Respect of Privacy
The implementation of social protection schemes requires collecting many types of information including that identifying beneficiaries and their dependants or carers, earnings, employers, contact details, and more. It is essential that the collection of such information is done without breaching the right to privacy. In this regard, personal information should be kept private and free from misuse and collected, in a lawful manner, only when necessary. This further requires ensuring data is collected with the knowledge and consent of the subject, is accessible to him or her, is accurate, complete and up-to-date. Access to this information should be clearly regulated and sharing of information strictly limited to exchanges necessary for the functioning of the system. Sound measures need to be put in place to ensure the security of the information stored and to prevent unauthorized access. The ILO’s Social Protection Floors Recommendation 202 (para 23) explicitly sets out that States should establish a legal framework to secure and protect private individual information contained in their social security data systems.
From a human rights perspective, transparency and access to information are critical safeguards against corruption, clientelism and wastage, and increase accountability. Beneficiaries and potential beneficiaries with limited access to information face impediments to their ability to claim their rights. Transparency and access to information should be ensured while guaranteeing the protection of privacy and personal information – based on domestic privacy law and international standards. Personal information concerning beneficiaries or potential beneficiaries of social protection programmes is highly sensitive, and has the potential to cause stigmatization or other discriminatory practices, or expose beneficiaries to personal security risks. Accordingly, social protection databases should follow strict guidelines to maintain beneficiary confidentiality.
At the regional level, the right to privacy is protected, inter alia by the African Charter on the Rights and Welfare of the Child in Article 10, the American Convention on Human Rights’ Article 11, the European Convention on Human Rights (ECHR) (Article 8), Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (EU Charter), and Article 21 of the Arab Charter on Human Rights.
One of the most detailed protections is provided by the EU Charter. Article 7 of the EU Charter states, inter alia, that everyone has the right to respect for his or her private life. Under Article 8(1), everyone has the right to the protection of personal data concerning him or her. Article 8(2) states that personal data cannot be processed without the consent of the person concerned or some other legitimate basis laid down by law.
Moreover, there are specific instruments dealing with the protection of personal data, such as the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the United Nations Guidelines for the Regulation of Computerized Personal Data Files, the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, and Council Directive 95/46, on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data (EU Data Protection Directive).
Particularly concerning are the potential risks and challenges of deploying biometric technology in social protection programmes. States must respect international human rights standards on the protection of the right to privacy in identifying beneficiaries as well as the collection, processing and storage of beneficiaries’ personal data.