Proposing a Right to Identity within the International Framework of Human Rights: Issues and Prospects
Chapter 12
Proposing a Right to Identity within the International Framework of Human Rights: Issues and Prospects
Norberto Nuno Gomes de Andrade and Paul De Hert
In all cases, it remains to be debated whether the interests of agents are best expressed in the language of a claimed right to identity.1
Introduction
Forgotten and neglected for several decades by both the jurisprudence and the legal doctrine, the right to personal identity has been the target of a recent revival movement.2 The legal ‘revitalization’ of the right to identity is, to a very large extent, connected with the revolutionary changes brought by recent technological developments,3 namely with the so-called information revolution4 and the digitization of the human person.5 These technological progresses have equipped people with a new set of tools through which to express and represent their identities, rendering the latter increasingly fluid and dynamic. Further to the novel and fascinating ways through which identities can be constructed and communicated, these technologies also aggravate the dangers threatening identity, intensifying the ways through which a person’s identity can be detected, distorted, deleted, concealed, stolen, misappropriated, impersonated, falsified and misrepresented, rendering it increasingly vulnerable.
In order to understand the impact and the significance of the information revolution on human identity, Floridi, an Italian philosopher, distinguishes four major historical revolutions in science, based not on the technologies involved but on the intellectual findings that each of them presented. These revolutions changed not only our understanding of the external world but also our conception of who we are. They were the Copernican revolution, which displayed humanity from the centre of the universe; the Darwinian revolution, which showed that all species of life have evolved over time from common ancestors through natural selection, thus displaying humanity from the centre of the biological kingdom; and the Freudian revolution, which underlined that the mind is also unconscious and that we are very far from being Cartesian minds entirely transparent to ourselves. The fourth revolution, and the one that matters the most to our study, is what Floridi calls ‘the informational turn’ – that is, the next step in the process of dislocation and reassessment of humanity’s fundamental nature and role in the universe. It is the acknowledgement that we may be informational organisms (inforgs) among many others, significantly but not dramatically different from natural entities, agents and smart, engineered artefacts.6
Following Floridi’s informational ontology, we – as informational elements – live in the so-called ‘infosphere’, i.e., the informational ecosystem constituted by all informational entities. The idea that we have, utterly and irreversibly, become information (or ‘inforgs’) is also behind Roger Clarke’s notion of ‘digital person’7 and Rodotà’s concept of ‘networked persons’.8 Further than the simple digitization of information we are thus moving towards the outright digitization or ‘informational-ization’ of the human person.9 Information and Communication Technologies (ICT), especially the ones related with the creation and development of the Internet, have revolutionized the way our identities are perceived, presented and projected.10 Specific aspects of one’s identity are, today, channelled as bits and bytes into computer networks, often in completed automated ways through algorithms and other computing processes, reaching wider audiences and geographies.
In the same way that identities can be presented and expressed through informational processes, they can also be misrepresented and distorted. As Brownsword explains, developments of this kind provoke various kinds of ‘identity crisis’, as for example the concern that our identities should not be assumed or ‘reconstructed’ by others.11 In fact, due to the technological progresses associated with the establishment and consolidation of the information revolution, not only the ways to define and represent but also the means to violate personal identity (theft, distortion, misrepresentation, impersonation, etc) have become – to a very large extent – a matter of data processing and information management. The laws regulating the processing of personal information seem, in effect, to be one of the most adequate legal instruments through which to protect personal identity.
In order to understand the challenges posed to the legal regulation of personal identity and the importance of re-activating and re-conceptualizing a right to identity, namely within the scope of data protection and privacy laws, one needs to first understand how new (and prospective) technological developments are changing the old premises and paradigms of identity. Here, we should expand our analytical lens beyond the immediate present and peek into the future, looking into the changes that the so-called Ambient Intelligence (AmI) or Ubiquitous Computing environments12 (i.e., post-Internet scenarios) will bring to personal identity.13 This will be the object of our next section (section 2). In the third section we will discuss a series of authors that argue in favour of a re-conceptualization of the right to identity: Pino, Sullivan, Andrade, Oreg and others. This doctrinarian movement is intimately connected to the ever expanding and more flexible manner through which law has been addressing and regulating identity. In fact, the law has endowed individuals with more and more legal tools with which they can influence and change aspects of their identity. Individuals are now entitled to break the chains of their affiliations, modify their names, and change their nationality and sex.14
In section 4 we discuss the legal framework on human rights law, assessing the argument advanced by certain authors that a proper protection of identity aspects through existing legal instruments is lacking. The section is followed by a discussion of policy initiatives that call for new Information Society rights (section 5). Section 6 discusses several examples of recent human rights initiatives (regarding Internet access, regarding the elderly, regarding water and regarding data protection) in order to address the feasibility of a new right to personal identity. The seventh section concludes the contribution.
Changes to Personal Identity due to AmI and Ubiquitous Computing
AmI and Ubiquitous Computing represent a vision of the form and means that computing will take in the near future. They convey the idea of an aspiring reality – automated, intelligent, imperceptible and omnipresent – a foreseeable future stage in which the current Internet – as a network of computers – will gradually become a network of objects,15 enveloping the physical environment.16 Requiring little deliberate human intervention and encompassing a wide array of different emerging technologies (mobile sensors, radio frequency identification [RFID] tags, software agents, nanotechnology, etc), AmI consists of a technological ecosystem in which ‘people will be surrounded by intelligent and intuitive interfaces embedded in everyday objects around us’.17 One of the most remarkable shifts entailed in these prospective scenarios is the fading of (traditional) computers from our visible physical environment and consciousness. In their place we will have the deployment of a prolific number of devices and machines (such as tags and sensors) capable of recognizing a given person and his situational contexts, adapting to the user’s needs and anticipating his desires without conscious mediation. AmI will thus be characterized by, on the one hand, its invisibility, discretion and unobtrusiveness and, on the other, its sensitivity, interactivity and responsiveness to the human person.
The AmI scenarios and the Ubiquitous Computing settings will exert a profound impact not only on our sense and definition of personal identity, but also on how we express and shape it. These novel and technological environments will transform how personal identity will be captured, represented and conveyed to others by a) massively increasing the digitization (and thus collection, storage and processing) of personal information; b) blurring the distinction between the physical and the digital realms, rendering our identities more and more traceable, profiled and networked; c) fragmenting and multiplying one’s identity into various distinct and partial ones; and d) deploying a set of advanced instruments to track and monitor users and, therefore, displaying a more encompassing and sophisticated capacity to identify, distinguish and classify each human being.18 Regarding the latter, there is the concern ‘that various kinds of identifying technologies (particularly of a biometric nature) should not erode our privacy or compromise our human dignity’.19
Personal identity will thus become, increasingly more, dispersed, multiple, ubiquitous, de-centred and (tendentiously) everlasting (i.e., permanently registered).20 Traces, traits, aspects and attributes of our identities – all digitized and processed by an infinitude of intelligent devices – will thus be dispersed through the physical-digital environment and scattered through smart objects. Identity will also become de-centred, gradually escaping our own control and sphere of command. The collection of personal data by external entities (governments, public institutions, law-enforcement authorities, private entities, commercial companies, etc), as well as by other people, leave data subjects with less and less control over the construction, representation and projection of their personal identities. In addition, more and more profiles and other identity representations will be constructed by AmI machines and agents. The intermediate character of the modern information environment (mediated by a wide range of different actors: Internet’s access providers, search and filter services, content hosts and database operators, each one with their own interests and motivations) will only render identity more dependent on 3rd parties’ intermediaries (and many times under a singular channel controlled by a monopolistic body).21 This trend will only tend to increase with AmI, thus intensifying the dangers posed to identity, such as the ones of simulation, impersonation, misrepresentation and identity theft. In addition, identity elements will tend to become indefinitely preserved in databases, registered and stored (potentially) ad finitum. Finally, personal identity will also become multiple. Rather than rigid and uniform, there is an ongoing social change according to which identity is increasingly understood as being multifaceted and context-dependent.22 The different contexts in which we act, the various roles we assume, and the technological environment that provides for a newer and greater number of different roles and contexts are the fundamental factors behind this multiplicity of identities.23 Internet (and its forthcoming conversion into an AmI space) will thus disrupt the traditional connection between one person and one identity (i.e., its alleged unicity and stability), rendering it increasingly fluid, undetermined, variable and fragmented. People, in effect, tend to – more and more – present different and dissociated identities.
Without being able to proof a causal link, we assume that the technological changes discussed above have contributed to a recent doctrinarian movement interested in understanding the role of identity in our society and in law. The following section sketches the main contributions to this re-launch and re-conceptualization of the notion of identity and its legal casting. Most authors underline the importance of identity and show, each in their own way, how identity formation works. Some authors add to this a specific argumentation about identity in the law, its uniqueness and relationship with other legal notions such as privacy and freedom of expression.
The Right to Identity as Conceptualized in Recent Scholarship
From 2000 on Italian author Giorgio Pino has been writing extensively on identity. His work, especially his article ‘The Right to Personal Identity in Italian Private Law: Constitutional Interpretation and Judge-Made Rights’, describes how a right to identity was recognized in Italy by judges,24 legal theorists and then by the legislator.25 This right to personal identity, first developed in case law, is commonly described as the right everybody has to appear and to be represented in social life (especially by the mass media) in a way that fits with, or at least does not falsify or distort, his or her personal identity. Due to a tendency towards an expansive legal protection of the various aspects of human personality and to the striking diffusion of the mass media in past decades, the right was understood to protect the interest that everybody has to be represented with his/her real identity, i.e., with the identity that appears in concrete and unequivocal circumstances of social life. The recognition of the right expresses the claim that one’s (ascertainable) cultural, professional, religious, political, social experiences should not be distorted, misrepresented, falsified, confused, contested, or the like, by means of the ascription of false (even if not necessarily defamatory) statements or acts.26 In brief, the right to personal identity means the protection of individual personality against false representations elaborated by the mass media, or displayed in databases.
In his work, Pino discusses these developments and characterizes this right to personal identity as a multiform and adaptable right, flexible enough to grant legal protection to different situations.27 In addition, Pino analyses different laws and issues that are strongly linked to the idea of personal identity: intellectual patrimony, sexual identity, the right to oblivion, and the right over personal data.28 Regarding the latter, and taking into account the broad definition of ‘processing’ and ‘personal data’, data protection law seems to cover, Pino holds, all the most important cases of violation of personal identity that have been brought to court.29
In 2008 and 2009, Claire Sullivan, following a legal perspective and within a transactional context, embarks on a full-length study of digital identity. Sullivan identifies the emergence of a distinct and new legal concept of identity, linking it closely to the notion and regime of property. Her study demonstrates that an individual’s digital identity presents characteristics of property that ought to be subject to legal protection. By defining ‘identity theft’ through the lens of this emergent concept, Sullivan analysis shows that digital identity amounts to property capable of actually being stolen and criminally charged. Sullivan then turns to human rights law. She observes that although the right to identity – in the context of the National Identity Scheme (NIS) in the United Kingdom30 – arises in specific form – as a right to digital identity (defined as the right of an individual to an accurate, functional, unique transaction identity), it is part of a broader right to identity under international law. This right should not be understood as a privacy related right. On the contrary, Sullivan believes that the overwhelming focus on privacy in international legal scholarship and jurisprudence has undermined the actual importance and relevance of the right to identity. Following Neethling,31 Sullivan argues that the right to identity is infringed by untrue or false use of indicia of identity, whereas the right to privacy is infringed by the association of an individual with personal facts, contrary to the wishes of that individual. Contrarily to the right to privacy, and given its fundamental right nature, derogations to the right to identity cannot be justified on public interest grounds and can only take place in exceptional circumstances. Based on this reasoning, the author asserts that the right to identity applied within its scope provides better, and more appropriate, protection than the one afforded by the right to privacy.
In passing we note Sullivan’s interesting association between digital identity and legal personality. Sullivan argues that ‘token identity’ (a defined and limited set of information which determines an individual’s identity for transactional purposes) should be considered a legal person.32 In effect, the scholar asserts that the concept of token identity established under the UK NIS fits the concept of legal personhood. As the author states:
Token identity “exists only as an abstract capacity to function in law, a capacity which is endowed by law because it is convenient for law to have such a creation”. Although the lawmaker may not have made a conscious decision to create token identity, let alone endow it with legal personality, the legislation has crystallized the concept and through the operation of the scheme, it has been endowed with legal personality.33
Sullivan thus establishes a crucial distinction between the physical person and the (digital) information that is associated with that person: [a]lthough there is a national connection with a human being, it is the information which plays the crucial role in the transaction, not the individual to whom it is presumed to relate’.34 As we shall see in the following, the concept of information lies at the basis of two other proposed re-conceptualizations of the right to identity, namely the ones by Andrade and Oreg.
In a context of new and upcoming technological developments and challenges, Andrade – in his study The Right to Personal Identity in the Information Age. A Reappraisal of a Lost Right35 – conceptualizes the right to personal identity as a right that encompasses, controls and protects a series of different types of information related to or constitutive of our personal identity (digital, genetic, neural). Following a postmodern conception of identity (as anti-essentialistic, dynamic and multiple), and grounded upon the fundamental values of dignity, autonomy and self-determination, the right to personal identity is presented and defined as the right to be different, inimitable and unique; the right to be different, not only from others but also from oneself. Further to a right over information, this right to identity is presented and developed as a right that regulates a series of identity movements and transformations between different ontological levels of ‘being’ (possible ↔ real; actual ↔ virtual). Thus, the right to identity is the right to have one’s identity attributes registered (real → possible), as well as the right to be recognized and identified (possible → real) according to those defining features. The right to identity also encompasses the right to be represented as one wishes (virtual → actual) – that is, the right not to be misrepresented; the right to delete and recreate oneself (actual → virtual), an identity movement that encompasses the right to be forgotten (and, consequently, the right to start again); and the right to multiple identities (virtual → actual) – that is, the right to create, control and uphold different identities in digital environments. Based on the fundamental idea of multiplicity, Andrade proposes a new approach to existing laws and in particular laws on privacy and data protection. The author proposes to elaborate a regulatory framework through which the user can articulate and use different identities, beginning with the ‘holonym’ (master identity), which comprises all of a person’s possible nyms, i.e., all aspects, elements and attributes of their personal identity.36 The regulatory proposal would focus not on the information itself (surpassing the personal/non-personal dichotomy), but on the sources of information, i.e., on the various and separate identity categories to which different streams of information would correspond to.
In his discussion of the legal framework, Andrade shows how existing laws and courts’ decisions have lagged behind, addressing and regulating identity through a series of outdated ‘dogmas’ and ‘paradigms’ (namely the ones of immateriality, notoriety [or publicity], visibility, ex-post intervention [remediation] and authenticity).37
Again we find an argument to conceive ‘a’ right to identity as an autonomous legal instrument. By drawing attention to the importance of keeping the right to identity, privacy and data protection explicitly defined and separated, Andrade proposes two important criteria (procedural/substantive and alethic/non-alethic) through which these different rights can be distinguished and articulated. Hence, the scholar distinguishes data protection, on one side, from privacy and identity, on the other, qualifying one as procedural and the other as substantive. Regarding the difference between the rights to identity and privacy, the scholar distinguishes between personal information that qualifies alethically (from αλήθεια [aletheia], the Greek word for truth) from the one that does not. Andrade argues that personal data encompassing a set of true facts related to the data subject should be protected under the right to privacy, whereas personal information that is not necessarily truthful (that is, which is false or de-contextualized) should be covered by the right to identity.38 As a way to test the usefulness of the alethic criteria, Andrade devotes particular attention to the implications of automated profiling technologies, arguing that the conceptual clarification of both the rights to identity and privacy will be crucial in order to protect and promote the autonomy and self-determination of the human person.39
In his 2011 article Right to Information Identity,40 Elad Oreg equally starts his analysis with looking more closely at the idea of information as a pivotal concept. This legal scholar anchors (and, in a way, substantiates) the notion of identity to information, arguing that the current legal protection of information-identity is partial, incidental and insufficient. Identity-related information is spread out through various branches of law (privacy, intellectual property, freedom of expression, slander, etc) that fail to cover the wide array of dangers threatening identity. In effect, the extent to which information-identity can be distorted, impersonated, filtered, deleted and concealed demands thus the conceptualization of a right to identity, grounded in solid conceptual and normative foundations.
In this light, Oreg argues in favour of the conceptualization and recognition of a new, independent and explicit legal principle of a ‘right to information identity’, that is, the ‘right of an individual to the functionality of the information platforms that enable others to identify and know him and to remember who and what he is’.41 The right to information identity is depicted as a person’s right to the existence of his information identity, i.e., as a right to exist (as information) in the ‘mind’ of others (persons, institutions, State). This right is not conceptualized as a right ‘stricto sensu’, but as a principle which – in Hofheldian terms – gives expressions to all legal norms – ‘freedoms’, ‘rights’, ‘immunities’ and ‘powers’, etc – that are intended to promote the identity interests and values protected by such principle. As Oreg explains, this right imposes limitations upon various players whose conduct affects these platforms; it prohibits them from behaving in ways that damage it, such as impersonating, distorting, falsifying, deleting, hiding, filtering and destroying identity-related information.42
Oreg explains the inherent and the instrumental justifications (psychological significance for others, efficiency, incentive and accountability, trust, community, democracy) for the establishment of a right to identity. In his work we find a general outline of the right to information identity, its protected values and interests, its influence on diverse contemporary legal doctrines, and a ‘future research’ agenda capable of providing a more concrete and detailed explanation of this fundamental principle (the right to identity is depicted not as a specific rule, but as a broad standard which requires further discretion in implementing it in concrete situations). Oreg, in addition, not only presents and defines the right to identity, it also differentiates it from other rights (right to good reputation, right to privacy, freedom of expression), contributing also to the autonomization of the right to identity.
In Paul Bernal’s The Right to Online Identity (2012)43 we find a strong defence of a (specific) right to an online identity. In the same way that people have a right to internet access, Bernal argues that they should also have a right to an online identity. According to the author, online identities should be understood as something more complex than a matter of authentication of a link from an online actor to a real person. Online identities are, instead, complex, multifaceted and constantly developing, bearing both similarities and significant differences from ‘real-world’ identities. The recognition and assertion of an online identity is perceived as a pre-requisite for any individual to take part and to function fully in modern life.
Bernal constructs his ‘right to online identity’ as encompassing three clusters of specific rights: the right to create, to assert and to protect that identity; as well as the right to control the links between the online identity and the real identity behind it.44
An important idea underlined by Bernal is the need to specifically protect the online identity rather than protecting the owner/user of that online identity, i.e. the real person behind it.45 This requires protecting online identities without (necessarily) revealing the links to the corresponding offline identities.
It is important to note that the author does not define the rights to create, assert and protect online identities as purely legal ones, but as ‘natural’ rights, emerging from the needs of individuals and communities. Similarly to Oreg, Bernal thus states that the rights forming the right to identity should function as principles, from which legal rights and regulations could then be derived. Taking into account that the protection of and the control over an online identity includes rights over the data associated with that online identity, Bernal argues – similarly to Andrade – that the right to be forgotten can be directly derived from a right to an online identity.46
In adopting an approach that draws on the moral philosophy of Alan Getwirth, Roger Brownsword in his 2009 article Friends, Romans, Countrymen: Is there a Universal Right to Identity debates the conceptualization of a right to identity as a universal right (i.e., a right that should be recognized as universally binding). By thinking through the logic and concept of agency, and namely by following Gewirth’s seminal claim that ‘agents are rationally bound to respect the freedom and basic well-being of one another’47 (which constitutes, according to the author, ‘the best shot that we have at arguing for universal rights’48), Brownsword asserts that ‘each agent is able to claim a right to respect for their own distinguishable and distinctive personal identity’.49 In other words, ‘it is because we are agents, and only because we are agents, that we each have rights and responsibilities to recognize and respect the different and distinctive personal identities that we assume’.50
Looking at Brownsword’s construction in more detail, the scholar argues that although we need a shared identity to ground and to universalize our rights claims, one of these claimed rights is the right to develop our own distinctive identity (distinguishing oneself from other agents). Within the freedom presupposed in the conditions of agency, ‘each agent claims a right to be respected as (…) the author of his or her own distinctive personal identity’.51 In developing this identity claim, which ‘is largely designed to protect an agent’s autonomy, particularly in relation to the authorship and ownership of one’s own personal identity (the claim to be recognized and respected as ‘the agent that I am’)’,52 Brownsword articulates an agent’s right to identity.53
The author thus argues that the right to be recognized as an agent constitutes an eminently suitable articulation of a distinctive universal right to identity.54 Based on such right, Brownsword discusses the issue of surveillance, detective (identifying) technologies and profiling. Regarding the latter, the scholar refers to an agent’s right to correct his profile, the right to challenge a profile that he believes misrepresents his identity or that is used in a way that treats him unfairly, or even the right to complain against a profile that, although accurately reflecting his prior record and pattern of consumption, subtly constrains his choice, exposing him to a particular stream of behavioural advertising and, consequently, impeding the agent to experiment or to ‘re-invent’ himself. In other words, the profile is in line with his identity but the agent claims a reserve right to be free to modify his identity.55 As the scholar observes, ‘[i]nsofar as these rights claims are ones that should be made by any agent (…), in any community of rights, they are universal’.56 The author nevertheless does not provide a strong and definite conclusion regarding the right to identity. Brownsword argues that the appropriateness of addressing the novel threats posed by new surveillance and information technologies by asserting a right to identity is not altogether clear. These hesitations are legitimate but do not necessarily have to lead to a deadlock. Most authors discussed so far pay attention to problems and risks associated with a strong recognition and protection of modern identity practices. Bernal, for instance, calls the attention to the complications associated with the use of identity online, namely the sharing of one online identity by several ‘real’ people, the transfer of online identity from one person to another, the regime applied to an online identity when the corresponding physical person dies, the use of fake, effectively fraudulent identities, and the need to address them.57 Nevertheless, and as alerted by Bernal, these problems do not undermine the need to understand, accept and establish the right to an online identity.58
This discussion brings us to an important point. Next to the question whether there is need for the recognition of a new right (to identity) and whether such a right will bring more good than bad, there is a discussion about the possible ways to frame such a new right, in such a way that the right is either absolute or not, and encompasses some identity aspects or all identity aspects. A reflection of these and other questions is contained in De Hert’s 2007 A Right to Identity to Face the Internet of Things?
Paul De Hert analyses the need to create or recognize a specific ‘right to identity’ in light of the threats posed to the individual by the so-called ‘Internet of Things’ (that, broadly speaking, equates to the Ambient Intelligence and Ubiquitous Computing scenarios previously analysed).59 Following Hildebrandt’s work, De Hert identifies profiling as the most important threat to identity posed by the Internet of things. Profiling creates new possibilities to manipulate people into certain behaviours without providing them adequate feedback of how their data have been used (or abused), fitting people into new idem identities that they cannot control and that they are often not aware of.
De Hert constructs his right to identity based on Ricoeur’s distinction between ipse and idem identity. As explained by the author, and supported by the works of Ricoeur and Hildebrandt, ipse (or self) is the irreducible sense of self of a human person, the reflexive consciousness of oneself; whereas idem (or sameness) identity is the objectivation of the self that stems from comparative categorization.60 The legal recognition of identity as a right should thus be understood in dynamic terms, encompassing both ipse and idem identity, i.e. the double tension of personal identity. The right to identity should thus allow for this double movement, one towards resembling the other and comparing oneself to others (one needs the outside world and other people to construct his or her identity), and one differentiating and distinguishing oneself in a perspective of individualization. In stressing the positive (and constructive) aspects of identity, De Hert alludes to the need to clearly distinguish the right to identity from the classical or first generation (shielding) human rights, such as privacy:
[u]pholding identity is not only an issue of shielding persons against intrusions by governments and other actors, but also an issue of making identity formation possible. A formulation of an identity right as a first generation human right would not pay enough respect to the positive nature of the relationship between ipse and idem identity.61
Moreover, De Hert identifies specific identity-related issues that are not covered or protected (nor should they be) by the right to privacy, namely the following: choice of family names, sexual identity and choice, recognition of a right to oblivion, biomedical implants; enhanced testing of new-borns and ethno-screening with the purpose of avoiding health-risks, conception outside the body and the issue of giving birth anonymously, human enhancement (for instance, extreme life prolongation); dual nationality; right to cultural identity. The author, along with Prins,62 argues that these novel issues and new developments can have an important impact on our understanding of identity and call for a new balancing of interests. Moreover, and in order to properly conduct this balancing, there is the need to go beyond the established rights and concepts such as privacy, liberty, autonomy and discrimination, recognizing thus an explicit right to identity as an aspect of the human dignity in the EU Charter on Fundamental Rights.63
In the sense that people cannot function without identity (‘[t]o have an identity is like living, breathing, having a healthy life, to be able to feel and think’), De Hert defends the straightforward recognition of identity as a right protected by international human rights.64