Affirming that privacy is a fundamental human right set out in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other human rights instruments and national constitutions;

Reminding the EU member countries of their obligations to enforce the provisions of the 1995 Data Protection Directive and the 2002 Electronic Communications Directive;

Reminding the other OECD member countries of their obligations to uphold the principles set out in the 1980 OECD Privacy Guidelines;

Reminding all countries of their obligations to safeguard the civil rights of their citizens and residents under the provisions of their national constitutions and laws, as well as international human rights law;

Anticipating the entry into force of provisions strengthening the Constitutional rights to privacy and data protection in the European Union;

Noting with alarm the dramatic expansion of secret and unaccountable surveillance, as well as the growing collaboration between governments and vendors of surveillance technology that establish new forms of social control;

Further noting that new strategies to pursue copyright and unlawful content investigations pose substantial threats to communications privacy, intellectual freedom, and due process of law;

Further noting the growing consolidation of Internet-based services, and the fact that some corporations are acquiring vast amounts of personal data without independent oversight;

Warning that privacy law and privacy institutions have failed to take account of new surveillance practices, including behavioral targeting, databases of DNA and other biometric identifiers, the fusion of data between the public and private sectors, and the particular risks to vulnerable groups, including children, migrants, and minorities;

Warning that the failure to safeguard privacy jeopardizes associated freedoms, including freedom of expression, freedom of assembly, freedom of access to information, non-discrimination, and ultimately the stability of constitutional democracies;

Civil Society takes the occasion of the 31st annual meeting of the International Conference of Privacy and Data Protection Commissioners to:

(1) Reaffirm support for a global framework of Fair Information Practices that places obligations on those who collect and process personal information and gives rights to those whose personal information is collected;

(2) Reaffirm support for independent data protection authorities that make determinations, in the context of a legal framework, transparently and without commercial advantage or political influence;

(3) Reaffirm support for genuine Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information and for meaningful Privacy Impact Assessments that require compliance with privacy standards;

(4) Urge countries that have not ratified Council of Europe Convention 108 together with the Protocol of 2001 to do so as expeditiously as possible;

(5) Urge countries that have not yet established a comprehensive framework for privacy protection and an independent data protection authority to do so as expeditiously as possible;

(6) Urge those countries that have established legal frameworks for privacy protection to ensure effective implementation and enforcement, and to cooperate at the international and regional level;

(7) Urge countries to ensure that individuals are promptly notified when their personal information is improperly disclosed or used in a manner inconsistent with its collection;

(8) Recommend comprehensive research into the adequacy of techniques that “deidentify” data to determine whether in practice such methods safeguard privacy and anonymity;

(9) Call for a moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers, and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate; and

(10) Call for the establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions.

3 November 2009
Madrid, Spain

SIGNATORIES (as of 14 October 2009)

ORGANIZATIONS

ADIAR: Asociación de Derecho Informático de Argentina (Argentina)
AEDH: European Association for the defense of Human Rights (Europe)
Ageia Densi (Argentina)
ALCEI - Associazione per la Libertà nella Comunicazione Elettronica Interattiva (Italy)
ARCH - Action on Rights for Children (UK)
Australia Privacy Foundation (Australia)
Asociación de Internautas (Spain)
Bits of Freedom (The Netherlands)
Bytes For All (Pakistan)
Consumer Federation of America (United States)
CCH: Collectif contre l'homophobie (France)
CDD: Center for Digital Democracy (United States)
CDNUA: Chinese Domain Name Users Alliance (China)
Center for Media and Communications Studies (CMCS), Central European University (CEU) (Hungary)
Consumer Focus (UK)
Consumers Korea (South Korea)
CLI: Comisión de Libertades e Informática (Spain)
CREIS: Centre de coordination pour la Recherche et l'Enseignement en Informatique et
Société (France)
CRID: Le Centre de Recherches Informatique et Droit (Belgium)
Digital Rights Ireland (Ireland)
EDRI: European Digital Rights (Europe)
EFF: Electronic Frontier Foundation (United States/International)
EPIC: Electronic Privacy Information Center (United States/International)
Foundation for Media Alternatives (Philippines)
FACT: Freedom Against Censorship Thailand (Thailand)
FSU: Fédération syndicale unitaire (France)
GISTI: Groupe d'information et de soutien des immigrés" (France)
IISI: Instituto Iberoamericano de Investigacion para la Sociedad de la Informacion (Argentina/Iberoamerica)
IP Justice (United States/International)
IRIS: Imaginons un réseau Internet solidaire (France)
ISOC PH (Philippines)
Jinbonet: Korean Progressive Network (South Korea)
LDH: Ligue des droits de l'homme (France)
NACPEC: North American Consumer Project on Electronic Commerce (Mexico)
O Núcleo de Pesquisas, Estudos e Formação da RITS (Rede de Informações para o Terceiro Setor) (Brasil)
Pakistan ICT Policy Monitors Network (Pakistan)
Privacy International (UK/International)
Privacy France (France)
Privacy Journal (United States)
Primer Palabra (Guatemala)
Quintessenz (Austria)
SAF: Syndicat des avocats de France (France)
Telecommunities Canada (Canada)
Via Libre Foundation (Argentina)
VIBE!AT - Austrian Association for Internet Users (Austria)
VOICE (Bangladesh)
World Privacy Forum (United States)

EXPERTS
Dean Anita L. Allen, University of Pennsylvania Law School (United States)
Matías Altamira - Director de la Diplomatura en Derecho y Tecnología, Universidad Blas Pascal - Córdoba (Argentina)
Grayson Barber, Esq., of Grayson Barber LLC (United States)
Dr. Ian Brown, Senior Research Fellow, Oxford Internet Institute University of Oxford (UK)
Chris Connolly, Director, Galexia (Australia)
Roger Clarke, Xamax Consultancy Pty Ltd, Visiting Professor Cyberspace Law & Policy Centre UNSW, and Chair, Australian Privacy Foundation
Paul De Hert, Professor Vrije Universiteit Brussels & University Tilburg (Belgium)
Pamela Dixon, author and researcher (United States)
William J. Drake. Senior Associate, Centre for International Governance, Graduate Institute of International and Development Studies Geneva, (Switzerland)
Dr. Jean-Marc Dinant, Senior Lecturer, University of Namur (Belgium)
David H. Flaherty, professor emeritus, University of Western Ontario; Information and Privacy Commissioner, British Columbia, Canada, 1993-99 (Canada)
Dr. Horacio Fernández Delpech, Prof. Titular de Derecho Informático en la Universidad del Salvador (USAL), Prof. Maestría en Derecho Empresario de la Universidad Austral (Argentina)
Prof. Graham Greenleaf, Professor of Law, University of New South Wales and Academic Director, Cyberspace Law & Policy Centre
Prof. Serge Gutwirth, Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel (Belgium)
CJ Hinke, Advisor, Wikileaks
Mireille Hildebrandt, Senior Researcher, Centre for Law Science Technology and Society, Vrije Universiteit Brussel (Belgium)
Dr. Kristina Irion, Assistant Professor, Central European University (Hungary)
Mag. Andreas Krisch, CEO mksult GmbH (Austria)
Cedric Laurant, Independent researcher and consultant, European
telecommunications law and Internet policy (Belgium)
Dr. Meryem Marzouki, Senior Researcher, CNRS, Computer Science Laboratory of Paris 6 (France)
Rebecca MacKinnon, Co-founder, Global Voices Online
Dr. Jean-Pierre Masse, Sociologist, Assistant Researcher CERI/Sciences
Po, Paris, France
Andrea M. Matwyshyn, Assistant Professor of Legal Studies and Business Ethics. The Wharton School, University of Pennsylvania
TJ McIntyre, Lecturer in Law, School of Law, University College Dublin (Ireland).
Erich Moechel, Mag. Phil., University of Applied Sciences Vienna (Austria)
Prof. Pablo G. Molina, Associate VP and CIO, Adjunct Professor, Georgetown University Law Center (United States)
Prof. Wolfgang Kleinwächter, University of Aarhus (Germany)
Prof. Yves Poullet, Professor, Faculty of Law, University of Namur (Belgium)
Robert Ellis Smith, attorney and publisher, Privacy Journal (United States)
Dr Dan Svantesson, Associate Professor, Bond University (Australia)
Raymond Wacks, Emeritus Professor
Nigel Waters, Principal Researcher , Interpreting Privacy Principles Project, Cyberspace Law & Policy Centre, University of New South Wales.
Prof. Hong Xue, Chair of Council, Chinese Domain Name Users Alliance (China)