Morocco (PI) – This week, from 17th-20th October 2016, the Kingdom of Morocco will be hosting the 38th International Conference of Data Protection and Privacy Commissioners (ICDPPC).
And two scenarios could play out…
Scenario one — like many other occasions, this will be used as wonderfully strategic PR stunt, whereby participants will be whisked directly from the airport to their hotel to the conference venue, and will be enchanted by the genuinely warm Moroccan hospitality. But they will leave with little or no clue of the grave human rights situation in Morocco. We are especially focused on the right to privacy (but that is not to detract from the wider human rights issues that Morocco must deal with).
Scenario two — it could be used as an opportunity for attendees and privacy protectors across the world to learn more about the countries they work with, and to shine a light on the Moroccan government’s attitude to the privacy of the Moroccan people, and urge reform.
As optimists, we sincerely hope for the latter.
Over the years, there have been significant global progress on the protection of privacy through legislation. On paper the Kingdom of Morocco is exemplary in this regard: it has a Constitutional right to privacy, a data protection framework, a data protection authority, and has ratified Convention 108 of the Council of Europe.
And yet, as is the case in many other parts of the world, the reality falls considerably short of the rhetoric.
Crackdown on civil society
In October 2015, seven activists and investigative journalists were brought before the Tribunal of First Instance of Rabat and charged with ‘using foreign funding to undermine State security’, a charge that carries up to five years in jail. The charges were widely seen as politically motivated. These individuals were known defenders and promoters of freedom of expression and privacy in Morocco. They were engaging in incredibly important work to raise awareness, in particular within their communities, on the right to privacy by supporting the development of advocacy strategies and tools to expand the reporting on government surveillance policies and practices. The trial has been postponed three times already in the last year, and the next hearing has been schedule for 26th October 2016.
This is just one of many examples that highlight the chasm between the policy and practice.
The limits placed on people’s democratic rights, coupled with aggressive abuse of their human rights, have been well documented and expressed by a variety of authoritative sources including Human Rights Watch, Amnesty International, and Reporters Without Borders. We have ourselves been the target of such attacks. On two occasions, events organised by Privacy International with and by its local partners were shut down by the police, forcing the events to be re-located or cancelled. Furthermore, at the locally-hosted launch of a report published Privacy International, the Ministry of Interior proceeded with an act of intimidation designed to silence civil society and stifle legitimate criticism of the Moroccan government.
We cannot remain silent in light of the life-changing consequences such arbitrary practices have on the lives of human rights defenders in Morocco and worldwide.
This is why we welcome the Resolution on Human Rights Defenders adopted on 18th October 2016 at 38th International Conference of Data Protection and Privacy Commissioners. The Resolution reaffirms the important role that human rights defenders play in ‘building a solid, lasting democratic society” and “in the process of fully achieving the rule of law and the strengthening of democracy”. In particular, we are pleased to note the commitment the ICDPPC undertakes to further consider the issues affecting human rights defenders in the context of privacy and data protection in future conferences. Human rights defenders play an essential role in researching and engaging in debates about the role of surveillance in our societies, and our participation should be encouraged. The adoption of this resolution is an important opportunity for these concerns to be addressed by the international community and recommendations put into action.
Shortcomings of data protection framework
With regards to the data protection legal framework there are some serious shortcomings. The data protection authority, la Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP), does not exercise monitoring or regulation on the processing of data involving state security, defence, public safety or criminal offences. Considering the surveillance capabilities and ambitions of the Moroccan government, this is clearly an intentional oversight. For instance, the Moroccan government is a keen promoter of national IDs and biometric databases. Yet the CNDP has not pronounced any thoughts on this infrastructure, even though it has significant implications for people in Morocco, in particular in restricting access to public service and economic opportunities.
One item on the international conference’s agenda is the interoperability of data protection law. We recommend that the conference should ideally address the existing national shortcomings as it proceeds with these discussions. Such developments must be used as an opportunity to raise the bar and implement high national data protection standards.
Communications surveillance: arbitrary and unregulated
Civil society organisations, independent media, and international human rights organisations regularly point to the discrepancy between the law and its application and there have been numerous reports from journalists and human rights defenders of on-going arbitrary and unlawful surveillance.
Some of our concerns include:
– Increasing reports of journalists, political activists, and human rights defenders having been unlawfully subjected to surveillance, detained, prosecuted on politically motivated charges, tortured and ill-treated.
– Lack of effective oversight of surveillance by law enforcement and intelligence agencies, given the limited publicly available information on their mandates, remits and powers;
– The full extent of the surveillance apparatus remains unknown but there is evidence of the expanding surveillance capabilities;
– The vague legal framework on encryption, which could be interpreted in a way that would criminalise personal use of encryption;
– Threats to anonymity with measures in place including mandatory SIM card registration;
Given that reconciling security and privacy has been set as key areas of focus for this year’s ICDPPC, this provides a unique and much needed opportunity to discuss some of the aforementioned concerns. And ask ourselves challenging questions: whose security are we really talking about? The security of those in power to maintain themselves in power or the security of citizens?
If these concerns fall on deaf ears of the international data protection community, Privacy International, with the essential support of local expertise, will continue with its effort to raise its concerns in other forums. Later this month, the UN Human Rights Committee will review the Kingdom of Morocco’s implementation of the International Covenant on Civil and Political Rights, which under Article 17 provides for the right of every person to be protected against arbitrary or unlawful interference with their privacy, family, home or correspondence as well as against unlawful attacks on their honour or reputation.
In 2017, the Kingdom of Morocco will be subject to scrutiny of the Human Rights Council through the 27th session of the Universal Periodic Review Working Group. Privacy International is preparing itself to engage in this process and has just submitted its stakeholder report on the right to privacy in Kingdom of Morocco.
Submission to the 116th Session of the UN Human Rights Committee https://www.privacyinternational.org/sites/default/files/HRC_morocco.pdf
Stakeholder report to the 27th Session of the Universal Periodic Review Working Group https://www.documentcloud.org/documents/3145724-UPR27-Morocco.html
This report prepared by Alexandrine Pirlot de Corbion for Privacy International.