Abstract:
Privacy is considered as an important human right, and should accordingly be
protected by States. Given the lack of a uniform and binding international order for
cyber security and data protection, privacy in the online environment is often
vulnerable to abuse by a variety of actors, including private international entities such
as Facebook and Google. Data protection laws differ from state to state, which may
result in inconsistent practices being carried out by international companies. There is
a call for States to develop a uniform international order to regulate the internet and
information and communications technology law. Thus the main question of this
study is whether there exists an international standard of data protection that gives
effect to online privacy protection, and which can be enforced. Such an international
standard would be enforceable if it has become a rule of customary international law,
as prescribed by the Statute of the International Court of Justice.
The basic privacy protection standards provided by international organisations are
often non-binding and are understood and implemented differently across States.
Therefore, a comparison is drawn between these basic privacy protection standards
provided by international organisations, as well as the various legal frameworks of
States pertaining to online privacy protection or data protection. This exercise
establishes that there may be a customary international rule that recognises online
privacy protection and prescribes a certain standard of data protection.
This study further investigates how an international standard can directly bind both
states and private entities in a dynamic legal field such as internet law. Enforcement
of online privacy may require one to look beyond the traditional division between
states and private entities in international law as the internet goes beyond territorial
jurisdiction.
