Business, Privacy and Human Rights: 5 Steps Every Company Should Take

This blog originally appeared in the Huffington Post.

The same week the Supreme Court voted to recognize same sex marriages, the Justices upheld another important human right: the right to privacy. On June 22, the Supreme Court struck down a Los Angeles city law requiring hotels to turn over guest information to local authorities, even in the absence of a warrant. This case was just one example of the increasing limitations of companies to protect the privacy of customer and employee when confronted with illegitimate government requests.

The case raises an increasingly important question: How should companies respect the right to privacy when local laws limit or infringe on their realization?

It is important to note that the right to privacy can be restricted when doing so is necessary to protect a legitimate public interest, such as public order or national security. In the case of Patel vs. City of Los Angeles, however, the law allowed police to require hotels to turn over guest information without having to "obtain pre-compliance review," thus potentially forcing hotels to be involved in illegitimate restrictions to their guest's right to privacy.

The hospitality industry is not alone in balancing customer privacy and government requests. The technology industry has come under fire for complying with government requests for user data. In response, many have begun to push back, seeking legislative changes that would increase protections on user data.

One reason that infringements on the right to privacy raise such concern is that they have the potential to compound. Take the example of Shi Tao, a Yahoo! user and human rights activist. Under pressure to comply with Chinese law, Yahoo! released Tao's private user-identifiable data, which led to him being imprisoned for eight years by Chinese authorities. Recognizing the increasing privacy-related risks for the industry, Yahoo! became a founding member of the Global Network Initiative -- the only multi-stakeholder initiative established to protect and advance respect for privacy within the sector.

As both the Yahoo! case and UN Global Compact Dilemmas Forum highlights, infringements on the right to privacy can lead quickly to discriminatory consequences such as arrests, detentions, and other punitive action by the state.

Given these challenges, what can business do to promote the right to privacy of their customers and employees when local laws limit and in some cases directly prohibit the realization of the right?

  1. Comply with International Law to the largest extend possible by seeking to understand the most rights-compatible interpretation of the law and insisting on due process.
  2. Develop management systems to help in determining which circumstances should compel the company to provide government access to customer and employee data.
  3. Inform stakeholders of potential risks by providing appropriate notification of the potential effects of collecting information and ensuring that customers and employees are given the choice of whether or not to disclose with their information.
  4. Avoid unnecessary collection and processing of information by limiting data collected to only those items absolutely necessary.
  5. Use leverage to push for greater legal protections for customer and employee data privacy either independently, through industry collaborations such as the Global Network Initiative, or through home country foreign offices if operating internationally.

Businesses and human rights activists alike should applaud the decision of the Supreme Court and push for further alignment between local laws and international human rights standards. In the meantime, businesses concerned about the privacy of their customer and employee data should exercise heightened due diligence so as to not become complicit in illegitimate government conduct and infringements on the human right to privacy.