States should adopt laws protecting privacy of personal information.
- Personal data shall be: (a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
- The gathering and holding of personal information on computers, data banks and other devices, whether by public authorities or private individuals or bodies, must be regulated by law. Effective measures have to be taken by States to ensure that information concerning a person’s private life does not reach the hands of persons who are not authorized by law to receive, process and use it, and is never used for purposes incompatible with the Covenant.
- In implementing these Guidelines, Member countries should: (…) b) adopt laws protecting privacy.
- The General Assembly (...) 6. Calls upon all States: (...) (g) To consider adopting and implementing data protection legislation, regulation and policies, including on digital communication data, that complies with their international human rights obligations, which could include the establishment of national independent authorities with powers and resources to monitor data privacy practices, investigate violations and abuses and receive communications from individuals and organizations, and to provide appropriate remedies.
- Citizens need to be protected in the processing of personal data particularly during the election period when large amounts of personal data are processed, including those available in the electoral registers. As regards the registers data privacy has to be balanced against the transparency required for electoral integrity.
- States should adopt strong data protection laws and update electoral and other relevant laws to limit the pervasive tracking and targeting of individuals and their activities online.