Safeguards for Public-Private Surveillance Partnerships

Through our investigative work and the work of our partners around the world, PI has identified a number of issues common to public-private partnerships that involve surveillance technology and/or the mass processing of data. To address these issues, we have defined corresponding safeguards that we recommend for implementation by public authorities and companies who intend to enter into such partnerships.

As states around the world seek to expand their surveillance capabilities and harness the power of data to deliver public services, they are often tempted to use the services of private technology companies – through public-private partnerships (‘PPPs’). The fight against COVID-19, and associated urgency to find answers and solutions, has only increased the perceived need for states to use ‘innovative’ technologies and big data analytics systems developed by companies. But these PPPs are taking on a new form, diverging from traditional public procurement relationships. We observe much more co-dependency between the parties, whereby the state may be developing new systems or processes entirely reliant on the services of one company, and the company may be receiving access to data or other information for use in developing its own services. Beyond a simple “one-off” commercial relationship, these partnerships are often built over courting, promises of attaining perfect truth, and ever more private access to data – often circumventing public procurement rules and impeding on fundamental rights in the process.

The privatisation of public responsibilities can be deeply problematic if deployed without the safeguards required to ensure human rights are not quietly abused. This is particularly true when the systems deployed are used for surveillance and mass processing of personal data. Private companies have been known to play with the limits of what can legally and ethically be done with individuals’ identities and data, without the same level of accountability required of public authorities – a significant affront to fundamental rights when used to deliver a public service.

Through our investigative work and the work of our partners around the world, PI has identified a number of issues common to PPPs that involve surveillance technology and/or the mass processing of data. To address these issues, we have defined corresponding safeguards that we recommend for implementation by public authorities and companies who intend to enter into such partnerships. Classified between principles of Transparency, Adequate Procurement, Accountability, Legality, Necessity & Proportionality, Oversight and Redress, together they seek to uphold human rights and restore trust in the state’s public functions as these increasingly get outsourced to private hands. The safeguards intend to be jurisdiction-blind, so that they can apply as widely as possible across the globe. They are a living document, which we update regularly with new examples of abuse from across the world and of successful advocacy against surveillance partnerships.

The United Nations Guiding Principles on Business and Human Rights (the ‘UN Guiding Principles’), unanimously endorsed by states through the UN General Assembly in 2011, provide a clear mandate for states and companies alike to step up measures to respect, protect and fulfil human rights and fundamental freedoms, and to extend their responsibilities in this regard, including in the technology industry. The following safeguards outline what PI believes to be a reasonable framework of protections to enforce these responsibilities, and ensure that PPPs do not result in human rights abuses. PI hopes that this outline can help civil society and communities advocate for such a scheme when faced with ubiquitous deployments of technology.

Click through the various sections below to see the safeguards, issues they seek to address, and examples of abuse.

Download a fuller PDF version of the safeguards

Télécharger une version en français

Descarga la versión en español

What we want

Transparency

Public-private partnerships and the technologies they deploy are often very opaque, with states and companies withholding excessive information. But transparency is essential to enable scrutiny of the exercise of a state's powers, and is a precondition to any challenge of authority and assertion of

Adequate Procurement

States ought to adhere to certain formal processes for procuring and assessing the services of private companies for delivery of public duties. Through such processes, both the state and the company ought to perform due diligence on each other to ensure they comply with their respective human rights

Accountability

Accountability requires (1) defining the responsibilities of each party in a partnership - identifying obligations, duties and standards, and (2) designing mechanisms enabling third parties to scrutinise and challenge its consequences.

Legality, Necessity and Proportionality

The use of a private technology or system to deliver public functions must be legal, necessary to achieve a defined goal, and proportionate (any adverse impact on citizens' rights and freedoms must be justified). Any partnership must be able to show that legality, necessity and proportionality

Oversight

A public-private partnership and the technologies it deploys must be subject to continued independent oversight, to ensure they remain circumscribed to their stated purpose, to detect abuses or resulting harm, and to require redress.

Redress

Parties affected by a public-private partnership's technology must have avenues for redress. Redress mechanisms must assign responsibility between the state and the company involved in a partnership, and provide both non-judicial and judicial avenues to raise and resolve adverse human rights impacts

Featured Content

Long Read

The rise of the Surveillance Databases

Surveillance databases are on the rise all around us and with them comes a wider array of issues. Here we begin to unpack these concerns and discuss some of the prominent global drivers of this trend.

Long Read

Drawing of an ankle tag on an ankle alongside a map of the UK with data points, and dollar signs around

Who profits from the UK's 24/7 tracking of migrants?

The UK puts migrants under 24/7 GPS surveillance. As usual, private companies are outsourced to deliver this hostile policy - who are they? We've investigated.

Advocacy

Globe zoomed in on the European continent

Joint statement: EU Corporate Sustainability Due Diligence Directive must be strengthened to ensure tech sector accountability

PI joined 75+ organisations to call on EU policy makers to rework the draft EU Corporate Sustainability Due Diligence Directive so it is able to address human rights abuses in the tech sector. PI had previously made submissions to the consultation on the draft Directive proposal by the European Commission.

Advocacy

Privacy International's submission to the UN report on the application of the UNGPs to tech companies

Privacy International submitted its input to the forthcoming report by the UN High Commissioner for Human Rights (HCHR) on the practical application of the UN Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, to be presented at the 50th session of the Human Rights Council in June 2022.

Our submissions address the systemic lack of transparency and accountability of the technology industry, in particular in its relationships with governments and authorities. We recommend concrete measures to ensure human rights standards are applied and upheld in the activities of technology companies, and when their products and services are used by governments for surveillance and public decision-making.