitimacy, legality, necessity or proportionality into policy and practice.
- Cybersecurity-related laws, policies, and practices should be developed through ongoing open, inclusive, and transparent approaches that involve all stakeholders.
- States should promote international cooperation on cyber issues that focuses on protecting and upholding human rights in order to build mutual trust between all stakeholders.
- States should seek to implement the rules, norms and principles of responsible State behaviour contained in the (2010, 2013, 2015) consensus reports of the UNGGE.
- States should find ways to draw attention to acts contrary to these rules, norms and principles of responsible State behaviour in order to increase accountability, transparency and help build patterns of responsible behaviour.
- As humans are directly impacted by potential threats in cyberspace, including cyberattacks, due attention should be paid to the human dimension of cybersecurity. This includes direct and indirect harm to individual well-being manifesting itself in a range of ways including loss of life, loss of access to vital services, financial loss, undermining of democratic institutions and processes, suppression of the rights to freedom of expression and freedom of association, and failure to respect the right to be free from arbitrary or unlawful interference with privacy, etc.
- In compliance with best practice data protection laws and regulations, States should consider, as appropriate, collecting and sharing data, as well as funding research, on the nature and scale of these aforementioned harms, to underpin and drive a human-focused international cybersecurity capacity building agenda.
- States should encourage education, digital literacy, critical thinking, information exchange and technical and legal training as a means to improve cybersecurity and build collective capacity at local, regional, and global levels.
- States should encourage private sector actors to adhere to the UN Guiding Principles on Business and Human Rights, to improve their accountability and to share best practices in this respect and help to share lessons learned.
- States should encourage private sector actors to promote and practice good cyber hygiene.
The full statement can be found here: