Geneva – 19 March 2015: Deepening its reflexion on Internet and Human Rights, the Institute’s team organized a side-event during the 28th session of the Human Rights Council on the issue of the protection of personal data.

The discussion moderated by Ms. Margaux Scherrer, Project Manager at the IIPJHR, sought to explore the role of the law as well as the role of private companies in this issue.

Maître Ariane Samson-Divisia, specialist in privacy, data protection and data management at K&L Gates Law Firm, shared with the audience the results of an audit realized in 17 countries on data protection laws. The audit highlighted two tendencies:

  • A legislative convergence in favor of more protection for users and thus more legal coercions towards private companies. The latest also demonstrated a strong tendency of auto-regulation and anticipation to comply with the law.
  • An opposite movement of de-regulation from state actors using the fight against terrorism to loosen their regulations. National data protection agencies have regretted this propensity and called on states to find proportionality between liberty and security in the fight against terrorism.

Mr. Yves Nissim, Vice-President and Head of the Corporate and Social Responsibility Department at Orange Group, went through the relationship between the state and the operator first, and after, the relationship between the operator and the client.

  • He emphasized that in its relationship with the state, the operator is bound by a License Agreement reflecting local laws. This agreement specifies the process for the State to require access to private client’s data. If this process is respected, the operator is bound to give access to authorities, otherwise it can refuse. Mr Yves Nissim renewed its call on the international community and supra-national bodies to regulate and harmonize laws in this matter, adding that if the majority of the countries play fair, a minority granted themselves a direct access to the data by installing backdoors on technical equipment.
  • The relationship between the client and the operator is particularly privileged and thus requires a complete trust. Confronted with this crucial question of trust, Orange Group is developing new tools to reassure its clients. Mr Yves Nissim gave the example of the Charter for the Protection of Personal Data signed by the CEO in 2013, in which the operator binds itself to 4 commitments: security of client’s data, control of the data by the client itself through a dashboard, transparency on data’s use and support for all customers to protect their privacy and manage their data.

Overall, Mr Yves Nissim demonstrated that making efforts to achieve transparency and protection of personal data is more profitable for both the companies and the clients.

Mr. Christian-François Viala, CEO at YesProfile, presented its online platform that aims at letting individuals regain control of their personal data for monetary purposes. Indeed, YesProfile allows individuals to decide themselves which information they wish to disclose and to which brands. This information is then rented to brands in exchange for a small amount of money. YesProfile has the ambition to position itself as a viable solution for both companies and consumers using “permission marketing”. Mr Viala also presented the insurance that will soon be proposed to the public in order to protect one’s family against cyber-bullying, identity fraud, and problems of e-reputation.

Our panel of experts concluded on the idea that it is still time to design new tools for the protection of personal data, and that as mindsets are evolving, so will the companies and states’ policies.