Rights in the Digital Age

This report advocates for the thorough protection of fundamental human rights in the digital age, arguing that addressing rights protection at a constitutional level offers a stronger, more enduring framework for confronting emerging digital threats than ordinary legislation alone. As digital technologies increasingly influence the exercise of civil and political rights, as well as other fundamental freedoms, robust constitutional safeguards are essential for addressing new challenges—from unwarranted surveillance and censorship to algorithmic governance and data monopolies.

Enshrining digital rights in a constitution offers a uniquely durable and robust framework for safeguarding fundamental rights against novel challenges in the digital era. Because constitutional provisions are harder to amend and take precedence over ordinary laws, they help anchor protections for fundamental rights and freedoms across evolving technological contexts. By embedding digital rights in a constitution—often a nation’s most symbolic articulation of shared values—countries can ensure consistent and uniform protection across various jurisdictions, especially in federal systems, while also providing stronger checks against both governmental abuses, such as unwarranted surveillance or censorship, and potential overreach by private actors, including large technology companies or data monopolies. Beyond its legal strength, constitutional recognition sets a clear standard for ethical and accountable corporate conduct and sends a powerful signal at home and internationally that digital rights are taken seriously and safeguarded at the highest legal level.

This report examines the impact of digitalization on fundamental rights and freedoms, discussing how modern digital technologies influence fundamental rights—particularly civil and political rights—and also considers the various actors that shape these rights in the digital age, outlining ways to ensure accountability beyond traditional governance structures. It is divided into several sections that collectively provide an overview of the current landscape of digital rights issues, outlining existing constitutional protections and highlighting considerations for strengthening these protections to meet the challenges posed by the digital age.

The Introduction provides a general introduction and overview, while Chapter 1 delves into how digitalization affects core civil and political rights. This chapter includes an analysis of how freedoms such as speech, expression, association and non-discrimination are being reshaped by modern digital technologies.

Chapter 2 explores the adaptation and expansion of constitutional protections to address the novel challenges presented by digital technologies, covering a range of emerging digital rights, such as digital privacy, data protection, the right to informational self-determination, and rights related to Internet access and connectivity. The chapter also discusses rights aimed at ensuring democratic participation in the digital era and highlights the importance of new rights such as the right to digital disconnection and cybersecurity. To understand how different countries have addressed these issues in their national constitutions, the International Institute for Democracy and Electoral Assistance (International IDEA) has mapped constitutional provisions on these rights, capturing global comparative examples. Additionally, selected case law examples illustrate how courts around the world interpret constitutional rights within digital contexts, often navigating the balance between competing rights and addressing matters of public interest and security.

Chapter 3 assesses the role of new actors, particularly tech companies, and public–private partnerships in the digital domain. It discusses the horizontal application of rights as one way forward in ensuring that non-state actors that assume or are vested with quasi-state powers respect fundamental rights.

The report ends with some short conclusions in Chapter 4.

Key recommendations for policymakers and constitution builders

• Understand the impact of digital technologies and their effect on public life. As digital technologies continue to evolve and become deeply integrated into every aspect of public life, it is crucial for those involved in designing and interpreting constitutions to fully comprehend their impact and to be adequately prepared to address the challenges posed by this new digital era and to provide robust protections for human rights. By thoroughly understanding these impacts, constitutional designers and interpreters can build, expand and protect constitutional legal frameworks that are adaptable to technological advancements while upholding fundamental human rights. Such a proactive approach will ensure that constitutions remain relevant and effective in the face of rapid change, while addressing these issues at the constitutional level also sends a strong message about a nation’s commitment to protecting its citizens in the digital age. It provides a solid foundation for legislation and policies that promote not only technological innovation but also the ethical and equitable use of technology.
• Adopt a human rights-based approach to digital technologies. As digital technologies become increasingly integrated into both private and public life, the importance of a human rights-based approach, guided by international norms and national constitutional law, cannot be overstated. These technologies, ranging from artificial intelligence (AI) to cloud computing, are transforming how societies function, how governments interact with citizens, who exercises influence and holds power over people’s rights and freedoms, and how individuals conduct their daily lives. While digital innovations offer significant opportunities for economic growth, social development and improved governance, they also present profound challenges to fundamental human rights, as outlined in this report.
  At the same time, it must be acknowledged that new regulatory models, such as the European Union’s Digital Services Act (DSA), often adopt a risk-based approach that may not always place human rights at the centre. Instead, these frameworks rely heavily on corporate-driven risk assessments, which can inadvertently push rights considerations to the margins or transform them into balancing and proportionality analyses conducted behind closed doors. This tension remains slightly under-theorized, but it underscores the urgent need to ensure that human rights remain integral to any policy or regulatory approach. Without explicit safeguards and monitoring mechanisms, there is a real risk that core human rights principles may be overridden by commercial or state security interests.
• Create flexible constitutional frameworks for technological change in the digital age. In the digital age, constitutions play an increasingly crucial role in safeguarding fundamental rights amid rapid technological transformations. As societies navigate the complexities introduced by digital advancements, the need for constitutional frameworks that are both robust and adaptable becomes paramount. Constitutions must evolve to encompass new realities, ensuring that laws keep pace with technology. This means embedding principles that anticipate future technological scenarios and creating legal standards that are clear, enforceable and universally applicable. Furthermore, these frameworks must be capable of withstanding the pressures of immediate technological threats while also being flexible enough to evolve with future technological developments. This dual capacity ensures that legal protections not only respond effectively to current challenges but are also prepared for emerging issues. Applying, adapting and reinterpreting constitutional norms to the digital context ensures that these frameworks continue to uphold and protect our fundamental rights, aligning with both present needs and future uncertainties.
• Address the dual impact of technology. Digital technologies enhance our freedoms, facilitating unprecedented connectivity and self-expression, while simultaneously posing significant threats to privacy and individual rights. As these technologies advance rapidly, the necessity for stringent oversight becomes ever more apparent. It is crucial to implement robust constitutional measures that safeguard civil liberties without stifling the potential benefits of digital innovation.
• Combat rights violations and inequalities caused by digital technologies. As digital technologies advance, there is an increasing risk that they are exacerbating existing biases, rights violations and inequalities. Numerous examples illustrate how countries and other powerful actors exploit these technologies to further their agendas and undermine fundamental rights. A particularly pressing concern is technology-facilitated harms, especially gender-based violence, which directly manifests as online harassment, hate speech, stalking, hacking or the sharing of non-consensual imagery. These direct harms are compounded by indirect issues rooted in the design and operation of digital technologies, including algorithmic and data bias, as well as data security vulnerabilities (APC n.d.; EIGE 2020; OECD 2024; UN Women 2024). Such algorithmic and data-driven systems often perpetuate and even deepen gender bias (Smith and Rustagi 2021). To mention one example of technology impacting gender equality, a study conducted by the Berkeley Haas Center for Equity, Gender and Leadership analysed 133 AI-powered systems across various industries and found that approximately 44 per cent of them exhibited gender bias, while 25 per cent demonstrated both gender and racial bias (Smith and Rustagi 2021). Business models, algorithmic systems and data-driven processes frequently reflect and reinforce existing gender inequalities, limiting women’s access to opportunities, marginalizing them further or exploiting harmful gender-based norms and stereotypes (Smith and Rustagi 2021). Additionally, unequal access to and knowledge of digital technologies prevents many from fully exercising their rights and opportunities in the digital age. Therefore, strengthening constitutional frameworks to protect individual rights from digital abuses and intensifying efforts to bridge the digital divide are crucial steps towards ensuring equitable and safe access to technology for all.
• Adopt a balanced approach to safeguarding rights and addressing inequalities caused by digital technologies. As digital technologies often create tensions between rights, such as the conflict between privacy and freedom of expression or between accessibility and intellectual property rights, addressing the rights violations and inequalities brought about by digital technologies requires a careful balancing of diverse rights and interests. Different constitutional cultures approach this challenge in distinct ways. For instance, some frameworks prioritize certain rights in specific contexts, such as considering freedom of expression a foundational right due to its critical role in democratic self-governance. In contrast, other systems uphold the principle of equality among rights, treating all rights as having equal standing and avoiding a hierarchy of priorities.
  Constitution builders, policymakers and stakeholders must therefore strive to achieve context-specific solutions that respect not only democratic practices and the rule of law but also the interconnected nature of rights, which often involves applying balancing and proportionality analyses to resolve conflicts in ways that are just, equitable and reflective of local legal and cultural frameworks. 
  Moreover, a balanced approach also entails actively engaging marginalized and underrepresented groups, who are disproportionately affected by digital divides and rights violations in decision-making processes.
• Adapt constitutional norms to the digital context. Jurisprudence demonstrates that constitutional norms are increasingly being reshaped to fit the digital era. That said, substantial challenges remain when it comes to balancing evolving norms with other conflicting fundamental rights, particularly when they intersect with national security and public safety concerns. This balancing act is critical as courts work through the complexities of safeguarding rights in a time when digital technologies can both support and challenge traditional legal protections.
• Advocate for horizontal application of rights. As tech companies increasingly assume roles traditionally held by countries, discussions around the need for the horizontal application of fundamental rights are gaining momentum. Beyond their influence over personal data and public discourse and their growing involvement in public life through public–private partnerships, private companies often control critical infrastructure, including at the network or physical level of the Internet stack. Given their significant role in managing these essential services, it is crucial that companies vested with such powers adhere to fundamental rights standards by ensuring that both their operations and their control over critical infrastructure do not undermine individual rights or democratic processes.
• Harness digitalization to enhance democratic processes. Digital technologies present a significant opportunity to strengthen democratic processes by enhancing accessibility, participation and inclusivity, among other things, and as these technologies continue to evolve and integrate into public life, including democratic processes, they have made it much easier for people to engage in democracy. Harnessing the power of digitalization aligns with international commitments under the Sustainable Development Goals (SDGs), particularly SDG 16, which aims to promote peaceful and inclusive societies with participatory and representative decision making at all levels, build effective and accountable institutions, ensure public access to information and protect fundamental freedoms. By leveraging digital tools, governments can enhance transparency, improve citizen engagement and make democratic institutions more responsive.
• Elevate the role of international organizations and actors in shaping global digital governance. Ongoing efforts such as the Global Digital Compact provide crucial opportunities for countries and international organizations to shape international human rights law in the digital era. Involving a wide range of stakeholders—such as civil society, the private sector and academia—in global initiatives ensures that emerging global standards reflect diverse perspectives and expertise. The interplay between international law and constitutional law merits further exploration, as international commitments and frameworks can inspire national constitutions and offer guardrails for domestic regulatory efforts. By aligning constitutional protections with evolving global norms, countries can strengthen the protection of fundamental rights, reinforce accountability mechanisms and better respond to the rapid pace of technological change.

I.1. Definition and scope

Digital technologies have become deeply integrated into our daily lives. From social media platforms and big data analytics to AI and the Internet of Things (IoT), these technologies have permeated almost every aspect of our private and public life. They not only influence personal and professional communications but also have a profound impact on many crucial sectors, such as commerce, governance, education and healthcare. Discussions around digital rights have become more prominent as incidents of data breaches, surveillance, censorship and digital exclusion highlight the vulnerabilities and challenges in protecting these rights.

The integration of digital technologies into everyday life raises critical questions about how traditional rights and freedoms are preserved and protected in the digital age, and governments, legal scholars and civil society organizations are increasingly focusing on how to adapt existing legal frameworks to ensure that constitutional rights are upheld in the face of rapid digital technological advancements.

I.1.1. Defining digital rights

The United Nations has been at the forefront of promoting digital rights, emphasizing their importance as extensions of fundamental human rights. Grounded in the Universal Declaration of Human Rights (UDHR) and the International Covenant on Civil and Political Rights (ICCPR), the UN’s efforts focus on ensuring that human rights are upheld in a digital environment. In 2012, 2014 and 2016, the UN Human Rights Council passed resolutions emphasizing that the same rights that people have offline must also be protected online, implying that, rather than defining new rights for the online space, the UN advocates for the application and extension of existing human rights to the online realm (United Nations General Assembly 2016).

Following this approach, this report defines digital rights (or rights in the digital era) as those rights that are directly or indirectly affected by the growing integration of digital technologies into private and public life. In other words, digital rights are not wholly new entitlements; rather, they represent an adaptation or expansion of existing constitutional guarantees to address emerging challenges posed by modern data-driven and online realities. For instance, the right to privacy is tested by pervasive data-collection practices, while freedom of expression faces new constraints through Internet shutdowns or the moderation of social media content. These evolving dynamics also give rise to newer concepts such as the right to be forgotten, digital connectivity and cybersecurity.

By this definition, many foundational rights—such as privacy, freedom of expression or due process—already exist in constitutions worldwide. However, the digital environment demands a renewed articulation or reinterpretation of these rights to ensure that they remain effective in an age of mass data collection, algorithmic governance and platform monopolies. Consequently, constitutionalizing digital rights does not necessarily imply inventing them from scratch. Instead, it means updating, reframing or clarifying how well-established rights apply in an increasingly digital world.

I.1.2. Global frameworks for digital rights

There have been numerous initiatives to create guidelines and frameworks for digital rights, often in the form of Internet or digital bills of rights or charters that provide sets of norms and principles for the digital era. These initiatives can broadly be categorized into those led by non-governmental organizations (NGOs) and those spearheaded by institutional bodies.

Prominent among NGO-led efforts to establish digital rights frameworks is the Charter of Human Rights and Principles for the Internet, developed by the Internet Rights & Principles Coalition. This Charter outlines 10 fundamental Internet rights and principles, further elaborated in 21 detailed articles (Internet Rights & Principles Coalition n.d.). Similarly, the Association for Progressive Communications’ Internet Rights Charter (APC 2024) categorizes 31 rights into seven distinct themes, providing a comprehensive guide for digital rights advocacy.

In terms of regional initiatives, the African Declaration on Internet Rights and Freedoms Coalition stands out as a significant example from Africa, which comprises various civil society organizations across the continent that collectively advocate for human rights standards and principles of openness in Internet policy formulation and implementation, calling for a digital rights framework tailored to the specific contexts and needs of African societies (African Declaration on Internet Rights and Freedoms Coalition 2014).

In contrast, institutional initiatives include frameworks developed by governmental or intergovernmental organizations. For example, the European Declaration on Digital Rights and Principles for the Digital Decade, adopted by the EU, sets out key principles to guide the digital transformation in Europe, emphasizing rights such as privacy, freedom of expression and access to digital services. Similarly, the Ibero-American Charter of Principles and Rights in Digital Environments (Carta Iberoamericana de Principios y Derechos en los Entornos Digitales), endorsed by the Ibero-American General Secretariat, outlines principles and rights in digital environments for the Ibero-American region (SEGIB n.d.).

Numerous similar charters exist. In a comparative analysis of Internet governance principles, the UN Educational, Scientific and Cultural Organization (UNESCO) identified over 50 specific declarations and frameworks related to the Internet (UNESCO 2015). The Berkman Klein Center for Internet & Society recognized 30 initiatives and compiled a list of 42 rights, organized into seven themes: (a) basic or fundamental rights and freedoms; (b) general limits on state power; (c) Internet governance and civic participation; (d) privacy rights and surveillance; (e) access and education; (f) openness and stability of networks; and (g) economic rights and responsibilities (Gill, Redeker and Gasser 2015).¹

This report explores the impact of digitalization on fundamental rights in terms of the role of both state actors and non-state actors, such as tech companies and online platforms.² As the free exercise of fundamental rights is fundamental to democracy, this exploration delves into how digital technologies serve as both enablers and contesters of these rights. Chapter 1 of the report discusses the impact of digitalization on existing civil and political rights, including freedom of speech, freedom of association, the right to non-discrimination and the right to access government information (online). Chapter 2 then explores the adaptation and expansion of constitutional protections to meet the demands of the digital age, discussing rights such as digital privacy, data protection, and the emerging discourse around new rights such as digital disconnection and cybersecurity. Various case law has been selected to exemplify how courts around the world have interpreted and applied the constitutional law protecting these rights and freedoms. Chapter 3 assesses the roles of new actors and public–private partnerships in this context, discussing the application of constitutional fundamental rights horizontally as a way forward.

By addressing these issues, the report outlines both the opportunities and risks associated with exercising rights in the digital age, advocating for comprehensive legal protections, ideally enshrined in a nation’s highest law—the constitution—and the application of law to protect fundamental rights in the digital context. Such an approach will ensure that the evolution of digital societies progresses with a firm commitment to respecting fundamental human rights and upholding democratic principles at its core.

I.2. Setting the scene

In the rapidly evolving digital age, rights that have been enjoyed offline are increasingly challenged in the online sphere. Digital rights encompass a broad range of human rights, including freedom of expression and assembly, the right to privacy, the right to access information and the right to self-determination, among others, as outlined in Chapter 1.

As governments increasingly adopt digital technologies for governance, security and public administration, their actions also have profound implications for fundamental rights. The advent of state-operated digital surveillance systems, for instance, has increased concerns about privacy breaches and the potential for government overreach. Similarly, state censorship and Internet shutdowns severely restrict freedom of expression and the right to information, undermining the democratic principles they are supposed to uphold.

According to the latest ‘Freedom on the Net’ report by Freedom House, Internet freedom declined for the 14th consecutive year in 2024 (Funk, Vesteinsson and Baker 2024). A record number of national governments blocked websites featuring non-violent political, social or religious content. Of particular concern are network shutdowns, where authorities force Internet or social media service providers to suspend operations, often during politically sensitive times such as elections.

National security concerns frequently outweigh the rights to privacy and free expression. The World Economic Forum (Kaspersen 2015) notes the ongoing challenge of balancing security measures with the fundamental principles of democratic systems, including free speech, freedom of assembly and the right to privacy. As nations confront domestic and international threats, the tension between maintaining security and protecting individual rights becomes more pronounced.

The concentration of digital services, including public ones, in the hands of often a few major tech companies exacerbates the problem. These companies have extensive access to data flowing through the Internet, in areas such as banking, healthcare and personal communications. Furthermore, as online platforms wield significant market power, acting as gatekeepers that limit competition and make it difficult for users to switch platforms, their control over content distribution, driven by profit motives rather than a desire to disseminate information, not only reduces the diversity of information but also enables them to influence public opinion by controlling what content users see (Article 19 2021). The rise of disinformation, partly due to business models maximizing user engagement through algorithm-based content curation, complicates this issue, as the responsibility for managing misinformation remains unclear. While these online platforms face criticism for their role in spreading false information, efforts to curb this phenomenon must be balanced against the risk of infringing on free speech.

On the positive side, certain digital processes can lower barriers to democratic participation. For instance, online voter registration and digital platforms providing information about candidates and issues can simplify processes that might otherwise be time-intensive or geographically restrictive. In some cases, remote voting technologies extend electoral participation to individuals living abroad or in remote areas or to those with disabilities (see Heinmaa and Kalandadze 2020; Pratama and Salabi 2020; International IDEA 2024a; Juneja 2024). Moreover, the Internet has expanded the possibilities for political debate—at least in principle—by enabling diverse groups of people to engage in discussions about policy and governance.

However, the broader democratic impact of digitalization is far from settled. While the number of participants in public discourse may have grown, the quality and nature of that discourse often suffers. Social media platforms, for example, can amplify hate speech, misinformation and polarizing content, eroding the potential benefits of heightened participation. In other words, while specific digital tools can indeed facilitate voter engagement and public debate, worrisome social dynamics—such as echo chambers and extreme partisanship—can undermine the overall goal of constructive democratic dialogue. As a result, any consideration of digital rights must also address the impact that these new communication spaces have on the substance of public discourse, not just the number of people involved.

To fully realize any of these benefits, it is crucial to guarantee unhindered Internet access, strong digital infrastructure and widespread digital literacy. Ensuring that digital technologies are inclusively designed, developed and applied helps prevent the exacerbation of existing inequalities, particularly for marginalized groups and women. Special attention must address gender-specific harms, such as targeted online harassment, surveillance and data misuse, which disproportionately impact women and gender minorities. Additionally, strong cybersecurity measures are crucial for protecting data integrity and upholding democratic processes.

This report, therefore, seeks to map out how digital rights—as rights in the digital era—are essential for maintaining the freedoms underpinning democratic societies and why this issue should also be discussed on a constitutional level. Digital rights ensure that individuals can freely express their opinions, access information, and maintain privacy and autonomy in their digital interactions. It is also important to note that the digital revolution has not reached everyone equally. While some areas of the world enjoy constant connectivity and the latest technological advancements, many regions remain significantly underserved, with limited or no access to the Internet and modern digital technologies. Furthermore, another significant barrier for many people is their inability to use digital technologies or access the opportunities digital technologies can provide because they lack digital literacy.

These gaps suggest the need to expand existing rights—or even create entirely new ones, such as a right to digital participation and education, a right to remain offline or a right to cybersecurity. This report does not offer a single definitive solution. Instead, it explores three key questions: Are current rights and constitutional principles flexible enough to address today’s digital challenges? Do we need to introduce new, technology-specific rights? Or should we rethink how existing rights—and the legal categories they occupy—apply in the digital era? For example, freedom of expression has traditionally been justified by the idea that a so-called free marketplace of ideas allows the best ideas to win out. On the Internet, however, the sheer volume of new information produced every day makes it impossible for individuals to sift through everything on their own. Instead, we rely on intermediaries like social media platforms and search engines to filter and organize information.

Because these intermediaries have immense control over what information we see, relying solely on constitutional protections for freedom of expression may no longer be enough to safeguard diverse perspectives. Generally, digital technologies impact democracies and constitutional regimes in new ways, often through the unchecked influence of tech power and the absence of applicable constitutional legal measures to address these issues. As the scholar Giovanni De Gregorio (2022a: 29–30) aptly noted, ‘the protection of rights and freedoms in the algorithmic society cannot just be based on the expansionistic rhetoric of constitutional safeguards … Traditional bills of rights limit public powers and do not provide instruments to remedy the transparency and accountability gap among private actors.’ This is where other legal tools—such as antitrust laws—may also come into play. By preventing any single platform from dominating the flow of online content, antitrust measures may help maintain competition and ensure that multiple platforms and services can emerge, giving users more choice and preserving a truly open exchange of ideas.

This report aims to clarify this problem and also explores the application of constitutional rights horizontally, including how certain notions of constitutional law could inspire and guide future regulatory efforts as a potential way forward.

I.3. Frequently asked questions

Why does the report address digital rights at a constitutional level when protecting civil rights and liberties amid technological advancements is mainly safeguarded through ordinary legislation?

The report addresses digital rights at a constitutional level because it advocates for the constitutionalization of these rights. While ordinary legislation is crucial for protecting civil rights and liberties amid technological advancements, there are several reasons for embedding digital rights within constitutions.

Firstly, constitutionalizing digital rights provides stronger legal protection. Constitutional provisions hold the highest legal authority and are more resistant to change than ordinary laws, ensuring that fundamental digital freedoms are preserved against shifting political landscapes.

Secondly, constitutionalization establishes long-term principles that guide legislation and policy. Constitutions serve as enduring legal frameworks that outlast transient technologies and trends. By incorporating digital rights at this level, we ensure that future laws remain aligned with fundamental rights despite rapid technological advancements, providing a stable foundation for adapting to new digital challenges.

Thirdly, constitutional recognition of digital rights offers safeguards against government actions and overreach, including those by non-state actors when applying constitutional rights horizontally (see Chapter 3). By clearly defining these rights at the highest legal level, constitutions limit potential infringements such as unwarranted surveillance, censorship or other abuses of power in the digital realm, creating a robust check on governmental authority and protecting individual freedoms.

Moreover, embedding digital rights in a country’s constitution provides a basis for judicial review and constitutional claims as a firm legal ground for challenging violations of these rights in court. The judiciary can interpret and enforce these rights, ensuring that they are upheld and offering a mechanism for citizens to seek redress.

Addressing digital rights constitutionally also helps reduce rights fragmentation, as promoting uniform protection of digital rights across all jurisdictions within a country prevents inconsistencies that might arise from varying ordinary laws. This uniformity is essential particularly for federal countries, to ensure consistent application and enforcement nationwide.

Additionally, constitutional provisions can encourage responsibility among technology companies. Establishing clear expectations and standards for respecting user rights holds tech companies accountable for handling personal data and online interactions, which may promote greater corporate responsibility and ethical practices in the digital landscape.

Lastly, the symbolic value of constitutionalizing digital rights is significant. It demonstrates a nation’s commitment to protecting its citizens in the digital age, sending a strong message both domestically and internationally. Such a commitment reinforces the importance placed on human rights within the context of technological progress and underlines a proactive approach to emerging challenges.

Some readers may find the notion of constitutionalizing digital rights contradictory, arguing that, based on the definition of digital rights as those directly or indirectly impacted by digital technologies, most of these protections already appear in constitutions worldwide. Are we not already there in most cases? Indeed, rights such as privacy, freedom of expression and due process are frequently codified in existing constitutional frameworks. This report contends, however, that constitutionalizing digital rights does not necessarily imply the creation of entirely new rights. Instead, it means adapting or expanding existing constitutional rights to address novel challenges—like mass data collection, algorithmic governance and platform monopolies—that might not have been envisioned when existing constitutions were originally drafted.

In other words, while many foundational protections do cover the essentials of digital life, the unique nature, scale and speed of today’s technological environment often demand clearer articulation or an updated interpretation. By enshrining these nuances in constitutional doctrine, we ensure that, as technology continues to evolve, the fundamental rights we rely on remain robust, relevant and enforceable in the face of new forms of digital infringement.

Why does the report refer to non-legally binding charters, declarations and bills of rights?

While some of the documents this report refers to may not be legally binding, they often reflect emerging norms, principles and societal expectations regarding the protection of rights in the digital age. One key reason why there is currently no international treaty on digital rights is the lack of global consensus on how such rights should be recognized. Competing visions of what the Internet should look like among different nations make agreement on a binding framework virtually impossible. A second, more fundamental reason is the outsized role of private actors in shaping the Internet’s infrastructure. As a result, international norms in this sphere have largely fallen under ‘business and human rights’ frameworks, which rely on voluntary, soft-law approaches rather than formal treaties.

Nevertheless, non-binding declarations can still inspire legislative changes and influence judicial interpretations, thereby shaping the broader legal and policy debates on the subject. Additionally, such documents at the national level may entail political commitments, while regional and international documents offer global perspectives from different jurisdictions, which can help inform and strengthen international and domestic legal frameworks aiming to protect rights amid technological advancements.

By examining these diverse sources, the report aims to provide a comprehensive overview of the global discourse on digital rights, highlighting innovative approaches, including the different kinds of (legal) language used, and inspire thinking about how these (proposed) rights can be effectively protected and promoted.

Are these rights infringements new to the digital era? Is there anything different from similar infringements in previous times?

Although many of the examples of how digital technologies affect people’s rights mentioned in the report may seem familiar and not entirely new, rights infringements in the digital era are indeed novel because they occur in unprecedented ways and at an unprecedented speed and scale. The novelty of rights infringements in the digital era is particularly evident in the pervasive and often invisible nature of digital surveillance, data collection and information dissemination. Unlike the analogue era, where privacy breaches were more tangible and localized, digital technologies enable mass data collection, real-time surveillance and automated decision making on an unprecedented scale. These capabilities create new risks such as algorithm-amplified mis- and disinformation, as well as algorithmic biases, identity theft and unauthorized data sharing, which can significantly impact individuals’ privacy, freedom of expression and equality.

Additionally, the old gatekeepers (traditional media editors and broadcasters) are largely gone, replaced by online platforms that allow unfiltered, rapidly spreading content. While this change may broaden access to the public conversation, it is not easy to square with classical free-speech theories, which assume that individuals can rationally sort out what is true or false, good or bad. In a digitally driven world, algorithmic amplification and sheer volume can overwhelm users’ ability to evaluate information critically, fuelling misinformation and hate speech at speeds and scales previously unimaginable. Consequently, though digital platforms offer new opportunities for participation, they have also fundamentally changed the quality and nature of public discourse—posing significant challenges for maintaining democratic processes and preserving the original values underlying freedom of expression.

Although the core principles of rights protection remain the same, the methods and impact of infringements in the digital age are fundamentally different, which necessitates updated legal frameworks and protections to address these new realities effectively. The report highlights these novel ways in which digital technologies are impacting people’s lives and rights.

How do the rights outlined in this report relate to each other and to other fundamental rights?

The rights outlined in this report often serve as foundational rights, or ‘meta-rights’, that support and enable the effective exercise of other rights in the digital landscape. For instance, digital literacy and inclusion are essential prerequisites for the enjoyment of many other digital rights. Without adequate digital literacy and inclusive access to digital tools, individuals may struggle to benefit from opportunities to express opinions online, join digital assemblies or participate in public political life, which increasingly takes place in digital spaces. Similarly, digital literacy and inclusion are critical for accessing rights not covered directly in this report, such as the right to education, which now relies heavily on digital connectivity and resources.

Cybersecurity also functions as a meta-right by providing the secure infrastructure necessary to uphold and protect other rights, such as privacy, freedom of expression and access to information. A secure digital environment is crucial for fostering trust in digital systems, which, in turn, enables meaningful participation in digital democracy and access to public services. Without confidence that their data and communications are safe, individuals may hesitate to engage with digital services, undermining their ability to fully participate in public life or access critical information.

In other words, the right to cybersecurity helps ensure that people can exercise their digital rights safely and without fear of harm or exploitation. For example, secure access is fundamental for online education, e-government services and digital freedom of association, as these all depend on a safe digital environment. Just as a meta-right supports other rights, cybersecurity is essential for maintaining the integrity of many digital rights. If cybersecurity measures are lacking, personal data may be compromised, impacting the right to privacy and data protection. Inadequate security also risks suppressing freedom of expression, as individuals might feel unsafe sharing their views online due to concerns over potential surveillance or retaliation.

When talking about digital technologies, what types of technologies does the report refer to?

The report examines how common digital technologies have a significant impact on fundamental rights, focusing on a few key examples, including social media platforms like Facebook, Instagram and X (formerly Twitter), which use advanced algorithms and AI to curate content and influence freedom of speech, privacy and user perceptions. Furthermore, the report also considers big data analytics and targeted advertising networks that track user behaviour, affecting rights such as non-discrimination and the right to informational self-determination, and acknowledges the importance of Internet access as a tool that enables the exercise of civil and political rights online.

How was the case law selected?

The case law in the report was selected to serve as illustrative examples of how various courts around the world have addressed different legal questions related to the impact of digital technologies on protected constitutional rights. These cases demonstrate how courts have navigated complex issues, often faced with the need to balance different constitutional rights or to weigh the public interest against individual rights. It is important to note that the courts did not side with the claimant or determine that a rights infringement had occurred in every case. It should also be noted that the selected cases are not exhaustive; there are many other insightful and relevant cases that are not included in this report, and the jurisprudence is quickly evolving.³

Why is something considered a data breach or privacy violation if an individual has given consent by clicking to accept the terms and conditions?

Even when individuals have consented to the collection and processing of their data, particularly online, data breaches and privacy violations can still occur due to several factors. Firstly, individuals’ capacity to understand the terms and conditions is often limited. Individuals may agree to data collection without fully comprehending the extent of what they are consenting to. If the terms and conditions are complex or not clearly presented, consent may not be truly informed. When data is used beyond the purposes that individuals believe they have agreed to, this constitutes a violation of privacy.

Secondly, data may be used for purposes beyond what was accepted, even if initial consent was given. Consent does not grant organizations carte blanche to misuse or mismanage personal data. Moreover, if data is sold or shared with third parties without explicit consent, or used in a manner that harms the individual, it violates their privacy rights.

Finally, it is also important to recognize that individuals are often ‘forced’ to consent to data collection in order to access a service. In an increasingly digital world, where access to online services is becoming essential, this requirement can also raise ethical questions about the validity of consent. Breaches and violations occur when there is a deviation from the agreed terms, lack of adequate protection, misuse of the data or coercion in obtaining consent, all of which can happen despite initial consent.

What is the difference between the right to Internet access and the right to digital connectivity?

The right to Internet access refers to the principle that individuals should have the ability to access the Internet without restriction or censorship by governments or other entities. Meanwhile, based on how these terms are commonly used by scholars and practitioners, the right to connectivity pertains to the technical and physical capability to connect to the Internet, encompassing infrastructure such as broadband and mobile networks, service availability and the affordability of Internet access. Therefore, connectivity can be viewed as a prerequisite for exercising the right to Internet access (United Nations Human Rights Council 2022b).

The next two chapters examines the impact of digital technologies on fundamental rights. The first chapter explores the ways in which digitalization has reshaped core civil and political rights, highlighting both the challenges and the potential for enhancing these rights through technological advancements. The second chapter focuses on how constitutional protections are adapting to the digital age, including a discussion of emerging rights such as digital privacy and data protection. It also reviews innovative constitutional reforms from around the world, such as the right to Internet access and digital connectivity, as well as proposals for a right to digital education, a right to digital disconnection and a right to computer security or cybersecurity.

1.1. Online and offline: Civil and political rights affected by digitalization

As outlined in the Introduction, the growing digitalization of society necessitates a re-examination of how civil and political rights can be protected in an era defined by rapid technological change. Older forms of media—such as newspapers, radio and television—relied on broad market research and slower feedback loops to engage users. Although these forms also employed strategies to capture audience attention, their capacity to respond to individual preferences was comparatively limited.

By contrast, contemporary digital platforms and algorithms—particularly those undergirding social media—operate through adaptive, interactive feedback mechanisms that respond in real time to each user. According to Shoshana Zuboff’s The Age of Surveillance Capitalism (2019), these platforms do not merely ‘show’ content; rather, they employ ‘instrumentarian’ strategies to predict and modify user behaviour, refining the user experience to maximize engagement and advertising revenue. While both old and new media seek to capture and hold public attention, the key shift lies in the immediacy and granularity of data-driven personalization, which often proceeds without users’ explicit knowledge. This dynamic transcends the traditional ‘passive versus active’ distinction and raises new challenges for safeguarding civil liberties.

As discussed earlier (see I.3: Frequently asked questions), digitalization spans a broad spectrum of technologies, ranging from basic Internet access to complex algorithms that rank, classify and present content on social media. However, these algorithms commonly operate with minimal external oversight or accountability, largely because both the underlying processes and the data they generate remain inaccessible to researchers and regulatory bodies. This opacity intensifies concerns about how to protect fundamental rights in a data-driven environment, where decisions made by opaque systems can significantly impact individual freedoms.

In light of these developments, it is imperative to reconsider and adapt existing legal and regulatory frameworks to address the unique challenges posed by contemporary digital technologies. The following section delves deeper into these issues, emphasizing the urgency of safeguarding civil liberties in an age of ever-evolving digital innovation.

1.1.1. Freedom of speech and expression

Freedom of speech and expression is fundamental to democracy. This right not only empowers individuals to engage actively in public life, allowing for the expression of a wide range of ideas and opinions, but also facilitates democratic oversight, enabling citizens to hold public officials accountable. Indeed, without the liberty to freely seek, receive and impart opinions and ideas, a society cannot be genuinely considered democratic (Pollicino and De Gregorio 2021: 7).

For this reason, freedom of speech and expression is recognized as a fundamental human right, safeguarded by various international and regional human rights instruments. Examples include article 19 of both the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights, article 10 of the European Convention on Human Rights (ECHR), article 9 of the African Charter on Human and Peoples’ Rights (ACHPR) and article 13 of the American Convention on Human Rights (ACHR), among others.

In today’s digital age, the right to freedom of speech and expression extends well beyond traditional, analogue settings into the vast realm of online platforms—now crucial spaces for communication and information exchange. At the same time, digital repression, including censorship, surveillance and the silencing of online dissent, poses serious threats to these freedoms (Chan, Yi and Kuznetsov 2024; Gohdes 2024). For women, LGBTQIA+ individuals and ethnic minorities, these challenges often intersect with existing social inequalities, amplifying barriers to expression. Studies indicate that women face disproportionate online harassment, which can force them into self-censorship or even to withdraw from digital spaces (Posetti and Shabbir 2022). This reality undercuts the freedom of these groups to engage in public discourse and advocate for their rights. Protecting freedom of expression now requires a fresh approach that reflects the rapidly evolving digital landscape and addresses these unique challenges to inclusivity.

On the one hand, digital platforms allow for the rapid dissemination of information, enabling individuals to share and access content on a global scale, almost instantly, greatly enhancing people’s ability to exercise their freedom of expression. On the other hand, major tech companies now hold significant control over what is published on their platforms and can enforce community standards or guidelines that may restrict speech more heavily, and often also more arbitrarily, than traditional media laws would allow. Reports indicate that Meta, for instance, has unjustifiably and systematically restricted pro-Palestinian content and reduced the visibility of or suspended pro-Palestinian accounts under the pretext of community rules or algorithmic errors (7amleh 2018; Access Now 2023a; Human Rights Watch 2021; Mac 2021; The Washington Post 2021). This is just one of many examples that show that, as social media networks increasingly replace traditional media in the information field, tech companies are similarly assuming roles in shaping public opinion and exerting influence over broader constitutional and democratic processes (Amelin, Channov and Milusheva 2022).

Furthermore, countries often employ informal methods to steer platform governance, pressuring corporations through the threat of regulation or enforcement if their demands are not met (Gorwa 2024). This behind-the-scenes dynamic can prompt companies—eager to avoid legal battles, reputational damage or financial penalties—to overcompensate in their content moderation decisions, restricting certain types of speech more broadly (Sombatpoonsiri and Mahapatra 2024). In effect, public officials may gain substantial influence over online discourse without adhering to the usual legal frameworks that uphold transparency, due process and free-speech protections—further complicating the governance of digital platforms.

The regulation of freedom of speech has long been a contentious arena, where the ideal of unrestricted information flow often conflicts with democratic principles such as protections against hate speech or harmful misinformation. In the digital era, information spreads not only faster and in greater volumes but also through opaque and algorithmic mechanisms that lack transparency, making it increasingly difficult to determine how information is disseminated and amplified. At the same time, governmental efforts to regulate digital platforms risk over-censorship or the suppression of legitimate discourse.

These developments magnify threats to freedom of expression that were already familiar from the analogue era and highlight the need to adapt traditional rights to the unique challenges posed by digital technologies. In particular, freedom of expression must be safeguarded against new forms of censorship and control, such as Internet shutdowns, content filtering and algorithmic distortions—whether imposed by state or non-state actors.

However, existing 20th-century theories of freedom of expression—such as US First Amendment jurisprudence—may be insufficient for questioning certain corporate content-filtering processes or addressing subtler forms of algorithmic bias. While the First Amendment is a strong tool for challenging overt government-imposed censorship (e.g. Internet shutdowns), it does not easily extend to privately developed recommendation algorithms that can filter and shape the flow of information. Nor does it offer a clear avenue for tackling algorithmic biases rooted in corporate decision making.

In the landmark case of Reno v American Civil Liberties Union,⁴ the US Supreme Court affirmed that speech on the Internet deserves the same First Amendment protections as traditional print media (Kahn 2025). However, this ruling predates today’s sophisticated, data-driven environment and thus does not fully address the complexities of modern digital platforms. Consequently, a new or expanded theory of freedom of expression—one that accounts for the power of non-state actors and the pervasiveness of algorithmic tools—may be necessary. Although it is beyond the scope of this report to articulate such a theory in full, acknowledging this gap underscores the urgency of refining existing legal frameworks to meet the rapidly evolving realities of the digital age.

Many Internet bills of rights and digital rights charters have included provisions that reinforce freedom of expression in the virtual realm, affirming the right to disseminate diverse ideas (NETmundial n.d.; La Moncloa 2021: article XIII). Brazil’s Online Bill of Rights, for example, declares in article 2 that ‘Internet use in Brazil is founded on the basis of respect for freedom of expression’ and in article 3 affirms the ‘guarantee of freedom of speech, communication and expression of thought, in accordance to the Federal Constitution’ (Edições Câmara Brasília 2016). Nigeria’s proposed Digital Rights and Freedom Bill declared that the right to freedom of expression and opinion online also included ‘the freedom to seek, receive and impart information and ideas, regardless of digital frontiers’ (Federal Republic of Nigeria 2019: article 6[1]). The bill was passed by both houses of the National Assembly, but then-President Muhammadu Buhari declined to sign the bill into law in March 2019, arguing that it covered too many technical subjects without addressing them extensively, and that there was potential for legislative conflicts with other pending bills covering similar issues (Fowowe 2019).

As in the offline realm, freedom of expression online should be safeguarded against any unlawful government restrictions, interference or censorship (Federal Republic of Nigeria 2019: article 6[1]). The African Declaration on Internet Rights and Freedoms⁵ goes so far as to demand that countries protect freedom of speech by preventing ‘violent attacks against anyone on their territory’ to allow for the full exercise of the right to freedom of expression online. Additionally, it calls on countries to ‘create a favourable environment for participation in public debate ..., enabling [individuals] to express their opinions and ideas without fear’ (African Declaration on Internet Rights and Freedoms Coalition 2014).

While freedom of expression is not absolute, Internet bills of rights promote a delicate balance between allowing individuals to express themselves freely and safeguarding intellectual property, national security, public order and individual interests, such as data protection and protection from hate speech or abuse.

Global perspectives on the extent of freedom of expression in online content differ widely across value systems and legal cultures, highlighted by the stark contrasts between China and the United States. China’s strict online content regime utilizes a liability framework that requires platforms to proactively monitor and remove content, while employing broad definitions of harm (Pillalamarri and Stanley 2021). In contrast, the USA adopts a more permissive model, grounded in the Constitution’s First Amendment and specifically codified in section 230 of the Communications Decency Act of 1996. Section 230, often referred to as ‘the twenty-six words that created the Internet’ (Kosseff 2019), grants broad immunity to online platforms (then known as interactive computer services), ensuring that they will not be held liable for user-generated content. It immunizes platforms from traditional speech torts, such as defamation, and other civil claims that effectively treat a platform as the publisher of a user’s speech (Keller 2018). This legal framework allows both platforms and users greater freedom in sharing content online.

Beyond these polarized approaches, numerous countries in Europe and Asia pursue regulatory models that lie somewhere between the Chinese and US approaches (Pillalamarri and Stanley 2021). The United Kingdom opts for conditional immunity for online platforms, granting them immunity from liability for user-generated content only if they meet certain statutory conditions, and the Office of Communications (Ofcom), the nation’s communications regulator, has been granted authority over online speech. Ofcom’s mandate allows it to regulate online platforms by setting and enforcing standards aimed at preventing the dissemination of illegal and harmful content, including the power to create and oversee codes of practice that platforms must follow to protect users from content related to terrorism, child sexual exploitation, hate speech and other unlawful activities. Ofcom can require platforms to implement effective content moderation systems, user reporting mechanisms and transparency measures regarding how they handle online harms (United Kingdom Government 2024). Similarly, India follows a conditional-immunity approach (Pillalamarri and Stanley 2021). The EU, which has previously relied on voluntary measures, recently enacted the DSA, a landmark regulation that introduces extensive enforcement mechanisms, clarifies the liability of online intermediaries and seeks to create a harmonized framework for digital services across the EU by defining clear responsibilities for online platforms to promptly remove unlawful content. Under the DSA, online intermediaries are granted conditional immunity from liability for user-generated content, provided they comply with certain obligations (articles 4–7). For instance, article 5 specifies that hosting services are exempt from liability for illegal content if they do not have actual knowledge of the illegal activity or if, upon obtaining such knowledge, they act expeditiously to remove or disable access to the content.

Importantly, the DSA establishes specific obligations for very large online platforms (VLOPs) and very large online search engines (VLOSEs)—services that reach more than 45 million users per month within the EU (article 33)—subjecting them to stricter regulations due to their significant societal impact.

Under article 34 of the DSA, VLOPs and VLOSEs are required to conduct annual risk assessments to identify and analyse systemic risks associated with their services, such as the dissemination of illegal content, negative effects on fundamental rights and manipulation of services. They must implement appropriate risk mitigation measures, which may include adapting content moderation processes, limiting the display of certain advertisements or adjusting algorithms (article 35). Additionally, the DSA mandates that these platforms enhance transparency by providing annual reports containing clear information on content moderation policies, algorithms used for recommending content and advertising practices (article 15), including actions taken against illegal content (article 24).

Permitting broad regulatory freedoms to online platforms expands the space for free expression, reducing state interference. However, this autonomy allows platforms to impose their own regulatory standards, which might not always adhere to and arguably are not always suited to democratic principles or the rule of law. Conversely, stringent state regulation of these platforms risks government censorship of certain opinions or media—echoing historical cases where governments have controlled print media to suppress democratically legitimate speech.

The court rulings described in Boxes 1.1–1.4 not only highlight the critical importance of safeguarding fundamental rights, which in the digital age have expanded to include access to digital resources as enablers of rights and freedoms, but also emphasize that any restrictions on these rights must be grounded in laws that are clear, precise and transparent.

1.1.2. Freedom of association and assembly

The right to freedom of association and assembly empowers individuals to form communities with others with similar interests and to express collective interests and grievances. These rights are crucial for forming groups such as political parties and unions, which not only check government power but also help build a strong civil society that can influence public decision making.

The right to freedom of speech and assembly is protected by several key international instruments, such as article 20 of the UDHR, article 21 of the ICCPR, article 11 of the ECHR, article 15 of the ACHR and article 11 of the ACHPR.

The advent of digital technologies has revolutionized the way individuals communicate and interact, giving rise to new virtual spheres for social interaction, such as online communities and virtual meetings. Digital platforms have enabled the organization and execution of virtual protests. For instance, movements such as #EndSARS and #MilkTeaAlliance gained international traction through social media, where people organized rallies, shared stories and called for change, all within online spaces. During the 2011 Arab Uprisings, individuals across several countries in the Arab world used the Internet and social media platforms to organize, mobilize and sustain their protest movements (United Nations Human Rights Council 2019). By using platforms such as Facebook, X (formerly Twitter) and YouTube, protestors could bypass state-controlled media to coordinate gatherings, share live updates and expose human rights abuses to a global audience in real time. Digital mobilization was not just supplementary but central to the organization of protests, providing a new venue for assembly and association that transcended physical spaces, thus demonstrating the power of digital spaces in organizing and advocating for change (Howard et al. 2011).

While the Internet has become integral to exercising freedom of assembly, its potential is inseparable from the need to protect privacy, ensure secure encryption and safeguard online spaces from overbroad surveillance. Preventing the creation of back doors in communication systems is crucial to maintaining a safe environment for political organizing, as any tool used to monitor hateful or violent content might also be repurposed to curb legitimate protests. Similarly, mechanisms of content moderation, although essential for managing hate speech and misinformation, can inadvertently undermine the right to assembly and protest if employed without clear legal frameworks and due process. There is thus a delicate balance between combating harmful content and preserving citizens’ ability to mobilize and advocate for change online.

Various international recommendations, such as those from UNESCO (2011) and the bodies of the European Union (2023, the European Declaration on Digital Rights), affirm that the rights to freely associate, establish organizations, form trade unions and engage in peaceful assembly are equally applicable in digital spaces. UNESCO’s Code of Ethics (2011), for instance, states that ‘everyone should have a freedom of association on the Internet’ and that ‘Member States should take preventive steps against monitoring and surveillance of assembly and association in a digital environment’. Moreover, article 8 of Nigeria’s draft Digital Rights and Freedom Bill explicitly ensures the right to peaceful assembly and association online, including continuous Internet access during protests (Federal Republic of Nigeria 2019).

Overall, these frameworks and legislative initiatives emphasize that individuals are entitled to use Internet platforms and other information and communication technologies for organizing and participating in public debates. However, they also caution that strict regulation aimed at hate speech or disinformation might inadvertently stifle legitimate activism if not carefully calibrated. Hence, adapting constitutional norms to a digital society must include nuanced protections for assembly and association, balancing the imperative to prevent harm with the equally vital need to protect privacy, free expression and the right to organize, both offline and online (see more in Celeste 2022).

1.1.3. The right to non-discrimination

The right to non-discrimination is foundational to the integrity and functionality of democratic systems. It ensures that all individuals have equal access to political, social and economic opportunities, thereby supporting a fair and inclusive society.

The digital era presents unique challenges in safeguarding the right to non-discrimination, including but not limited to algorithmic bias, digital profiling, online harassment and unequal access to digital resources. In several documented cases, the use of AI or algorithms by both government and private entities in decision-making processes—such as hiring, social benefit allocation, fiscal operations, loan approvals and law enforcement—has reinforced and amplified biases, particularly concerning race, ethnicity and gender. Such systems, often trained on biased data sets, can introduce direct discrimination by using protected attributes like gender, race, religion or age to make decisions that result in unequal or less favourable treatment (European Union Agency for Fundamental Rights 2020: 69–74).

Importantly, the problem is not always that the data itself is inaccurate; rather, it can be objectively true information that records past discriminatory practices, policies and institutional realities. In these situations, the model works precisely as designed, yet produces discriminatory outcomes because it reflects pre-existing social biases. For instance, historical data on crime or recidivism rates may be influenced by long-standing patterns of over-policing or unequal sentencing. Although this historical data may be accurate, when it is used to train predictive models, the resulting decisions perpetuate discrimination (Fourcade and Healy 2024).

This challenge also arises in online services such as dating apps. Algorithmic ranking and matching can inadvertently encode prevailing social prejudices. In a majority-white user base, a tendency to dismiss people of colour or give them a low rating may translate into lower algorithmic scores and reinforce segregation in recommendations—even though the system is functioning correctly from a purely technical perspective. Consequently, the discrimination occurs upstream in the social reality the data reflects, making it difficult to address without revisiting how these models are developed and deployed (Fourcade and Healy 2024: 268–69).

AI systems can yield direct discrimination by explicitly utilizing protected attributes (e.g. gender, race, religion, age) in ways that cause unequal treatment. These systems can also bring about indirect discrimination by using proxies—which appear neutral on the surface—that correlate strongly with protected characteristics. For example, selecting specific neighbourhoods for increased police surveillance might disproportionately affect minority communities (European Union Agency for Fundamental Rights 2020: 34). Unlike human decision makers, who can be more easily monitored and corrected, algorithms and AI systems, which suffer from biases, can operate on a larger scale and produce conclusions that are often nearly impossible to understand. Even in the best scenarios, these systems tend to function in less transparent ways, making the discrimination they perpetuate more systemic and challenging to address.

A notable example from 2022 highlights the potential dangers. In the Netherlands, the tax authority implemented a machine-learning algorithm to develop a risk profile aimed at detecting possible child benefit fraud. The profile disproportionately flagged low-income and ethnic minority families, resulting in the imposition of wrongful penalties by the tax authority. The impact was severe, with people wrongly accused of fraud and driven into poverty due to repayment demands. This situation had tragic outcomes, including suicides and the placement of over 1,000 children into foster care (Heikkilä 2022).

Some scholars argue that algorithms might discriminate not only by replicating existing human biases—many of which relate to protected attributes such as race or gender—but also by acting on novel combinations of behavioural and demographic traits. Such algorithm-based discrimination could create new disadvantaged groups, necessitating a broader scope of discrimination prevention. Examples of such groups might include, for example, online gamers or dog owners (Wachter, Mittelstadt and Floridi 2017; Wachter 2020; Wachter, Mittelstadt and Russell 2021: 6).

Furthermore, digital technologies enable more invasive surveillance and data collection practices. Reported instances include cases of discriminatory profiling, where certain groups are disproportionately targeted based on their ethnicity, religion or socio-economic status (Turner Lee and Chin-Rothmann 2022). Within the Black Lives Matter movement, concerns have been raised over the allegedly disproportionate use of surveillance, such as aerial surveillance, location tracking and facial recognition, which was particularly focused on communities of colour (Turner Lee and Chin-Rothmann 2022).

The problem of profiling, particularly ethnic profiling, is especially pressing in the areas of counterterrorism, law enforcement, immigration, customs and border control (European Union Agency for Fundamental Rights 2010; Turner Lee and Chin-Rothmann 2022). Through new forms of public–private partnerships, so-called smart-border technology establishes migration and asylum management systems that include electronic monitoring, satellites, drones and facial recognition. Other technologies, such as lie detectors and iris scanning, are also reportedly used in these systems. Together, these tools not only perpetuate racial biases and discrimination, but they are also disproportionately deployed against certain groups of people (Amnesty International 2024).

In the analogue era, the widespread data collection we encounter today—carried out by both state and private entities—was not as feasible. Today’s rise of digital technologies amplifies extensive surveillance and the discriminatory practices that can accompany it. On top of this, systematic errors in facial recognition technology cause the technology to disproportionately affect historically marginalized communities. For instance, in December 2020 three Black men in the USA were wrongfully arrested due to errors in facial recognition matches (Hill 2021). Studies, including a 2018 analysis by researchers from the Massachusetts Institute of Technology and Microsoft, have highlighted these biases, showing higher misclassification rates for darker-skinned women compared with lighter-skinned men (Buolamwini and Gebru 2018). Further, a 2019 study by the National Institute of Standards and Technology found that US-developed facial recognition algorithms were more likely to misidentify Black, Asian and Native American individuals than white individuals (US National Institute of Standards and Technology 2019).

The frequent references to protection against discrimination in various digital rights charters, such as the African Declaration on Internet Rights and Freedoms, the Italian Declaration of Internet Rights, and Nigeria’s proposed Digital Rights and Freedom Bill 2019, reaffirm the importance of protecting individuals against discriminatory practices in safeguarding fundamental rights online. Moreover, the Spanish Charter of Digital Rights goes as far as to dedicate an entire paragraph to the right to equality and non-discrimination in the digital environment, highlighting the centrality of these protections in today’s digital landscape (La Moncloa 2021: article VIII).

The concept of non-discrimination is further recognized in various Internet bills of rights, particularly through the principle of net neutrality. Net neutrality ensures that all Internet traffic is treated equally, without favouring certain content, services or users over others. This impartial approach is crucial for maintaining an open and fair Internet, where users can freely access information without interference from service providers (Brazil 2014; Italian Republic 2015: article 4). As illustrated in a popular Burger King ad, net neutrality can be understood as akin to a fair pricing system, where customers should not have to pay more for faster service, just as Internet users should not experience slower access based on the content they seek (Advertising TV 2018). Promoting net neutrality supports inclusion, gender equality and the protection of marginalized groups (European Union 2023: Chapter II; African Declaration on Internet Rights and Freedoms Coalition 2014: articles 9 and 13), advocates for a multilingual Internet (United Nations 2014: article 19) and emphasizes the Internet’s role as a crucial tool for exercising fundamental rights (Italian Republic 2015: article 4 II; Celeste 2022: 186 ff.).

1.1.4. Right to access government information online

The right to information refers to the public’s right to access information held by public bodies, ensuring transparency and accountability in the public authorities’ exercise of power. This right is a crucial principle of democratic governance, as it enables citizens to participate effectively in public life, hold governments accountable and engage in informed decision making. Traditionally, the right to information focused on the public’s ability to access documents and information held by the government; however, with the expansion of digital technologies, this right now encompasses access to digital data, including government databases and other information stored digitally.

Many bills of rights and declarations already recognize the need for digital public services and transparency online (see, for example, the European Declaration on Digital Rights and Principles for the Digital Decade). With regard to freedom of information more generally, Peru passed an amendment to article 2 of its Constitution in September 2023 that strengthens citizens’ right to freedom of information (ConstitutionNet 2023).

The digital transformation of access to information also creates potential tensions with other rights. For instance, the principles of the Open Government movement and frameworks like the Model Freedom of Information Law of the Organization of American States advocate for publishing state-held data in raw and machine-readable formats (i.e. open data). While this approach increases transparency and civic engagement, it may clash with privacy protections or newer rights like the right to be forgotten. Releasing public data sets in open-data formats can inadvertently expose personally identifiable or sensitive information, creating risks for individuals—even when the initial aim is to enhance transparency. This risk is especially significant, as data that is posted online can be replicated and disseminated in ways that are difficult, if not impossible, to reverse, heightening concerns around the misuse and permanence of data. Such data might also be harnessed to train AI models (see 1.1.5: Right to a fair trial, effective remedy and equality before the law), potentially compounding existing privacy risks.

One concrete example of how open-data principles can conflict with other rights involves Indigenous data sovereignty (IDS). IDS underscores the right of Indigenous peoples to govern how data relating to their communities, lands and resources is collected, owned and applied. Although open data can foster civic innovation and public accountability, it can clash with the governance rights and cultural autonomy of Indigenous groups if information is published without their express permission. All too often, Indigenous knowledge or community data is digitized, placed into open-data repositories and subsequently reused for purposes unintended or disapproved of by those communities (Rainie et al. 2019).

From the standpoint of IDS, the right of Indigenous peoples to determine which data may be publicly released, how it can be used and whether it should be removed or withheld is not only a question of respecting cultural traditions and knowledge systems but also a matter of complying with privacy and self-determination rights that are fundamental to Indigenous communities. In this sense, the tension between open data and IDS parallels broader debates on privacy and the right to be forgotten—illustrating how data freedoms can become problematic when they extend into areas of communal identity and historical marginalization (Rainie et al. 2019).

The call for legal frameworks that enable and regulate the digital dissemination of information therefore reflects a broader recognition of the need to strike a balance between openness and privacy—ensuring that freedom of information continues to serve as a vital cornerstone of contemporary democratic governance without unduly compromising individuals’ personal data or broader rights (Celeste 2022: 26).

1.1.5. Right to fair trial, effective remedy and equality before the law

The right to a fair trial, effective remedy and equality before the law is crucial in a democracy, as it upholds the rule of law and ensures that individuals can rely on a consistent and transparent legal system to protect their rights and resolve disputes fairly. Article 8 of the UDHR states that everyone has the right to an effective remedy by competent national tribunals for acts violating the fundamental rights granted by the relevant constitution or by law (United Nations 1948). Article 14 of the ICCPR ensures that everyone is equal before the courts and tribunals and is entitled, without any discrimination, to a fair and public hearing by a competent, independent and impartial tribunal established by law (United Nations 1966).

While the integration of digital tools into judicial and administrative processes is intended to enhance efficiency, it often introduces complexities that can obstruct traditional avenues for legal recourse. For instance, the use of automated decision-making systems in determining eligibility for social benefits, loan approvals, or even law enforcement and predictive policing can result in decisions that adversely affect individuals without clear or accessible explanations. Appealing decisions made by digital systems is often more difficult than addressing mistakes made by humans, as reliance on algorithms and big data can obscure the reasoning behind decisions due to their complexity and the vast amounts of data they process. Such black box technology disables transparency and makes it impossible for affected individuals to discern why a particular decision was made, hindering their ability to prove discrimination or error. This lack of transparency extends to data collection methods, training procedures for algorithms, the data utilized in model creation and the specifics of individual consent (Burrell 2016). Moreover, the global nature of technology platforms means that data handling and processing often cross international borders, further complicating jurisdictional claims and the enforcement of legal rights.

In this regard, the use of algorithms in judicial or quasi-judicial settings is also particularly challenging for the right to a fair trial. This issue has been highlighted in various real-life cases, particularly involving recidivism prediction systems such as COMPAS, which is used in several states across the USA to assess the likelihood that a person will reoffend. An investigation revealed that COMPAS displayed racial biases, as it incorrectly predicted that Black individuals were more likely to reoffend than white individuals. This type of biased prediction can influence judicial decisions, potentially leading to harsher sentencing for minorities based on flawed risk assessments, thereby undermining legal predictability and the fairness of sentencing (Larson et al. 2016).

Particularly concerning in this regard is UNESCO’s finding that only 9 per cent of surveyed judicial operators reported that their organization had issued internal guidelines or regulations for using AI chatbots. An equally small percentage indicated that their organization had provided any AI-related training or information (Gutiérrez 2024).

Legal frameworks have also not kept pace with technological developments, making it unclear how laws apply to decisions made by algorithms. This lack of clarity can complicate efforts to challenge these decisions because it may not be clear who is responsible or how to legally attribute liability for errors (Pagallo 2013). Furthermore, algorithms and humans process information based on a fundamentally different logic. Machine-learning algorithms use complex mathematical models to detect patterns and make decisions through statistical analysis. In contrast, human decision making, particularly in legal contexts, relies more on intuition and experience, methods that lawyers are familiar with when litigating rights violations (Burrell 2016). Moreover, while legal professionals are accustomed to this intuitive human process, understanding and contesting decisions made by digital systems often requires substantial technical expertise. This level of technical knowledge is beyond what most legal professionals possess (Crawford and Calo 2016) or might implicate intellectual property issues, deterring private entities from revealing the logic and processes of their technologies (Burrell 2016).

The Spanish Digital Rights Charter has picked up on these challenges and declared that ‘transparency, auditability, explainability and traceability shall be ensured’ in the use and application of AI technologies (La Moncloa 2021: XXV 2).

As countries increasingly rely on digital tools to administer public and judicial processes, it is crucial to safeguard the right to a fair trial, effective remedy and equality before the law and to ensure predictability and certainty. The EU Artificial Intelligence Act, for example, addresses these concerns by imposing stringent requirements on high-risk AI systems, including those used in judicial and administrative processes (EU Artificial Intelligence Act: Annex III, section 8, article 6). It is imperative that legal frameworks be bolstered so that the use of such technologies will enhance rather than compromise the equitable administration of justice—a cornerstone of democratic society. People subjected to the coercive power of the state must not be subjected to automated decision-making processes whose rationale cannot be fully explained, whose transparency is lacking or whose outcomes cannot be objectively justified. The right to be treated fairly by the state is a fundamental right, and no efficiency interest on the part of the state can justify weakening or infringing upon it.

While certain rights—such as those mentioned previously—need only reaffirmation or an expanded scope for the digital age, others, particularly traditional civil and political rights such as privacy, require translation or adaptation to the digital era. These adaptations, or even expansions, are necessary to adequately protect individuals from challenges unique to the digital context.

2.1. Digital privacy

The right to privacy—traditionally understood as encompassing the privacy of communications and the home—is a foundational aspect of personal freedom and security. Historically, this right has shielded individuals from unwarranted intrusions into their personal life and communications—for example, letters and phone calls. The right to privacy is a fundamental human right recognized in numerous international legal instruments, such as article 12 of the UDHR, article 17 of the ICCPR and article 8 of the ECHR. These instruments protect the right to respect for one’s private and family life, home and correspondence, as well as the freedom from arbitrary interference and from attacks upon one’s honour and reputation. The right to privacy, a crucial safeguard for other fundamental rights—especially freedom of expression and association (United Nations Human Rights Council 2022c; Lanza 2017)—plays a pivotal role in the power dynamic between the state and the individual; it stands as a cornerstone of a democratic society (United Nations Human Rights Council 2021b: para. 6).

The digital age has transformed communication, shifting people from handwritten letters to emails and from traditional phone calls to instant messaging services like WhatsApp. While these tools offer unprecedented convenience and connectivity, they also open new channels for surveillance and data harvesting. For example, Edward Snowden’s 2013 revelations exposed the vast reach of global surveillance programmes, which intercepted millions of video chats, instant messages, Internet logs, emails and even photos shared on file-sharing platforms (Amnesty International 2015).

These revelations also illustrate how the collection of data extends far beyond traditional communications. Everyday interactions with digital devices and services—from using smartphones and wearable technology to browsing the Internet and engaging with social media—generate a continuous stream of personal data. This data is often collected, analysed and stored by companies and governments, sometimes without clear or explicit consent from individuals. Furthermore, newer types of personal data, such as genetic (e.g. DNA) and biometric data (e.g. fingerprints, iris scans), serve as unique personal identifiers. These identifiers not only raise privacy concerns for the individual but also have implications for their extended family, potentially spanning generations.

The rise of big data analytics and particularly AI has enabled the analysis of vast amounts of personal information at an unprecedented scale. These technologies can identify patterns and make inferences about personal behaviour, preferences and even future actions, which can be used for purposes ranging from targeted advertising to predictive policing. On top of that, the use of digital devices in homes, cities and workplaces (such as smart speakers and meters, connected appliances, integrated surveillance cameras) has further blurred the boundaries of privacy, making it hard to fully escape the digital space.

Smartphones have essentially become location-tracking devices, mapping users’ every move. While apps like Facebook, Google and X (formerly Twitter) are widely recognized for collecting location data, the true extent of tracking goes far beyond these platforms. Mobile networks and Internet service providers (ISPs) continuously gather metadata, including location data, every time devices connect to the Internet or make a call. Apps often subtly push users into granting permissions for location tracking or quietly extract data directly from devices (Boshell 2019). However, the stakes rise further when governments are involved. In 2013, US National Security Agency (NSA) surveillance programmes were revealed, showing how metadata was used to track individuals’ physical locations through mobile networks—transforming routine phone use into a powerful tool for global monitoring (Gellman, Soltani and Peterson 2013). This tracking, by both private corporations and state actors, uncovers not just where individuals are but also intimate details about their routines, associations and movements. Additionally, state-sponsored hacking has become alarmingly common, with much of it targeting citizen databases—further complicating the ongoing battle for data privacy (CSIS n.d.). Such practices do not stop at the borders of established democracies. In the case of Catalonia, for example, more than 60 phones belonging to pro-independence politicians, lawyers and activists were targeted, likely by Spanish Government authorities (Farrow 2022).

Amnesty International and other organizations have reported that authorities in many regions of the world have used surveillance technologies to suppress dissent and monitor individuals under the guise of security (Access Now 2023b; Amnesty International 2023). For example, there has been extensive reporting on the use of Pegasus spyware, developed by the Israeli cyber-arms company NSO Group, to spy on journalists, activists and political leaders worldwide. Notable investigations, including the Pegasus Project in 2021, revealed that the spyware was used in countries such as India, Mexico and Saudi Arabia to infiltrate the devices of hundreds of individuals, including human rights activists, journalists and other political figures (Amnesty International 2021).

The Indian Government’s use of Aadhaar, a biometric database, links biometric data with personal information. While Aadhaar has facilitated bureaucratic processes, it has also been criticized because of privacy concerns, particularly regarding the extensive collection of biometric data and personal information, as well as issues relating to how data is stored and accessed. Instances where personal information was leaked from the database have raised concerns about the potential for surveillance and the misuse of private data (Jain 2019).

Moreover, what many experts call ‘surveillance and data capitalism’ is further amplified by the global nature of the Internet. The fact that personal data can easily be transferred across national borders, often to countries with lower privacy standards or inadequate protection mechanisms, poses grave challenges to the right to privacy.

In this digital world, personal information is more vulnerable than ever, and privacy is often the first casualty.

While traditional privacy rights focus on non-interference in one’s private life and the secrecy of communications, the illustrative cases above show that the digital age tests the limits of existing legal frameworks and demands an expanded definition that includes data and metadata privacy. The UN High Commissioner for Human Rights and the Inter-American Commission on Human Rights have also noted the importance of the right to privacy for the enjoyment and exercise of other human rights, both offline and online, in our increasingly data-centric world (United Nations Human Rights Council 2021b: para. 6). Protecting this right involves addressing issues related to surveillance and data collection, data security and international data flows, as well as digital tracking and profiling (Zubenko 2023).

A crucial tool in protecting privacy in the digital era is end-to-end encryption, which ensures that only the sender and recipient can access the contents of a message. Encryption plays a vital role in safeguarding personal information against both unauthorized access by private actors and state surveillance. However, the deployment of encryption varies across digital platforms. While services like Signal and WhatsApp offer encryption by default, others, like Facebook Messenger and certain email services, may provide only partial encryption or none at all, leaving communications exposed to interception.

The use of encryption poses a key challenge for law enforcement, which often seeks access to encrypted data for legitimate purposes, such as preventing terrorism or addressing child sexual abuse material. Governments frequently push for back doors in encryption, arguing that such access is necessary for national security. Critics argue, however, that such back doors inherently weaken encryption systems, making them more vulnerable to misuse and hacking by malicious actors (Friedersdorf 2015; EFSAS 2021).

This tension mirrors broader debates over privacy and security, as illustrated in a case before the Indian Supreme Court, where petitioners challenged the constitutional validity of a governmental order based on the Information Technology Act, which allows intelligence services to intercept, monitor and decrypt digital communications and data generated, stored, shared or transmitted through digital platforms in the country. They argued that the order lacked necessary safeguards and disproportionately affected the rights to freedom of expression and privacy guaranteed in the Indian Constitution (the latter interpreted through the right to life and liberty).¹¹

In another case¹² brought before the European Court of Human Rights (ECtHR), the petitioner claimed that his Romanian employer unlawfully monitored his private messages on his work computer. He argued that his emails were protected under article 8 of the ECHR, which pertains to privacy and correspondence. The Court upheld the employer’s right to monitor staff communications but emphasized the importance of respecting employees’ privacy and correspondence rights. It stated that such monitoring is permissible only if it is transparent, proportionate and conducted for legitimate purposes.

The increased integration of AI systems into various sectors also deserves attention in discussions surrounding the right to privacy. AI has had a significant impact on the right to privacy, often intensifying and expanding potential intrusions. Aspects of privacy that are of particular importance in the context of the use of AI include informational privacy, covering information that exists or can be derived about a person and their life and decisions based on that information, and the freedom to make decisions about one’s identity (United Nations Human Rights Council 2021b: paras 12–15).¹³

AI systems rely heavily on large data sets, many of which contain personal data. This reliance incentivizes extensive data collection, storage and processing, often beyond what is necessary. Companies, particularly those operating online, such as social media platforms, collect vast amounts of data from users, which is then monetized. The IoT has also contributed to the proliferation of data collection, extending it into private and public spaces alike. The aggregation of this data by political consulting and data analytics firms, which merge, analyse and distribute it, typically occurs with minimal transparency and under weak legal frameworks. The sheer scale of these data sets, coupled with the often opaque nature of data transactions, leads to significant privacy risks, exposing individuals to potential breaches and misuse of their sensitive information (United Nations Human Rights Council 2021b: paras 12–20).

Moreover, the use of AI systems introduces complex challenges related to the right to privacy that go beyond mere data collection. AI’s ability to make inferences and predictions based on large data sets allows for the detailed profiling of individuals, potentially exposing private aspects of their lives to both corporations and governments. These systems can deduce sensitive information, such as health conditions or political affiliations, and make probabilistic predictions about future behaviours. Such inference can have profound implications, influencing decisions that affect individuals’ rights, including autonomy over one’s identity. AI systems are prone to errors, and their outputs can be affected by biased or inaccurate data, leading to decisions that may unfairly discriminate against certain individuals or groups. The opacity of AI decision-making processes, often referred to as the ‘black box problem’, exacerbates these issues by making it difficult to scrutinize and hold accountable the systems that infringe upon privacy rights (United Nations Human Rights Council 2021b: paras 2–20).

In practice, the use of AI systems has great implications for a wide range of sectors, such as law enforcement, national security, border management, public services, employment and managing information online, as thoroughly outlined in the 2021 annual report of the UN Office of the High Commissioner and the UN Secretary-General on the right to privacy in the digital age (United Nations Human Rights Council 2021a).

Several charters of Internet rights articulate and safeguard the digital right to privacy. For example, the Italian Internet Bill of Rights and Brazil’s Civil Rights Framework for the Internet advocate for consent and principles of data minimization that limit surveillance to targeted interventions and recognize the rights to anonymity and encryption online (also see Federal Republic of Nigeria 2019: article 4; La Moncloa 2021: articles IV and V). Also, the Human Rights Committee, which monitors the implementation of the ICCPR, has discussed interpreting the international human right to privacy in the context of modern challenges, including state surveillance and data protection (Office of the United Nations High Commissioner for Human Rights 1988, 2022a, 2022b, 2022c).

Furthermore, countries such as the Dominican Republic and Peru have specifically recognized the right to digital privacy in their constitutions. These principles aim to protect individuals from indiscriminate monitoring and ensure the integrity of digital communications, emphasizing the necessity of these rights in preserving the essence of privacy in the digital era.

In light of these extensive transformations—often referred to as the datafication of society—the impact on the right to privacy stems not just from surveillance and data capitalism or state monitoring but from a broader social and technological push to gather and analyse data in the name of efficiency, innovation or self-improvement. As elaborated in the next section of this chapter, on data protection, the sheer availability of data—and the incentives driving its collection by countries, corporations and even individuals themselves—demands new legal and conceptual frameworks that go beyond traditional notions of privacy.

These frameworks may need to strengthen the right to privacy vis-à-vis both public and private actors. They may also require expanding or supplementing privacy protections to guard those who wish to opt out of data-intensive systems, preventing scenarios in which they must surrender personal information or subject themselves to constant monitoring in exchange for social or economic benefits (e.g. lower insurance premiums contingent upon real-time driving data). Such developments might align with an expanded right to informational self-determination (discussed in detail in 2.4: Right to informational self-determination and the right to be forgotten), reinforcing each individual’s autonomy over how their data is collected, shared or utilized. Taken together, these measures reflect the urgent need to adapt existing legal protections to a world where data-driven governance and personal-data economies blur traditional boundaries of privacy, potentially impacting every facet of individuals’ lives.

2.2. Right to data protection and prohibition against unauthorized data collection or use

Indirectly supported by international legal provisions on the right to privacy, such as the UDHR and ICCPR, the right to data protection refers to the legal entitlement of individuals to control their personal data and safeguard it from unauthorized access or misuse (see Taylor 2020: 475–78). Personal data entails any information that can identify a person either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (European Union 2016: article 4).

As societies shift towards increasingly interconnected digital ecosystems, the essence of data protection is challenged by the vast amounts of data collected in almost every aspect of modern life, often without explicit knowledge or consent by the average person. By automating tasks that were once manual, digital tools allow for the collection and real-time processing of vast data sets with advanced analytics that increase accuracy and efficiency. Furthermore, the rise of cloud computing provides scalable and cost-effective storage and processing solutions, facilitating broader data accessibility, while AI and machine learning offer profound advancements in pattern recognition and predictive analytics.

Collectively, the use of big data analytics, AI and ubiquitous online tracking technologies undermines individuals’ ability to control their personal information. Every click, search, like and share is meticulously tracked through technologies like cookies and pixels (Silverman et al. 2022). The data users unintentionally leave behind while using these services—referred to as ‘behavioural surplus’ (see Zuboff 2019)—is harvested by companies like Google and Meta. By analysing this behavioural surplus, they gain deep insights into user behaviour, enabling them to tailor advertisements and content with unprecedented precision.

However, states also collect and process vast amounts of data for various purposes, ranging from improving administrative efficiency and public service delivery to national security and law enforcement. For example, data on employment history, family income, health status and more is collected and analysed to administer social welfare programmes such as unemployment benefits, disability assistance and food security programmes. Governments and national security agencies use surveillance systems, including closed-circuit television (CCTV) networks, licence plate readers and facial recognition technologies, and monitor communications, financial transactions and other activities to identify and prevent potential threats (United Kingdom Government 2017).

Worldwide, there have been notable cases where state actors have been accused of the unconstitutional collection of data. As revealed during Edward Snowden’s disclosures in 2013, the US National Security Agency (NSA) had been collecting the phone records of millions of Americans and foreign nationals in bulk, without a warrant or any suspicion of wrongdoing. Under the PRISM programme, the NSA obtained direct access to the servers of major US technology companies, including Apple, Google, Meta, and others. This access enabled the NSA to collect a wide range of data, including emails, chats from online communication tools, videos, photos, stored data, file transfers, video conferencing and logins. Documents suggested that surveillance data was used not only for counterterrorism efforts but also for economic espionage and political surveillance of foreign leaders and businesses, going beyond the original national security intentions (Macaskill and Dance 2013; Taitz 2023). China, perhaps the country that conducts the most extensive collection of data on its citizens, employs a vast network of CCTV cameras enhanced with facial recognition technology. The data from these cameras feeds into the social credit system, which integrates various data sources to evaluate the social behaviours of individuals and businesses. Scores from this system can have significant impacts, such as restricting access to flights and train tickets (Mitchell and Diamond 2018; Qian et al. 2022).

In addition to the threats posed by the unauthorized collection or use of data, the insufficient protection of data has become another challenge to people’s privacy in the digital age. The possibilities of the increased collection and processing of data through new digital technologies has led to an increased risk of privacy breaches and unauthorized data use. In the past decade, many databases owned by entities like the Indian Council of Medical Research and T-Mobile, along with platforms such as MySpace, X (formerly Twitter) and Yahoo, have been compromised, revealing sensitive information, including names, email addresses, telephone numbers, dates of birth and hashed passwords. In some cases, even security questions and answers have been exposed. This data has been found for sale on hacking forums and the dark web, significantly elevating the risk of phishing and other identity theft tactics (Komnenic 2024).

Many jurisdictions have passed laws on data protection, with the EU’s General Data Protection Regulation being one of the most advanced. These laws emphasize principles such as lawfulness, purpose limitation, necessity and proportionality, setting minimum standards for the retention and processing of personal data, including across borders (European Union 2016).

Many constitutions contain general provisions related to data protection, with some countries, such Cabo Verde and Greece, specifically contemplating digital data protection. Constitutions often ban the unauthorized gathering or improper handling of personal data, including by electronic means, and delineate specific categories of sensitive information that are safeguarded against collection and utilization, with exceptions for research and statistical analysis, provided that the information is anonymized. This category of sensitive data typically encompasses affiliations with political and trade unions, ideological views, religious convictions and ethnic backgrounds.

Furthermore, in the digital era, where personal data essentially extends one’s identity into the virtual realm, many constitutions, charters, declarations and legal frameworks have recognized the right to data protection as encompassing not only privacy but also the broader aspects of dignity and individual identity in the digital age (Celeste 2022: 194). For example, article 5 of the Italian Declaration of Internet Rights reads: ‘Everyone has the right to the protection of the data that concern them in order to ensure respect for their dignity, identity and privacy’ (Italian Republic 2015). Many Internet bills of rights and declarations grant individuals the ability to access, rectify, transfer and erase their data. Some go as far as to assert a right to data ownership, suggesting that personal data, despite its scattered presence across various platforms, remains an integral and inalienable part of an individual’s identity. This ownership is envisioned to persist beyond death, allowing for the transfer of an individual’s data to their heirs (Celeste 2022: 195).

Both state and non-state actors leverage technology to collect vast amounts of data, necessitating legal protections. Widespread data collection exceeding acceptable boundaries is not only a breach of privacy but also a significant risk, as demonstrated by numerous incidents of data breaches and misuse across various platforms and entities.

2.3. Right to computer security or cybersecurity

Secure information technology is crucial not only for protecting sensitive data but also for building trust in government institutions. The Center for Strategic and International Studies has documented over 900 grave cyber incidents since 2006, including state-sponsored cyberattacks on the public sector in many countries, ransomware, phishing or activities by so-called hacktivists as a form of social and political activism (CSIS n.d.).

Protecting citizens’ data builds the trust that spurs engagement with—and benefits from—digital public services. This trust is further reinforced by stringent data protection laws worldwide, which require the handling of personal data in line with high security standards, including safeguards against unauthorized access, accidental loss, or damage (State of California 2018: sections 1798.105 and 1798.140; Republic of India 2023). Additional protections include technical or organizational safeguards against unauthorized or illegal processing, accidental loss, destruction or damage (Wolford n.d.).

The inclusion of computer security and cybersecurity rights in Chile’s proposed constitution represents a notable development that signifies an evolving understanding of digital rights as fundamental to the security of citizens and trust in public systems. Similar initiatives, such as the African and Italian declarations on net security and Spain’s legislation on digital security, reinforce the critical role of strong cybersecurity measures. Ensuring that the benefits of the digital age are realized securely and inclusively not only protects individual rights but also ensures the reliable and secure growth of digital infrastructure.

2.4. Right to informational self-determination and the right to be forgotten

The concept of self-determination has long existed in various forms, traditionally relating to a person’s (or a people’s) right to determine their own political status without external compulsion or interference (Cats-Baril 2018). This right is enshrined in international law, particularly in instruments like the UN Charter and the ICCPR, which highlight the right of nations and peoples to self-determination (United Nations 1945: article 1[2]).

In the analogue era, the individual’s right to self-determination was predominantly associated with personal freedom, autonomy and privacy. Although this right included the ability to make decisions about one’s life and personal data to a certain extent, it was not explicitly articulated as such in law until the advent of detailed privacy laws.¹⁷

The digital era, however, has necessitated a more concrete definition and expansion of the right to self-determination, primarily due to the profound ways in which data is now collected, used and stored. With the ubiquity of online communication, individuals face potential infringements of their privacy and reputation from outdated or incorrect information persisting online, especially when personal data is so easily accessible and distributable across the Internet. Consequently, the digital era’s right to self-determination is somewhat new and more explicitly defined than its analogue counterpart (Vivarelli 2020). It encompasses not just the broader concept of autonomy but also specific rights to access, control, manage, correct and delete personal data, as well as to understand why and how it is collected (European Union 2016; AUDRi 2022).

Although it shares similarities with privacy rights and data protection, informational self-determination has unique attributes. It focuses on an individual’s authority over the disclosure and use of their personal data, contrasting with traditional privacy rights, which primarily focus on protection from invasive searches. Informational self-determination encompasses a broad range of rights and freedoms, including freedom of speech, the right to privacy, the right to personal data protection and the right to access public sector information, thus offering a comprehensive framework for personal autonomy in the information age (Gutwirth et al. 2009; Kodde 2016).

Several countries have already recognized the right to self-determination in their constitutions (Table 2.4).

Illustrative cases highlight how the concept of self-determination has evolved to address challenges specific to data and privacy. A foundational case is the 2014 European Court of Justice case of Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González.¹⁸ The Court’s ruling acknowledged the potential for lasting damage caused by the Internet’s perpetual memory and highlighted the right to control one’s personal information online, particularly the ability to request the correction or removal of such information from search engines under certain conditions (Crowther 2014; Allegri 2022). The judgment in this case played a significant role in the establishment of a right to be forgotten in EU jurisprudence (Crowther 2014).

In June 2023 a right to be forgotten was constitutionally enshrined for the first time in the substate constitution of the Geneva Canton in Switzerland, under the innovative right to digital integrity (Guglya 2023). This development marks a significant step in acknowledging and addressing the challenges of maintaining personal dignity and privacy in the digital age.

2.5. Right to Internet access and digital connectivity

The Internet has become a cornerstone of many people’s daily lives. It is used for a range of purposes, including communication, accessing information and knowledge, influencing economic growth, advancing education and healthcare, and enhancing democratic participation. The ability to access an unmatched breadth and depth of knowledge and data on virtually any subject breaks down barriers that once limited individuals based on geography, economic status, sex or social class.

Digital connectivity has emerged as a pivotal driver of economic development, enabling businesses to access broader markets, creating employment opportunities and playing a key role in the transition to service-oriented, knowledge-based economies. For individuals, the Internet serves as both a platform for upskilling through online education and a vehicle for entrepreneurial ventures via e-commerce. The World Bank and other international organizations have demonstrated a strong correlation between broadband expansion and gross domestic product growth in developing countries, emphasizing the economic necessity of widespread Internet access (Hjort and Sacchetto 2022). This relationship between connectivity and economic progress is also reflected in the SDGs. For example, target 9.c calls for a significant increase in Internet access globally, while target 5.b focuses on harnessing information and communication technology (ICT) to empower women, leveraging technology to advance gender equality (United Nations General Assembly 2015).

Governments worldwide are increasingly moving services online, from filing taxes to applying for permits and social benefits. Internet access supports civic participation by enabling citizens to vote, express opinions and mobilize for social causes online. In contexts where traditional media may be restricted, the Internet provides a platform for political discourse and advocacy. The Internet’s ability to fill this gap shows how fundamental Internet access and digital connectivity have become to modern societies and people’s daily freedoms.

However, Internet shutdowns continue to be a growing concern. According to data collected by the digital rights NGO Access Now, governments and other actors disrupted the Internet at least 187 times across 35 countries in 2022 alone (Access Now 2023c). Internet shutdowns frequently occur in politically sensitive times, such as during elections or in the context of protests and political crises. Authorities often refrain from publishing information about these shutdowns, deny acknowledging disruptions or outright reject having ordered any interventions (United Nations Human Rights Council 2022b: paras 20 and 24–25). The UN special rapporteur on the promotion and protection of the right to freedom of opinion and expression has documented cases such as Tajikistan blocking messaging services and social media during protests (United Nations General Assembly 2016). Similarly, Gabon has experienced network disruptions during elections, while Russia has blocked major online platforms to control the flow of information (Budnitsky 2022). These measures are seen as efforts by governments to manage public discourse, influence opinion and oppress dissent during politically significant events (United Nations General Assembly 2016).

The Office of the United Nations High Commissioner for Human Rights notes that ‘targeted shutdowns of a communications service provided through the Internet may be deemed proportionate and justifiable only in the most exceptional circumstances, as a last resort when necessary to achieve a legitimate aim, as defined by article 19 (3) of the [UN] Covenant [on Civil and Political Rights], such as national security or public order, and when no other means are effective to prevent or mitigate those harms’ (United Nations Human Rights Council 2022b: para. 13). However, ‘given their indiscriminate reach and broad impacts, Internet shutdowns very rarely meet the fundamental requirements of necessity and proportionality. Their adverse impacts on numerous rights often extend beyond the areas or periods of their implementation, rendering them disproportionate, even when they are meant to respond to genuine threats’ (United Nations Human Rights Council 2022b: para. 59).

In this context, the debate on the right to an open and interoperable Internet becomes increasingly relevant. As the world faces growing instances of Internet fragmentation—where governments or other actors deliberately limit access to or control online information—the push for maintaining an open and globally connected Internet has been more widely discussed, including by the Council of Europe and the EU (Council of Europe 2014; European Commission 2022). These discussions have included demands for an open and interoperable Internet to ensure that users, regardless of their location, can access the same information and services, protecting human rights by, for example, fostering freedom of expression, transparency and inclusivity (Global Partners Digital 2021; European Commission 2022). Furthermore, the idea of an open and interoperable Internet is seen as crucial in protecting individuals’ rights in the digital age, as shutdowns and censorship measures erode not only the freedom of expression but also economic, social and cultural rights.

While Internet shutdowns pose a significant challenge, another key issue is the disparity in access to Internet services. According to the latest data from the UN’s International Telecommunication Union (ITU), 2.6 billion people worldwide still lacked Internet access as of 2023 (ITU 2023). Although this figure represents a slight decrease from the 2.7 billion people reported in 2022, a significant portion of the global population remains offline. The ITU report also indicates significant disparities in connectivity between urban and rural areas, especially in poorer regions. Africa, for instance, continues to experience substantial challenges in digital connectivity, with only 36 per cent of the continent’s population having broadband Internet access as of 2023. Similar challenges exist in parts of Asia and Latin America, where inadequate infrastructure, affordability and a lack of digital literacy further impede access to digital technologies (ITU 2023).

Limited access to technologies and digital connectivity disproportionately affects women. Globally, Internet access is available to 63 per cent of women, compared with 69 per cent of men. Additionally, women are 12 per cent less likely than men to own a mobile phone. Factors such as race, age, disability, socio-economic status and geographic location have a significant influence on digital connectivity for women. In particular, marginalized groups of women—like older women, rural women and women with disabilities—experience acute barriers to access. Although mobile broadband reaches 76 per cent of the population in the least developed countries, only 25 per cent of women are connected, with men 52 per cent more likely than women to be online (UN Women 2023). This digital gender gap exacerbates existing social, political and economic inequalities.

Recognizing access to the Internet and digital connectivity as a right, a vital gateway necessitating freedom from interference by any third party, be it a governmental or non-state actor, may be crucial for personal and collective development. The UN Human Rights Council has emphasized that both states and companies, particularly telecommunications and Internet service providers, have responsibilities in preventing and responding to government-ordered shutdowns. Companies must take preventive measures, implement transparency mechanisms and challenge disruptions through lawful means (United Nations Human Rights Council 2022b: paras 47–51). Access to the Internet is, therefore, recognized in many Internet bills of rights as a means of engaging in social life and exercising one’s fundamental rights.

Some countries have interpreted the right to Internet access and digital connectivity as being included within existing constitutional provisions. A survey by the ECtHR reveals that the right to Internet access is protected under constitutional guarantees related to the freedom of expression and the freedom to receive ideas and information across all 20 Council of Europe member states surveyed.¹⁹ This right is seen as integral to the broader right to access information and communication as outlined in national constitutions, emphasizing both the individual’s right to participate in the information society and the state’s obligation to ensure that citizens have Internet access.²⁰

The emphasis on Internet access as an enabler of other rights and freedoms underlines the necessity of not only theoretical access but also substantive prerequisites to ensure real and effective connectivity (Çalı 2020; Celeste 2022).

2.6. Right to digital participation, literacy and inclusion

The right to public participation, recognized in many international instruments, allows citizens to engage in decision-making processes (for example, article 25 of the ICCPR). Traditionally, this right involved attending town hall meetings, voting in person and engaging in face-to-face civic activities. However, digital technologies have expanded these avenues, introducing new ways for public engagement and participation, particularly in how opinions are voiced and how electronic electoral processes function.

With the digital transformation, the scope and methods of public participation have expanded significantly. Digital platforms have made it possible for more people to engage in political discourse. Social media, blogs and forums enable users to share their opinions and news instantly with a global audience. Even governments and officials use these platforms not only to disseminate information but also to interact with the public through polls, surveys and question-and-answer sessions. For example, cities like Boston and New York used social media to engage with residents on various policies and community issues during the Covid-19 pandemic, facilitating broader and more inclusive participation (Statusbrew 2022). Unlike traditional town hall meetings, which occur periodically, online platforms facilitate continuous discussions and debates. Individuals are offered various ways to express their views, from posting written opinions and sharing video content to participating in virtual protests and signing digital petitions.

Recognizing the potential of these digital advancements, Chile’s 2022 draft constitution, for instance—though ultimately rejected—acknowledged and emphasized the digital aspects of the right to public participation.

Nevertheless, for digital democracy to be effective, countries must not only promote but also support citizens’ ability to participate digitally, anchoring this ability in the protection of fundamental human rights, including the right to participate in public life, as recognized in instruments such as the ICCPR (article 25). Replacing processes that were once analogue with their digital counterparts could essentially exclude from public participation many people who either lack access to these technologies or who lack digital literacy. Particularly in marginalized and rural areas, people are vulnerable to having limited access to public information and state services, which impacts other fundamental rights such as freedom of expression.

The UN special rapporteur for education thus advocates for a right to education that ‘include[s] digital agency as a goal, understood as the ability to control and adapt to a digital world with digital competence, digital confidence and digital accountability’ (United Nations Human Rights Council 2022a: para. 37). Also, the International Commission on the Futures of Education, convened by the director-general of UNESCO, advocates for recognition of digital literacy and Internet access as fundamental rights in the 21st century. The Commission emphasizes the importance of expanding the concept of the right to education to encompass digital competencies and access, thereby reinforcing the right to education, the right to information and cultural rights (UNESCO n.d.). Furthermore, under article 27 of the UDHR and article 15 of the ICCPR, everyone has the right to share in scientific advancement and its benefits.

Central to this digital transformation is the concept of ‘digital citizenship’. UNESCO defines digital citizenship as the ability to efficiently locate, access, use and create information; actively, critically and ethically engage with content and other users; and navigate online and ICT environments safely and responsibly, while being mindful of one’s rights (UNESCO n.d.). Other definitions of digital citizenship emphasize the importance of understanding the principles governing the digital environment and analysing the role of technology in society, its impact on daily life and its use for social engagement. A digital citizen should be able to navigate the complexities of the digital world; grasp the social, economic, political and educational implications of technology; and practise responsible stewardship of digital tools. Education and training should also focus on raising awareness and understanding of AI technologies and the significance of data (United Nations Human Rights Council 2022a).

The Constitution of the Canton of Geneva, in this light, asserts that ‘[The Canton] promotes digital inclusion and raises awareness of digital issues’, acknowledging the critical role of digital inclusivity in ensuring equitable access to public services and political participation and preventing a further exacerbation of existing inequalities (Swiss Confederation 2012: article 21[A][4]).

The European Declaration on Digital Rights, although not binding, also addresses these concerns by dedicating a chapter to solidarity and inclusion. This chapter emphasizes the importance of connectivity, digital education, training and skills, alongside fair and just working conditions, underscoring the interconnected nature of digital inclusivity and broader social and economic rights (European Union 2023).

It must be noted that the increased digitalization of education presents opportunities for and risks to the right to education. The UN special rapporteur on the right to education has addressed these issues extensively, noting that the Covid-19 pandemic accelerated the integration of digital technologies into educational strategies. This shift has introduced several key trends, including blended learning approaches that combine face-to-face instruction with computer-mediated activities, distance learning tailored for non-traditional students and those in emergency situations, and the use of AI to identify learning patterns and suggest curriculum activities.

The digitalization of education has the potential to enhance the essential features of availability, accessibility, acceptability and adaptability in education, as outlined by the Committee on Economic, Social and Cultural Rights and the special rapporteur on the right to education (United Nations Human Rights Council 2020). However, the impact of digital education on these features can vary greatly, depending on the context and the policy measures put in place to accompany this process (United Nations Human Rights Council 2022a: 6).

The Covid-19 pandemic also highlighted how increased reliance on digital education, particularly distance learning, can exacerbate pre-existing inequalities. Students often have unequal access to the Internet, adequate hardware and qualified teachers with digital skills, while teachers themselves have varying levels of proficiency in using digital technology (United Nations Human Rights Council 2022a: 11). These disparities underscore the need for careful consideration and regulation of digital education to ensure that it serves all students equitably.

2.7. Right to digital disconnection

As we navigate the expanding digital universe and the growing recognition of digital rights, we must remember that the analogue world still holds its own essential space. In the digital age, the right to connect must be balanced with the right to disconnect. The rise of digital technologies, remote work and flexible schedules has reshaped the nature of employment, bringing both benefits and new burdens. Chief among these burdens is the expectation of perpetual connectivity, which blurs the boundaries between work and personal life, ultimately affecting mental and physical well-being (Weber and Llave 2021). This blurring of boundaries has sparked a critical conversation about modern labour rights, including the right to unplug and be offline.²² Efforts to maintain boundaries between offline and online have been undertaken in countries such as France (Republic of France 2016: article 55), where laws protect employees from being contacted outside of agreed-upon hours; Italy (Italian Republic 2017: article 19.1), where the right to disconnect is embedded in labour law; and Germany, where similar protections exist (Vasagar 2013). Additionally, the European Parliament approved a report with recommendations to the European Commission on an EU-wide right to disconnect, especially in light of the increased remote work during the Covid-19 pandemic (European Parliament 2020).

The Constitutional Convention of Chile tried to introduce such a right in the country’s 2022 draft constitution, which was ultimately rejected. The draft article 46(1) created a right to disconnect, stating the following: ‘everyone has the right to work and to free choice of employment. The state guarantees decent work and its protection. This includes the right to fair working conditions, to health and safety at work, to rest, to leisure time, to digital disconnection, to guaranteed compensation and to full respect for fundamental rights in the context of work’ (Draft Constitution Chile 2022).

While the right to disconnect addresses the work environment, the broader concept of a right to be offline—seeking a balance between the digital and physical worlds—extends beyond the workplace into all aspects of life. Efforts are being made to increase access and improve digital literacy, but some argue that individuals should also have the freedom to disengage from digital tools without penalty or disadvantage (Custers 2022). This freedom particularly applies to those who find it challenging to navigate digital services, such as older adults, for whom online solutions may be cumbersome. Similarly, anyone who prefers offline interactions for personal, cultural or practical reasons should have the option to conduct their affairs without being compelled to go online.

In conclusion, while the digital age has brought unparalleled access to information and connectivity, it also necessitates a re-evaluation of human rights in the context of digital well-being and the freedom and ability to choose to abstain from digital advancements. The right to be offline may be a first step to ensuring that individuals retain the freedom to disconnect and that society values health and well-being alongside technological progress.

The list of rights mentioned in this section is not exhaustive. Other new or adapted rights for the digital age found in discussions among scholars and experts include the right to an online identity, encryption, the right to algorithmic transparency and digital consent as well as emerging discussions on net neutrality. The digital rights scholar Jun-e Tan speaks of four spheres of digital rights: (a) conventional rights in digital spaces, which include rights such as the freedoms of expression, association and assembly online and the right to non-discrimination; (b) data-centred rights, such as right to data privacy and the right to data security; (c) access to digital spaces, which includes rights such as the right to access state and other services online, the right to Internet access and the right to information; and finally (d) governance of the digital, which includes the right to participate in digital governance processes or be consulted on Internet policy issues, the latter of which is not discussed in this report (Tan 2019). This categorization also shows the difficulty of viewing digital rights in isolation, as rights in the digital era have to be approached holistically from various angles.

Traditionally, constitutions have governed countries’ internal organization, roles, powers and structures. They delineate the physical and conceptual boundaries within which the state is legitimized to act, defining the relationship between the state and its citizens. This delineation typically involves specifying citizens’ freedoms from state interference, as well as outlining certain rights and duties that the state is obligated to protect and fulfil, respectively. In most societies, the state alone possesses specific powers to govern within a designated territory. By granting citizens fundamental rights and freedoms, the constitution not only outlines the state’s powers but also sets limits which the state, including its various bodies and officials, has to respect, protect and uphold. This direct relationship between individuals and the state is known as the vertical application of human or fundamental rights.

The horizontal application of human or fundamental rights, on the other hand, relates to the obligations between private individuals and private entities, meaning that not only the state but also private companies and individuals must adhere to fundamental human rights standards in their interactions (see Frantziou 2020; Gonçalves da Silva and Leitão 2023; Haupt 2024). The horizontal application of human or fundamental rights refers to the idea that these rights should not only protect individuals from violations by the state (vertical application), but also from violations by other private actors, such as corporations, individuals or organizations. Essentially, it means that human rights are not limited to interactions between the government and the people, but also extend to interactions between private entities and individuals.

In practice, horizontal application can imply that individuals can rely on fundamental rights to protect themselves against actions that violate their rights by other private parties, like discrimination in the workplace, abuse by a corporation, or violations by other private entities. This approach has been adopted in several legal systems and can be a more comprehensive way of safeguarding human rights in society.

The reach and implementation of horizontal human rights application can differ widely, influenced by each country’s legal traditions and the specific rights at stake. Some legal systems allow for these constitutional rights to be directly or indirectly invoked in private disputes, such as in cases of landlord discrimination or corporate misconduct (Futch 1996).²³ Other countries incorporate such rights through legislation in areas like employment or consumer protection.²⁴

Today, the horizontal effect of fundamental rights takes on renewed importance because of the enormous power private actors hold in the Internet’s ecosystem. As digital platforms and other technology companies increasingly shape our access to information, free expression and economic opportunities, the question of how human rights apply to these entities has become one of the most pressing challenges of our time.

3.1. New actors

In the digital age, the growing prominence of non-state actors, particularly private technology companies, adds another significant player alongside the state that holds substantial power and influence over the safeguarding of fundamental rights at a societal level. This change is in part linked to the evolving nature and meaning of public space since the rise of digitalization. The Covid-19 pandemic further accelerated this shift, as in many places around the world traditional venues such as public squares, parks, shopping centres, cinemas and restaurants were replaced by virtual spaces. Consequently, this transition significantly altered our understanding and interaction with public domains.

As a result, much of the power and responsibility for governing what constitutes the new civic ‘public sphere’ has moved into the private sector. This shift is not limited to social media platforms; it extends across the entire digital realm, where technology companies wield substantial influence over public discourse, values and the protection of fundamental rights. Indeed, these private corporations can reach a scale and depth of impact that rivals or surpasses certain state functions:

1. Vertical-versus-horizontal divide. While constitutions typically constrain the state (vertical application), the new reality demands more attention to horizontal relationships, where private corporations exercise near public power over how people express themselves, assemble online or receive information.
2. Private corporations as state-like actors. In domains typically linked with public authority—such as overseeing communication flows—private companies have so much control that they could be seen as state-like actors (Haupt 2024). The question arises: should constitutional safeguards also bind private platforms which effectively govern pivotal aspects of public life?
3. Old versus new regulatory approaches. Traditional media gatekeepers faced broadcast licensing requirements, defamation laws and content standards designed for print, radio and television. However, Internet-specific affordances—such as ease of use, massive reach, real-time global dissemination and near-permanent data storage—pose fresh challenges that old regulatory models cannot neatly address.

The problem becomes clear when considering protection of freedom of speech. Historically, traditional media have acted as a gatekeeper of information, governed by editorial standards, journalistic ethics and regulatory oversight. These mechanisms ensure that the information disseminated to the public is curated and verified and that, when misinformation arises, there are clear channels for accountability. Governments have regulated traditional media through broadcast licensing, defamation laws and content standards to safeguard public interest and minimize harmful content. However, social media platforms operate differently.

Online platforms such as Facebook and YouTube have long imposed their own regulatory frameworks, including rules for moderating online content (see, for example, Facebook n.d. or YouTube n.d.). The number of users of these platforms signifies the scope and magnitude of the influence these companies hold over new virtual public spaces. As of 2024 Facebook had approximately 3 billion monthly active users, making it a critical platform for social interactions and information dissemination (Statista n.d.). About 31 per cent of US adults report regularly getting their news from Facebook. In other parts of the world, particularly in areas with low media literacy, these numbers are even higher. For instance, 61 per cent of people in the Philippines and 48 per cent in Colombia use Facebook for news, while 39 per cent in Thailand and 36 per cent in Kenya use TikTok for news. YouTube is not far behind (Newman et al. 2024). These statistics highlight the fact that the private companies hosting online platforms in these countries have a particularly strong influence on public opinion and people’s rights and freedoms. However, the rules these companies impose on users often differ significantly from the constitutional safeguards that public actors must follow (De Gregorio 2022a: 14).

In January 2021, for instance, X (formerly Twitter) banned then-former US President Donald Trump from the platform, following the attack on the US state Capitol on 6 January 2021. Just one month later, Facebook blocked news on its platforms across Australia to protest a proposed law that would have required Facebook (now Meta) and Google to compensate media companies for the news stories featured on their platforms (Gollom 2023).

Since the information on online platforms plays a major role in people’s news consumption, as seen above, thus shaping public opinion, platforms themselves are increasingly assuming roles traditionally held by both media outlets and government authorities, positioning them as key players in managing public information—but without the same level of oversight or accountability.

Nevertheless, it is important to note that, particularly in countries where media freedom is restricted and controlled by the state, social media serves as a crucial tool for seeking, receiving and sharing information that might otherwise be inaccessible.

Furthermore, the influence of private actors on public life is particularly evident when social media algorithms preferentially amplify certain political messages. Studies show that algorithms often amplify content that is emotionally charged or politically extreme, especially through mechanisms designed to boost user engagement (Brady et al. 2023). One such study, focusing on Twitter, found that right-leaning content and political messages are more likely to be amplified than left-leaning content in multiple countries, including the USA and the UK (Huszár et al. 2021). Another significant instance was the manipulation of misinformation about public health during the Covid-19 pandemic. Platforms like Facebook were used to spread false information about vaccines and treatments, impacting public health responses and vaccination rates globally (World Health Organization 2022). Such events highlight the pervasive reach of private enterprises into critical areas of public interest and welfare.

While the extensive influence of private companies on public discourse, and essentially on the exercise of certain rights, is a broad issue that is also pertinent to traditional mass media, the scope and nature of digital platforms introduce unique complexities. Unlike traditional media, online platforms combine unparalleled reach and speed in disseminating information with new technological capabilities that enable them to micro-target audiences by using vast amounts of personal data. Social media can disseminate information instantly across global networks, target individuals with extreme precision using data analytics and continuously adapt content delivery using sophisticated algorithms. These capabilities create an exceptionally dynamic and pervasive form of influence that can impact millions of viewers quickly and shape societal beliefs on a scale and with a level of specificity that traditional media could never achieve (International IDEA 2018, 2020).

Ultimately, this transfer of power from public to private actors—while offering benefits such as broader participation—raises the question of applying fundamental rights horizontally. In particular, if these corporations are akin to state-like entities in function but not in accountability, how can constitutional or international human rights standards adapt to ensure the protection of individual freedoms in these new digital realms?

3.2. Public–private partnership

In the digital age, the lines between the public and private sectors are becoming increasingly blurred, with private enterprises playing pivotal roles in shaping the delivery of essential services. From healthcare to education, public–private partnerships are transforming how societies operate, often introducing technological innovations that improve lives in unprecedented ways. As these partnerships deepen, however, they raise pressing questions about control, data privacy and the balance of power. What happens when the same corporations facilitating humanitarian aid or running city infrastructure also hold vast amounts of sensitive data? The following examples explore the powerful, and at times problematic, dynamics of these partnerships, showcasing both the promise of digital innovation and the ethical challenges it presents in maintaining democratic oversight and protecting fundamental rights.

Public–private partnerships are at the forefront of transformative change across the globe, blending innovation with societal needs in ways that redefine how governments deliver essential services. In India, telecom providers are bridging the gap between rural communities and healthcare, enabling remote consultations and access to medications through digital dispensaries—an initiative that is already making a tangible difference in the state of Madhya Pradesh (Buckup 2023). Similarly, in Mumbai, digital platforms are being leveraged to improve maternal and child health services, demonstrating the power of technology to reach underserved populations (Buckup 2023).

On a broader scale, the use of mobile technology in humanitarian efforts has become indispensable. The World Health Organization’s partnership with WhatsApp to disseminate Covid-19 information globally illustrates how private sector tools can play a crucial role in public health emergencies (Taylor 2021). These kinds of collaboration extend beyond healthcare, as seen in Rwanda, where partnerships with companies like Mastercard are driving a shift towards a cashless economy, creating opportunities for financial inclusion and economic growth (Buckup 2023).

Beyond healthcare and economic development, partnerships with the private sector are also protecting cultural heritage. In an innovative response to climate threats, the island nation of Tuvalu plans to preserve its cultural identity through the Metaverse, which is providing a digital space where citizens can maintain connections to their homeland, even if their physical territory is lost (Craymer 2022). Meanwhile, on the battlefield, Ukraine has shown how quickly adaptable commercial technologies—ranging from satellites to machine learning—can provide a strategic edge, illustrating how digital tools extend into national security and defence (Breaugh et al. 2023).

These examples vividly illustrate how public–private collaborations are not just reshaping public services but also redefining governance itself. From improving healthcare and driving economic modernization to preserving cultural heritage and strengthening military capabilities, these partnerships are playing an increasingly vital role in addressing both present challenges and future uncertainties. As a result, such collaborations have become integral to the governance frameworks of many countries. Simultaneously, however, they are also elevating the global technology sector’s political influence and shaping how governments approach public service delivery (Taylor 2021).

Not all public–private collaborations are benign. In certain cases, the state can use private partnerships to evade the legal or constitutional checks that would apply if it were acting alone. Such partnerships can become avenues for illegal surveillance, data exploitation or censorship—coordinated quietly or under the guise of formal agreements. This problem has been documented in multiple contexts.

Digital surveillance is a prominent example, where the use of such technologies can infringe on privacy. In Jordan, for example, investigations by Access Now and Citizen Lab revealed that Pegasus spyware—developed by the Israeli company NSO Group—was used to target Jordanian civil society figures, including journalists, lawyers and human rights activists. Deployed ostensibly for national security purposes, the spyware enabled extensive monitoring of private communications and personal data (Access Now 2024; The Citizen Lab 2024).

Some governments encourage—or coerce—private social media or telecom companies to implement censorship policies. For instance, the Great Firewall in China relies heavily on corporate compliance and technical expertise supplied by private firms (Freedom House 2024).

While these efforts may be framed as ‘protecting national security’ or ‘preserving social harmony’, they can involve clandestine content filtering and account takedowns that violate freedom of expression (Funk, Vesteinsson and Baker 2024; Human Rights Watch 2006a).

In one example, Yahoo faced criticism in the mid-2000s for providing user information to Chinese authorities, leading to the imprisonment of dissidents (Human Rights Watch 2006a, 2006b).

Even in liberal democracies, law enforcement or intelligence services may obtain personal data through partnerships with corporations instead of using formal search warrants or legislative processes. A prominent example is the Amazon Ring partnership with US police departments, which has raised concerns about warrantless access to residents’ video footage (Guariglia 2019; Molla 2019).

Another notable case of unauthorized data collection occurred in 2019, when the UK Government partnered with Amazon to provide health advice via voice assistants, which granted Amazon access to National Health Service (NHS) data. This data was monetized without compensation being paid to the NHS (Chan 2019). Similarly, Google’s Sidewalk Labs collaborated with city governments, using data collected from public transport to boost its market presence and benefit partners like Uber (Taylor 2021).

Beyond concerns about dependency and monopolies (Foley and Swilling 2018: 82), the widespread reliance on proprietary digital technologies for government services has raised serious questions about the protection of constitutionally guaranteed rights. These ‘workarounds’ allow countries to collect, analyse or censor content in ways they could not achieve through public channels alone, eroding constitutional safeguards around privacy, due process or freedom of speech.

A global investigation by Human Rights Watch into education technologies endorsed by 49 countries during the pandemic revealed even more troubling practices. Many of these platforms violated children’s privacy, secretly collecting data on their activities, locations and personal networks, which was then shared with advertising technology companies (Human Rights Watch 2022). These examples illustrate how corporate involvement in public services often results in the exploitation of sensitive data, posing significant risks to individual rights.

As a result, it is also important to recognize that the ongoing trend of private enterprises progressively expanding into the public domain and significantly influencing our wider social and political life is being vastly accelerated in the digital age. However, business ethics and private law are not traditionally designed to address questions of fundamental rights compliance and democracy, offering minimal protection in the face of this new distribution of power.

3.3. Applying rights horizontally as a way forward

The legal mechanisms that safeguard rights and public powers in most legal systems—namely national constitutions—have not been applied to the private sector thus far. However, the private sector’s accumulation of control over services and public functions necessitates a paradigm shift: from perceiving state actors as the sole threats to rights and freedoms, to recognizing that private companies, especially online platforms, can pose equally significant challenges to the protection of human rights.

These challenges were already recognized a decade ago by the architect of the United Nations Guiding Principles on Business and Human Rights, who found that ‘the root cause of the business and human rights predicament today lies in the governance gaps created by globalization—between the scope and impact of economic forces and actors, and the capacity of societies to manage their adverse consequences’ (Office of the United Nations High Commissioner for Human Rights 2020: 1). In response, international efforts are trying to address the growing influence of private companies over public life through initiatives such as the UN’s B-Tech Project, which works directly with online platforms to ensure their operations align with human rights standards. Building on the UN Guiding Principles on Business and Human Rights and advocating for rights-based public policy and legal measures ‘to govern how new technologies are developed, deployed and used’ (Office of the United Nations High Commissioner for Human Rights 2020: 1), the B-Tech Project aims to promote human rights due diligence, urging companies to identify, prevent and mitigate any adverse human rights impacts in their activities (Office of the United Nations High Commissioner for Human Rights 2020).

Beyond the Guiding Principles and the B-Tech Project, several other international initiatives aim to ensure that tech companies respect human rights. For example, the Global Network Initiative brings together major tech companies, civil society and academics to advance freedom of expression and privacy in the ICT sector, although its commitments remain voluntary. Similarly, the Organisation for Economic Co-operation and Development Guidelines for Multinational Enterprises recommend responsible business conduct, including respect for human rights, but these guidelines are non-binding. A significant recent development is the adoption of the Global Digital Compact (GDC) at the UN Summit of the Future in September 2024. Serving as the first comprehensive global framework for digital cooperation, the GDC aims to anchor digital governance in human rights and international law. It addresses key issues such as universal Internet connectivity, data protection, digital trust and AI governance, while also promoting efforts to combat disinformation, hate speech and the digital gender divide. Although not legally binding, the GDC provides a road map for ensuring that digital technologies are developed and governed responsibly, emphasizing multilateral cooperation.

However, a fundamental criticism of the UN Guiding Principles and similar voluntary approaches is that they lack enforceability. While this strategy makes sense from a realist perspective—given the UN’s limited power to impose binding treaties on transnational corporations—it comes at a cost. In effect, it dilutes the legal essence of human rights, reducing them to aspirational standards that corporations can decide to follow or ignore. The lack of binding power opens the door to symbolic compliance, wherein companies adopt human rights rhetoric but fail to implement meaningful reforms. Ultimately, voluntary frameworks risk developing processes and structures that do not produce real change.

Therefore, on the legally binding side, the EU has enacted regulations such as the General Data Protection Regulation, which has had a significant impact on tech companies globally by enforcing strict rules around data protection and privacy, with penalties for non-compliance. The EU’s Digital Services Act further mandates large platforms to mitigate risks to fundamental rights like freedom of expression, placing enforceable obligations on tech companies.

These efforts illustrate the widely accepted scholarly view (see e.g. Alexy 2002) first discussed in the famous judgement of the German constitutional court that ‘constitutional rights are not just defensive rights of the individual against the state, but embody an objective order of values, which applies to all areas of the law ... and which provides guidelines and impetus for the legislature, administration and judiciary’ (Federal Constitutional Court (Bundesverfassungsgericht) judgement of 15 January 1958 – 1 BvR 400/51 paragraph 25). Nevertheless, in light of these challenges to the protection of rights and freedoms as outlined in the previous section, there is also a growing demand to extend constitutional protections to cover the quasi-public functions performed by private entities, beyond merely addressing the influence of private entities through regulation. This growing concern has sparked discussions on rethinking and remodelling constitutional instruments that protect rights and prevent abuses. Among the solutions proposed by practitioners and scholars is the application of constitutional norms to private entities that perform public functions or wield significant influence over public discourse and rights (De Gregorio 2022a; Haupt 2024).

In light of these discussions, to ensure that constitutional rights are not circumvented merely because an actor is private, particularly when private entities undertake roles functionally equivalent to governmental activities, many scholars have argued that they should bear similar constitutional obligations, arguing for a constitutional interpretation of horizontality that goes beyond traditional doctrines like direct effect. This approach suggests that fundamental rights should be viewed as enabling conditions for participation in public life, thus requiring a more substantive form of equality beyond ‘state-versus-individual paradigms’ (Frantziou 2020).

Some legal systems have expanded the protection of fundamental rights to encompass private entities, through what is known as the horizontal application of fundamental rights. This legal principle, which was originally developed in the 1950s by the German Constitutional Court, has since been adopted in various constitutional jurisdictions, including by the Court of Justice of the European Union and the European Court of Human Rights (Stein 2022).²⁵ This approach enables individuals to invoke constitutional rights in litigation against other private parties, alleging violation of those rights. Although there is an ongoing debate about whether horizontality should be treated as a structural constitutional principle²⁶ or as an extension of the direct effect doctrine²⁷ (Frantziou 2020), the academic discourse has extensively explored the idea of mandating private entities to uphold fundamental rights, thereby also constraining their autonomous activities based on constitutional protections, especially in areas such as freedom of expression, privacy and data protection. Many practitioners and scholars view the horizontal application of human rights as a potential solution to the challenge of rights protection in the digital era (Pollicino 2021).

The Google Spain²⁸ ruling, for example, introduces a novel method for protecting fundamental rights in the digital age. It is a notable case to discuss for two reasons: firstly, it introduced discussions on the right to be forgotten; secondly, it is a landmark decision regarding the horizontal application of fundamental rights and digital rights jurisprudence. In its ruling, the Court relied on article 7 (respect for private and family life) and article 8 (protection of personal data) of the EU Charter of Fundamental Rights and applied the constitutional mechanisms of fundamental rights protection between private parties. In its ruling, the Court required private entities, like search engine operators, to balance the right to information with data protection rights, and underlined the critical role of human dignity in achieving this balance (Pollicino 2021).

In this case specifically, the claimant, Mario Costeja González, sued Google Spain for displaying search results that linked to his outdated financial hardships, which he wanted removed. The Court was asked to determine whether Google, as a search engine operator, had to comply with an individual’s request to remove links to personal information in search results even when the information itself was lawfully published on web pages.

The relevant legal frameworks were EU Directive 95/46/EC, which regulates the processing of personal data within the EU, and article 8 of the EU Charter of Fundamental Rights, which specifically protects the right to personal data protection. These rules state that individuals have the right to control the processing of their personal data, including having inaccurate data corrected and certain data erased to protect their privacy.

The European Court of Justice considered whether the directive applies to search engine operators like Google and whether they are responsible for personal data appearing in their search results. The Court found that, by indexing and storing personal data, Google acts as a data controller under the directive and thus has specific obligations, including the removal of links to personal data that infringe on privacy rights when requested by the individual concerned unless there is a stronger public interest in keeping the information accessible.

Furthermore, under article 8 of the EU Charter, any interference with the right to data protection must be justified and proportionate. The Court balanced this right against the economic interest of the search engine and the public interest in accessing the indexed information. It concluded that individual rights generally override other interests, particularly when the data is outdated or irrelevant. Article 8 of the EU Charter in particular asserts that personal data must not be excessively processed relative to the purpose for which it was originally collected, highlighting the need for data relevance and the avoidance of excessive data retention. The Court, therefore, held that the rights to privacy and data protection typically surpass both the economic interests of search engines and the public’s interest in accessing outdated or irrelevant information unless it remains significant for public interest purposes.

Discussions surrounding the right to be forgotten, as established through the Google Spain case, have also been influential beyond Europe. For instance, the Federal Institute of Access to Information and Protection of Data, an administrative body in Mexico, drew on the Google Spain ruling, mandating Google to remove specific URLs that disclosed personal information from the indexing of Google Mexico’s search engine and to erase personal data linked to an individual.

In contrast to Mexico’s adoption of the right to be forgotten, however, other jurisdictions have taken a different stance. In a contrasting decision by the First Instance Court in São Paulo, Brazil, the Court dismissed the plaintiff’s right to privacy in favour of freedom of expression and the public’s right to information. Specifically, the Court faced a request from a Brazilian citizen seeking to compel Google to delete search results connected to articles about his past unlawful activities. This individual had been arrested six years prior, and the Court rejected his request based on the right to freedom of expression, as enshrined in article 220 §1 of the Brazilian Constitution. The Court reasoned that the criminal proceedings were a matter of public record, and that there was no justification for suppressing the articles, emphasizing the constitutional safeguard of free expression (Columbia University Global Freedom of Expression n.d.d).

Similarly, the Supreme Court of Argentina took a restrictive view of the right to be forgotten in Natalia Denegri v Google Inc.²⁹ Denegri, a well-known television presenter, sought the removal (or de-indexation) of videos on Google relating to her past involvement in televised scandals from the 1990s. She argued that this content, although accurate, had become irrelevant and infringed upon her privacy, honour and reputation. While a lower court initially accepted her request in part, the Supreme Court unanimously overturned that ruling. The Court emphasized that any curb on the free flow of information—such as de-indexation—constitutes a serious restraint on freedom of expression and must therefore undergo strict scrutiny. In Denegri’s case, the mere passage of time did not render the past events irrelevant; the Court reasoned that she was a public figure and that restricting access to accurate public-interest information would undermine the very purpose of freedom of expression. The Court also cautioned that judges should avoid imposing standards based on subjective tastes or sensibilities, lest they open the door to undue arbitrariness.

Meanwhile, the Supreme Court of Chile dismissed a petitioner’s plea to remove online media articles detailing his criminal actions, citing the public’s right to information (Columbia University Global Freedom of Expression n.d.f).

These contrasting cases illustrate the challenges courts face in applying constitutional rights horizontally, particularly in the context of digital platforms. While the Google Spain ruling imposes obligations on private entities to protect individual rights, other courts emphasize platforms’ role in upholding societal interests like freedom of expression and access to information. Both approaches have their justifications. In Mexico, for example, NGOs have criticized the right to be forgotten, particularly in contexts where politicians use this tool to erase records of their political scandals (La Red en Defensa de los Derechos Digitales n.d.). The Office of the Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights has expressed concerns about the right to be forgotten, stating that applying a private system for the removal and de-indexing of online content with vague and ambiguous limits is problematic in the Americas. They emphasize that such practices could conflict with article 13 of the ACHR, which provides broad protection for freedom of expression. The rapporteur further asserts that removing content from the Internet constitutes a clear interference with freedom of expression and the public’s right to access information. The concern is that the right to be forgotten could be used to suppress lawful content that is of public interest, especially information about public figures or matters affecting society (Lanza 2017).

Despite the varied judicial approaches and the complexities involved in balancing competing rights when applying rights constitutionally, all these cases have dealt with the role of platforms and fundamental rights compliance through constitutional frameworks. This commonality highlights that courts across different jurisdictions recognize the significance of constitutional principles when adjudicating matters involving private entities that have substantial influence over any fundamental rights.

In conclusion, the evolving dynamics between state and private entities in the digital domain have led many experts to call for a re-evaluation of traditional constitutional protections to address the complexities of the digital age. The horizontal application of fundamental rights, exemplified by legal developments like the Google Spain ruling, would represent a critical step towards ensuring that private entities wielding significant influence over public discourse, personal freedoms and rights are held to constitutional standards.

Applying fundamental rights horizontally would limit some of the powers of tech corporations to curb abuses by both state and non-state actors. It promises protection of fundamental rights amid the growing convergence of public and private spheres, thereby ensuring the digital age advances with respect to human rights and the rule of law at its core.

Ultimately, as digital technologies continue to reshape political and societal interactions, legal frameworks must evolve to address these new challenges. This evolution should include not only expanding rights protections but also—as seen in the case law throughout this report—carefully balancing these protections against the need for economic vitality and technological progress. The ongoing discourse and legal refinements will likely continue to shape the boundaries and applications of fundamental rights in this new era.

This discussion also shows how crucial the judiciary is to safeguarding fundamental rights in this digital age, as a means of interpreting legal protections for fundamental rights, and to the evolving nature of potential threats in the digital space. Judges are charged with the challenging task of weighing the benefits of technological advances against the need to preserve fundamental freedoms like privacy, free speech and civic participation. It is a balancing act that is as complex as it is crucial.

Judicial oversight is essential to preventing rights violations such as unlawful Internet shutdowns, which can suppress free expression and limit access to information, and to countering excessive surveillance and searches that threaten privacy rights. While many fundamental rights are subject to restrictions, such limitations must be legally justified to ensure that they are necessary and proportionate. By enforcing legal protocols and upholding the rule of law, courts act as critical checks on both governmental and private powers. This judicial oversight is essential to safeguarding individual liberties and preventing the erosion of rights, particularly in an era marked by rapid technological advances.

In this context, however, a potential imperfection in both the DSA’s systematic risk approach and the Google Spain ruling should be noted when inching closer to a notion of horizontal rights. The DSA, for example, treats fundamental rights as merely one category of risk to be assessed by large platforms, effectively relegating rights to a secondary focus. Moreover, it relies on corporate-led mitigation strategies that are often devised internally and scrutinized only ex post facto.

Similar debates arise around the Google Spain decision. While it arguably represents a form of horizontality by requiring search engines to balance individual privacy and data protection rights against the public’s right to information, its success was largely due to its anchoring in existing data protection law explicitly applicable to private entities handling personal data. In other jurisdictions—particularly those that have rejected the right to be forgotten—courts have viewed the invocation of data protection statutes to regulate search engine operations as tenuous or insufficiently grounded, leading to inconclusive balancing outcomes. These approaches highlight partial strategies that address the broader absence of a clear-cut constitutional principle of horizontality in the digital realm.

Having said that, critics often raise concerns about the freedom of enterprise and the risk of over-regulation stifling innovation, particularly when applying fundamental rights horizontally. They argue that imposing constitutional standards on private companies could create an unwieldy burden that hinders technological advancement and economic growth (Henshall 2023; Sayeedi 2023). Further arguments have been raised that such applications may lead to ‘rights inflation’ and excessive judicialization, which can create legal uncertainty and impact private autonomy (Craig 2009: 349; Frantziou 2020: 212). This concern arises from fears that expanding fundamental rights into private relationships could compel judges to exceed their traditional interpretive roles, risking not only arbitrary but also illegitimate and potentially unconstitutional law making (Frantziou 2020; Shrivastava 2023). In India, for example, the Supreme Court’s decision in Kaushal Kishor v State of Uttar Pradesh³⁰ affirmed that fundamental rights under articles 19 (freedom of speech) and 21 (right to life and personal liberty) can be enforced against private entities. Although this ruling has in great part been seen as a progressive step in broadening the scope of fundamental rights, it has also sparked debate about the implications for private law and the balance of powers between the judiciary and the legislative and executive branches of government (Bilchitz and Deva 2023; Shrivastava 2023).

That said, it is not necessarily obvious that the enforcement of rights against private entities must mirror enforcement against the state. A distinct jurisprudence of horizontality could be developed to address these issues, allowing courts to adapt their approaches in a way that recognizes the unique dynamics of private relationships. Such an approach could strike a balance between ensuring that fundamental rights are respected and avoiding the overreach of judicial power. Moreover, the criticism of judicial overreach is not exclusive to the horizontal application of rights; similar criticisms can arise when courts intervene in state actions. In such cases, jurisprudence of self-restraint or dialogical remedies—where courts engage in ongoing dialogue with other branches of government rather than imposing rigid solutions—has been proposed as a means to mitigate concerns about judicial activism and preserve institutional balance.

While the judiciary serves as a crucial sentinel in interpreting and enforcing fundamental rights in the digital age, it is essential to recognize that judges are only one piece of the larger puzzle of rights protection. Safeguarding liberties in the digital realm cannot be achieved by the judiciary alone; it requires the coordinated efforts of proactive legislation, robust regulatory frameworks, and the active engagement of civil society and private entities. Navigating the complex maze of challenges posed by rapid technological advancements demands a multifaceted approach.

Despite limitations and the criticisms levelled against the judiciary, its role remains irreplaceable. By continually adapting and reimagining legal protections to keep pace with new digital realities, judges play a pivotal role in fortifying individual liberties. This ongoing judicial engagement not only ensures that fundamental rights are upheld but also fosters an environment where innovation and economic growth can flourish alongside a steadfast respect for fundamental freedoms.

This report explored the complex interplay between rising digitalization and fundamental rights, showing that, as digital technologies rapidly evolve, a mix of challenges and opportunities emerge that directly impact our civil liberties and human rights.

As this report has outlined, fundamental rights, enshrined in national constitutions, regional instruments and international human rights law, are affected in the digital space. Thus, it is crucial to ensure that human rights apply online as well as offline. Essentially, protecting rights in the digital, online space also impacts the exercise of rights in the analogue sphere.

Furthermore, the swift evolution of technologies demands a constitutional legal framework that can respond to new challenges and developments to ensure that protections against potential abuses are both effective and relevant.

Responsiveness alone is not sufficient. As outlined in the numerous examples provided in this report, technological advancements occur at a rapid pace, continually introducing new challenges to rights protection which call for our legal and constitutional frameworks to be not only responsive but also agile, equipped to adapt to future technological innovations that are currently unpredictable. This flexibility is vital for courts, as they interpret laws within contexts that are constantly being reshaped by both technological progress and evolving societal norms. Such agility ensures that our legal system remains effective and relevant in the face of continuous digital transformation.

As demonstrated in the case law presented, given the complexities surrounding fundamental rights, such as the right to digital privacy and data protection, courts are increasingly required to apply established constitutional principles in ways that account for the nuances of digital technologies. This approach involves not only reactive measures to address immediate threats but also proactive interpretation of existing constitutional provisions to protect human rights in the digital age.

Additionally, effective constitutional legal responses to the challenges posed by digital technologies must be comprehensive to cover the broad spectrum of rights that could potentially be impacted by technological advancements. The EU, for example, has pioneered a suite of robust legislation that addresses the varied societal impacts of digital technologies. The EU General Data Protection Regulation has not only set a global benchmark for data privacy but also serves as a regulatory framework for ensuring that personal data is processed transparently and securely, enhancing consumer trust. Similarly, the Digital Services Act and the Digital Markets Act are designed to ensure that digital platforms operate fairly and transparently, promoting competition and preventing the undue influence of tech giants.

Moreover, the EU’s Artificial Intelligence Act represents the world’s first forward-looking measure to mitigate the ethical risks posed by AI technologies, including potential rights violations, setting standards for development and usage that prioritize human oversight and transparency. The EU directive on targeted political advertising further aims to safeguard the democratic process by ensuring that political advertising is clearly distinguished from other content, thus helping to prevent covert manipulation of public opinion.

Nonetheless, the EU is not the only player in this space. Brazil has been at the forefront with its pioneering Civil Rights Framework for the Internet, a groundbreaking legal framework that enshrines Internet users’ rights and sets the foundation for Internet governance. Similarly, Canada has taken significant steps by adopting its Digital Charter, aimed at ensuring that Canadians have access to a safe, secure and trustworthy digital environment. These initiatives signal a broader global movement towards new legislation, with many countries expected to introduce constitutional reforms and legal frameworks to address the challenges of the digital age.

Such legislative efforts are increasingly focused on several critical areas: protecting citizens from digital surveillance, enhancing the accountability of online platforms, creating robust safeguards for the deployment and use of AI, and refining data protection regimes to better serve the needs of the public. It is important that this happens in a way that places human rights at the centre of regulatory frameworks and legislation on digital technologies, providing greater guidance on human rights standards and addressing protection gaps created by evolving digital technologies.

As technology continues to advance, it is crucial that the constitutional protection of rights evolves concurrently to ensure that our highest laws are equipped to handle the complexities of the digital age, while upholding the fundamental rights and freedoms that form the bedrock of democratic societies. Leveraging the benefits of technological advancements while vigilantly guarding against their risks can ensure that the digital future is shaped by the values of human dignity and the rule of law.

Advanced algorithms
Advanced algorithms are sophisticated sets of rules and calculations designed to solve complex problems or perform specific tasks. These algorithms are often used in fields like data analysis, artificial intelligence and machine learning. They can process large amounts of data, recognize patterns, make predictions, and optimize processes with high efficiency and accuracy.

Artificial intelligence
Artificial intelligence (AI) is a broad term encompassing various concepts and technologies, making it difficult to define universally. In fact, many academic papers on the subject begin by acknowledging the lack of a single agreed-upon definition. Generally, AI can be described as ‘the study of systems that perceive their environment and determine a course of action to maximize the likelihood of achieving a specific goal’ (World Wide Web Foundation 2017).

In the context of this report, AI refers to the field of computer science dedicated to creating systems and machines capable of performing tasks that typically require human intelligence. These tasks include learning, reasoning, problem solving, perception, natural language processing and decision making, ranging from simple rule-based models to advanced models based on machine learning and neural networks.

Automation
Automation refers to the use of technology to perform tasks without human intervention. These tasks can include anything from simple repetitive tasks to complex processes involving decision making and problem solving. Automation is commonly employed in industries such as manufacturing, software development, finance and logistics to increase efficiency, reduce costs and minimize human error.

Big data
Big data refers to extremely large data sets that are difficult to process and analyse using traditional data-processing techniques. Big data is characterized by its volume, velocity (speed of generation), variety (different types of data) and veracity (uncertainty of data). It is used in various fields to uncover patterns, trends and associations, particularly in relation to human behaviour and interactions.

E-governance and e-government
E-governance and e-government refer to the use of digital technologies, particularly the Internet, to deliver government services, engage with citizens and facilitate the operation of government functions. E-governance encompasses a broader scope, including interactions between government, citizens, businesses and other arms of government. E-government specifically focuses on the digital delivery of government services to the public, such as online tax filing, licence renewals and access to public records.

Information and communication technology 
Information and communication technology (ICT) encompasses technologies that provide access to information and facilitate communication. ICT encompasses a wide range of digital tools, devices and systems, including computers, mobile phones, the Internet, telecommunications networks and software applications. ICT is integral to modern business operations, education, government and everyday life.

Internet of things 
The Internet of Things (IoT) refers to the network of physical objects—often called smart devices—that are embedded with sensors, software and other technologies to connect and exchange data with other devices and systems over the Internet. The IoT enables automation, remote monitoring and control of these objects, ranging from home appliances to industrial machinery, leading to more efficient and intelligent systems.

Machine learning
Machine learning involves a shift from traditional programming, where computers are given explicit step-by-step instructions to solve a problem. Instead, in machine learning, a human programmer provides the computer with guidelines and rules for learning from the data it receives. The computer then analyses the data, makes inferences and generates new rules, enabling it to deliver information and services autonomously (Internet Society 2017).

Online content moderation
Online content moderation involves the monitoring, reviewing and management of user-generated content on digital platforms, such as social media, forums and websites. The goal is to enforce community guidelines, remove harmful or inappropriate content, and ensure that online spaces are safe and respectful. Content moderation can be performed manually by humans or through automated tools using AI and machine learning.

Spyware
Spyware is a type of malicious software designed to secretly monitor and collect information from a user’s device without their knowledge. It can capture sensitive data such as passwords, credit card numbers and personal communications and transmit it to third parties. Spyware is often used for illegal activities, such as identity theft, corporate espionage or unauthorized surveillance.