What privacy & anonymity have to do with tech-related VAW

Anonymity and digital privacy are a critical part of human rights, but they are also connected to cyber crime, such as fraud, identity theft, cyber stalking, bullying, phishing and trolling. Survivors of VAW rely on anonymity and privacy to access life-saving information, while abusers use these rights as an opportunity to commit violence freely.

Anonymous communication has an important place in political and social discourse and is effective in promoting freedom of expression. Anonymity and privacy allow women to protect themselves, find resources when facing violence, seek community when isolated, speak out against repression and find information on sensitive health issues. When women face violence, they may not come forward without the assurance of privacy during and after their case.

You can learn more about protecting privacy and anonymity when talking to survivors and storing data in the Take Back the Tech! companion fact sheets.

What rights are relevant

  • Right to anonymity: There is no specific, encompassing international right to anonymity, but protections for anonymity exist to varying degrees in different countries. Anonymity and pseudonymity online can be fundamental parts of the rights to privacy and freedom from violence. There is a movement to encourage states to ensure the right of individuals to communicate anonymously on the internet and use encryption technology to ensure that right.
  • Right to privacy: In December 2013, the United Nations established “The Right to Privacy in the Digital Age”, expanding our offline rights to the digital world.
  • Freedom from violence: Through the Declaration on the Elimination of Violence against Women”, the United Nations holds that violence against women violates fundamental human rights.
How to protect privacy and anonymity

Your workplace should have policies on how to deal with the privacy and anonymity of both employees and anyone with whom you are working, especially survivors of violence. While workplaces may be able to monitor and collect data on employees, the employer is also responsible for protecting that data and employee confidentiality.

This goes for survivors of violence as well. It is never appropriate to share information about cases with people who are not authorised to receive that information. Always get in writing the survivor's consent to share information, recognising that the survivor has the right to refuse to provide consent. See Take Back the Tech!'s Be safe section for strategies and tools to protect privacy and anonymity.

Law enforcement
Providing training on privacy and anonymity for police officers dealing with VAW is critical. People experiencing violence need to be able to report crimes anonymously and ensure that their privacy will be protected, especially if the perpetrator remains at large. Many police departments even keep survivor addresses out of protection order databases in order to improve safety. Additionally, persons reporting the abuse of others should be able do so anonymously.
Train officers or advocates to give survivors advice on data protection and privacy. Officers should consider how privacy and data laws, as well as changes to those laws, can affect their work with survivors. Where laws have yet to catch up with ICT, some officers work diligently to find unique ways to apply other laws to ICT-related cases. For example, they use copyright laws to stop so-called “revenge porn”, or the abuse of private images for blackmail and harassment.

Furthermore, there are cases of officers stealing intimate photos from the phones of women they arrest and sharing them with their colleagues. Such officers should be charged according to the law, and departments should have written policies and protocols for reporting these privacy violations.
Survivor service providers

Tech-related violence usually leaves an evidence trail, which service providers should be trained to recognise. Work with survivors to save communications (e.g., SMS, emails, instant messages, chatroom messages, phone bills, screenshots of web pages, receipts, log files) and document each contact. Because ICT trends change quickly, providers need frequent training on ICT and VAW so they can collect evidence and help survivors stay safe.

In the digital age, the protection of client confidentiality by survivor service providers is essential. Keeping case files away from the internet and networked computers can ensure that they cannot be accessed by hackers. If you have a shared database, ensure that all parties use the same standards to protect privacy and anonymity. Develop a privacy and security protocol for the organisation based on a risk assessment and confidentiality commitments to the survivor.

Schools and universities
School staff should be acquainted with the school's privacy policies as well any privacy laws relevant to minors, but many schools have not updated their disciplinary and privacy policies to reflect changes in ICT. Without updated policies, incidents can slip through the cracks, survivor privacy can be easily (if unintentionally) violated and schools can be held liable. Ideally, there should be a trained staff person assigned to respond to cases of tech-related and other violence.
Students should have the opportunity to report any crime anonymously or remain anonymous during the investigation. Some schools even use an anonymous reporting system.
Private sector: employers and intermediaries

Employers should be familiar with area privacy laws related to the workplace and provide clear and comprehensive guidelines for employees, informing them of the rights and obligations of both parties. Do not assume that employees know where the privacy line is drawn at work.

Employers should consider the following:

  • Privacy policies and settings: Easy to find, comprehensive, optimised for usability.
  • Trusted information technology (IT) systems: Using confidentiality standards, maintaining system integrity.
  • Protection of the virtual personality: Digital signatures, user names, passwords, PINs, etc., must not be used or changed by others without the consent of the owner.

Intermediaries (telecoms, internet service providers and other platforms through which tech-related violence happens) are obliged to provide customer privacy policies and terms of service and to enable users to maintain a certain level of privacy. In case of data or identity theft, intermediaries may be responsible for investigating and providing advice to users.

All staff should be trained on the importance of maintaining user privacy and relevant laws, as intermediary employees can be tempted to inappropriately monitor or share user data. Intermediaries are accountable for ensuring privacy and anonymity from their end and should clarify in their terms of use the finer points of any data sharing, including who, when, where and why, and including government surveillance.