Delegation: The United Kingdom of Great Britain

and Northern Ireland

Position Paper

I) Topic Background

In the 1940’s the problem of privacy was first brought to light in the UN’s Assembly for
Human Rights, but at this time the digital aspect was not yet in play as the technologies at the time
were not as advanced as they have become. In the 60’s and 70’s the issue was once again brought into
the light, especially regarding the surveillance of common citizens It was in the mid-90s that a
directive was sent out by the EU on the topic of data privacy, and at that same time span, COPPA, the
children’s Online Privacy Law was established. During the 2000s one of the most notable of the
measures and laws passed was GDPR, the Data Protection Regulation created by the EU wich was
alos adopted in part by the UK.1

The US NSA’s (National Security Agency) spying on its citizens first brought forth the issue
of privacy on a wider stage. Another moment that shaped the digital world was the September 11
attacks on the US. With this attack, they implemented the Patriot Act, an act that was vague in the
limitations of data gathering for national security processes and counter-terrorism efforts. With this
act, the idea of privacy was brought forth in a serious light to the mind of the population, and because
of a public uproar, various laws in this regard were implemented in different countries.2

China’s surveillance has been very strict with its national security and has utilized the lack of
oversight to spy on its citizens through the Skynet surveillance system, a system that utilizes A.I. to
recognize and track China’s citizens. The way they track their people means that they would be
against any type of regulation that gives the right to privacy in a digital manner in any form.3

The European Union has been largely affected by spyware, systems that gather personal data
information. So that there isn’t any lack of power in national security, human rights and personal
privacy in digital spaces has been ignored, giving. The European Court of Justice has demonstrated

1
https://safecomputing.umich.edu/protect-privacy/history-of-privacy-timeline
https://www.nyulawglobal.org/globalex/Right_To_Privacy_International_Perspective.html
https://www.ohchr.org/en/topic/digital-space-and-human-rights
https://www.ohchr.org/sites/default/files/Documents/Issues/DigitalAge/ReportPrivacyinDigitalAge/UK.p
df
https://www.ohchr.org/en/privacy-in-the-digital-age
2

https://www.google.com/url?sa=j&url=https%3A%2F%2Fsafecomputing.umich.edu%2Fprotect-privacy
%2Fhistory-of-privacy-timeline&uct=1680265812&usg=gk6sMJZl7O7cfFACtJPZj81rSps.&opi=738330
47&source=chat
https://www.nyulawglobal.org/globalex/Right_To_Privacy_International_Perspective.html
3
https://www.economist.com/china/2023/11/23/chinas-enormous-surveillance-state-is-still-growing
considerable concerns about allowing data to cross the Atlantic Ocean and has considered it illegal,
because of fears of unlawful access from the US to Europeans’ personal data.4
In regard to recent Data protection issues, companies, enterprises, and country’s security
systems have been developing Artificial Intelligence and strong Blockchains to identify where
information from the data has gone, but also to prevent more surveillance of personal information.5

II) Country Policy

The United Kingdom of Great Britain and Northern Ireland, as an United Nations member,
has an obligation to ensure the safety and privacy of its citizens. However, this delegation believes
that this obligation does not in any way detract from the obligation to protect human rights. States
can and should deliver both privacy and security both offline and online.6

One of the major pieces of legislation that helped the UK achieve this goal is the Data
Protection Act 2018 (DPA 2018), derived from the European General Data Protection Regulation
(GDPR), which is one of the most important in privacy in the digital space implemented in the Uk
which the DPA 2018 later expended on, that gave any citizen the right to find out what information
the government and any other organization is soring about the individual, be informed about how
their data is being used, and any type of access to personal data.7 DPA 2018 establishes clear
guidelines and requirements for the collection, storage, and processing of British. citizens' data,
aiming to achieve a balance between enabling the legitimate use of data and protecting their
fundamental rights to privacy and data protection. To complement this there is also the LED regime
which sets out requirements for processing personal data for criminal law enforcement purposes
complementing the rights of UK citizens in relation to illegal surveillance.8 Another important piece
of legislation is the Online Safety Act 2023 brought into effect late last year is the gemstone of UK
laws, the Act will give providers new duties to reduce risks their services are used for illegal activity
and to take down illegal content when it does appear, ensuring more transparency of big tech
companies, and also gives people more control over the types of content they want to see.9

Failure to comply with the law will lead to serious fines being levied against the organization
through the Information Commissioner’s Office (ICO) which has broad powers to enforce and

4
https://www.fortinet.com/resources/cyberglossary/spyware
https://cepa.org/article/europe-uses-spyware-on-its-own-citizens/
5

https://www.sourcesecurity.com/insights/exploring-evolving-trends-data-security-unveiling-co-1694598
197-ga.1694599841.html
DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND RISK OF ABUSE OF ECONOMIC
INFORMATION
6

https://www.ohchr.org/sites/default/files/Documents/Issues/DigitalAge/ReportPrivacyinDigitalAge/UK.p
df
7

https://www.gov.uk/data-protection#:~:text=The%20Data%20Protection%20Act%202018%20is%20th
e%20UK's%20implementation%20of,used%20fairly%2C%20lawfully%20and%20transparently
8

https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/law
-enforcement-processing/
9

https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer#:~:
text=The%20Online%20Safety%20Act%202023,users'%20safety%20on%20their%20platforms.
impose penalties depending on the severity of the infraction of the DPA 2018.10 This means that the
U.K. values the privacy of its citizens against the overreach of their intelligent organizations, and
private companies that may have a vestige interest in harvesting and selling personal data.

III) Proposed Solutions

The United Kingdom values highly the privacy of people in the digital space, therefore the
committee gives as a short-term solution the idea of having the world governments find a
compromise in creating worldwide guidelines that include topics such as, every human has a right to
know what information is gathered about them and have the ability to delete it in a way that is
possible. The committee also sees it as a necessary measure of higher supervision of the private
sector, and what type of information they gather. Less surveillance by governments on their citizens
is also a measure that would produce a better environment on the internet, this can be achieved
through stricter standards for obtaining warrants for surveillance.

As was said earlier this committee suggests that this body also creates guidelines to limit the
data gathering of Big Data, these are giant companies that control most of the flow of information,
and these have the potential of creating great harm in the space. The following measures are what the
committee recommends, limiting the amount of information these organizations can store and access,
creating limits on what companies suggest data brokers/mining companies, these are business that
gathers information that can be personal from a variety of sources, and process it to enrich, cleanse or
analyze it, and sell it to other organizations, that's why by restriction what they can accomplice with
this data would help stop the proliferation of personal data online.11 12

As for a longer-term solution, the committee suggests the creation of a body of various
countries to supervise the implementation of the aforementioned guidelines, this body would analyze
countries and companies that aren't compiling with the given goals. A more indef guideline would
also be created that covers any type of unwanted data collection by companies and governments,
without warrants, therefore creating the most complete examples of privacy possible without
sacrificing the ability of law enforcement to track down criminals on the internet. The UK recognizes
the idea that privacy doesn't outweigh the national security that certain countries such as the US and
China, that is why a compromise between privacy and security is so important, absolute privacy in
impossible and then it would be impossible to track down and protect criminals that exist more and
more in the internet, the UK also cares deeply about its national security but it recognizes that a
balance should be made between the two must be had, a system that gives more privacy to
individuals and doesn't impede in the prosecution of criminals, especially as criminals migrate more
to the space.

10

https://www.kiteworks.com/secure-file-sharing/uk-data-protection-act/#:~:text=DPA%202018%20estab
lishes%20clear%20guidelines,to%20privacy%20and%20data%20protection.
11

https://www.investopedia.com/terms/d/datamining.asp#:~:text=Data%20mining%20is%20the%20proc
ess,increase%20sales%2C%20and%20decrease%20costs.
12

https://www.gartner.com/en/information-technology/glossary/data-broker#:~:text=A%20Data%20Broke
r%20is%20a,provide%20them%20with%20enhanced%20results.
How to limit government surveillance: