Jennifer Zerk Consulting
Corporate social responsibility Who we are
How we fit in
What we do
How we work

talking point

Privacy as a human right: Five lessons from the News of the World phone hacking scandal

The right to at least some degree of privacy is an established human right.(1) But so far this has not emerged as a priority issue in the Business and Human Rights debate. Perhaps it is time to rectify this. Recent revelations about the lengths with which some journalists will go, just to get a story, have horrified just about everybody. While many celebrities and public figures appear to have been targeted, it is the invasions of privacy of ordinary people – including people who are bereaved and victims of crime – that have provoked the most outrage.

When trying to define the scope of the right to privacy, there is often a balance to be struck with other rights relating to freedom of expression.(2) But rights of freedom of expression are not unlimited. (3) There are legal and ethical limits to what you can publish and how you go about getting information. Hacking into people's private phone messages – a practice that most people would regard as morally reprehensible – has been a criminal offence in the UK since 2000. (4)

Revelations about the extent of phone hacking by sections of the British media are still unfolding. The UK Prime Minister, David Cameron, has appointed Lord Justice Leveson to carry out a public inquiry into ethical issues concerning the press and the current regulatory framework (Part 1) and the extent to which phone hacking and other unlawful practices have been used by media organisations (Part 2). This second part of the inquiry will also look at the extent to which corporate governance and management failures contributed to the problem.

However, even at this fairly early stage, there are a number of lessons we can draw from this scandal that have broader relevance for Business and Human Rights. Some of these are so obvious that they hardly bear repeating. But it seems that repeat them we must.

Lesson 1: Ignorance of what employees are up to is no excuse

NOTW editors and their corporate bosses have repeatedly denied knowledge that phone hacking was taking place. But while this may absolve them of criminal responsibility, it is not an argument that has evoked much media or public sympathy in the wider ethical debate. As the Ruggie Guiding Principles make clear, the corporate responsibility to respect human rights – including the right to privacy – involves not just dealing with what is staring you in the face, but putting in place human rights due diligence processes to “identify, prevent, mitigate and account for how [companies] address their impacts on human rights”. (5) This involves “assessing actual and potential human rights impacts, integrating and acting upon the findings, tracking responses, and communicating how impacts are addressed”. It is not a reactive process but anticipatory and ongoing. (6) And it requires commitment from all levels of the business enterprise, from parent to subsidiaries, and from the board to every level of management.

Lesson 2: It's easy to blame a bad apple – but what about the barrel?

The office can do strange things to people. There are pressures, politics, unwritten rules and odd conventions, the combined effect of which can create a setting in which individuals may indulge in behaviour they would not contemplate outside.

Of course, some workplaces can help bring out the best in people. They can be nurturing grounds for creativity, innovation and excellence.

But unfortunately the opposite can be true too. Workplaces can be demotivating and foster complacency. They can also be stressful, intensely competitive and even hostile places to be. Over time, if we are not careful, these less positive aspects of “corporate culture” can give rise to alternative ways of viewing ethics and risk: little islands or “bubbles” where the accepted world-view is different from morality elsewhere. It is these alternative moralities that can make an MP, for instance, think it legitimate to supplement her income by claiming expenses on an unnecessary second home, or a banker to think it acceptable to gamble someone else's money on a financial product he has not taken the trouble to understand.

An important part of understanding and addressing human rights risk is an appreciation of the kinds of pressures faced by employees in their day-to-day work. The kinds of competitive pressures, for instance, that may cause employees or managers to cut corners, to bully others, or to push at the boundaries of acceptable conduct in order to gain an edge. Rather than turning a blind eye, responsible managers anticipate these kinds of temptations, make clear what is expected, arrange appropriate training, and ensure that financial and other incentives for personnel reinforce, rather than undermine, a human rights respecting approach. (7) Crucially, there should be no mixed messages for staff in terms of what a company says about human rights, and how it rewards individual performance.

Lesson 3: Don't confuse power and privilege with licence

Large companies enjoy a great deal of political clout, and few have wielded more political influence in the UK than News Corporation. Tony Blair must by now be tired of being reminded of his sudden dash out to Australia and back to address a News Corporation conference in 1995. But members of the current UK government have not exactly distanced themselves from NOTW and News Corporation either. Until recently, that is.

Many people worry that large companies have become too powerful and have too much of a say in UK government policy. For anyone who cares about democracy, the idea of government ministers kow-towing to unelected media executives is a distasteful one. But the problem is not confined to media companies. The apparent inability of the UK government to deal with the problem of corporate tax avoidance – a problem which costs UK government coffers billions of pounds per year – really does beggar belief. No-one expects the (desperately needed) financial sector reforms to be plain sailing either, with the British Bankers Association and the CBI both now warning that any regulatory changes at this stage may threaten the UK's economic recovery. (8)

Those seeking to make reforms that work against the interests of the rich and powerful will always face an uphill struggle. But, as the phone hacking scandal shows us, there are limits to what we the public, and our politicians, will put up with when corporate power is abused. Corporate highhandedness – which includes riding roughshod over the human rights of ordinary people – can, in the end, erode shareholder value, scupper business plans and bring executives low . If it can happen to Rupert Murdoch it can happen to anyone.

There are likely to be heated debates in the weeks and months ahead – especially as the Leveson inquiry gathers pace – about the appropriate balance to be struck between freedom of speech and rights of privacy. We will hear much – as we have heard already – about the importance of a free press and the vital role of newspapers in holding public figures to account. Of course there is merit in this. And of course media companies should be able to lobby, like anyone else. Ultimately, though, decisions about what is (and is not) in the common good must be a matter for democratically elected governments. Not companies.

Lesson 4: We cannot rely on self-regulation to protect human rights

The phone hacking scandal raises questions about the roles of both of the two main regulatory authorities involved: the Press Complaints Commission (which administers a voluntary “editors' code of conduct”) and the Metropolitan Police (which is responsible for investigating possible breaches of the criminal law relating to phone hacking). Here, we focus on the self-regulatory aspects.

The Press Complaints Commission has carried out two inquiries in relation to phone hacking: one in 2007 following the criminal convictions of a NOTW journalist and a private investigator for phone hacking, and a further investigation in 2009 following allegations in the Guardian newspaper that phone hacking by newspapers was still ongoing and widespread. In its 2009 report, now withdrawn, the Press Complaints Commission recorded that it had “seen no new evidence to suggest that the practice of phone message tapping was undertaken by others beyond [the two convicted individuals], or evidence that News of the World executives knew about [the convicted persons'] activities.” It goes on to assert that “there is nothing to suggest that the PCC was materially misled during its 2007 inquiry” and furthermore that “there did not seem to be anything concrete to support the implication that there had been a hitherto concealed criminal conspiracy at the News of the World to intrude into people's privacy”. (9)

Given the revelations of recent months, this all looks rather lame. The Commission has since announced that it no longer stands by the contents of its 2009 report. (10) In the meantime, politicians have lined up to pour scorn on the Commission and its handling of the whole affair. David Cameron called the watchdog “ineffectual and lacking in rigour”. His Deputy, Nick Clegg, called it a “busted flush” and the Labour Leader, Ed Milliband, has branded it a “toothless poodle”.

A key area of concern is the Press Complaints Commission's possible lack of independence and balance. Eight of the Commission's 17 members are serving editors. The lay (or “public”) members include people with backgrounds in law, policing and justice, accounting, the media and a former MP. But it does appear lacking in terms of representatives from civil society, victim's groups, human rights campaigners and the public at large.

The Commission also has a number of operational limitations. It has no powers to punish editors and newspapers – its role instead is primarily to negotiate apologies and corrections. And it has no real powers of investigation. In the phone hacking case, it had to rely on the assurances given by newspaper executives and on the thoroughness of the police investigation. Following further allegations (made during the summer of 2011) about the extent of phone hacking by newspaper journalists in the UK, the Commission has set up a number of internal initiatives, designed to improve journalistic standards and to restore public confidence. Given the political pressures, though, the Commission's days may well be numbered whatever it does. The Leveson Inquiry has been asked to make recommendations “for a new more effective policy and regulatory regime”.

According to the Press Complaints Commission web-site, “ self regulation works because the newspaper and magazine publishing industry is committed to it”. The phone hacking scandal shows us, even more clearly, how self-regulation conspicuously does not work when the corporate commitment is not there. Self-regulation can take many forms, and it can work well where there is a common interest in raising standards, a commitment to principles of openness and transparency, and where each company has a roughly equivalent stake in ensuring that the agreed-on standards are upheld. But these regimes are only ever really as strong as the corporate self-interest in adhering to them. When the heat of competition is turned up, when companies are fighting for market share, and when there are commercial advantages (however temporary) in cutting corners and abusing rights, self-regulation can end up looking very shaky indeed.

Lesson 5: While we should worry about human rights abuses abroad, don't ignore what is happening under our noses

This final lesson goes to the heart of the issue of what the Business and Human Rights debate is all about. Much of the debate so far has centred on the role of companies, usually multinational companies, in human rights abuses in the poorest, or most conflict ridden countries. This is hardly surprising. It is in those parts of the world where regulation is weak, where regulators are under-resourced or corrupt, and where remedies are largely lacking, that ordinary people appear most at risk.

But this may have given some people the impression that Business and Human Rights is all or mostly about what companies do in developing countries and conflict zones. It isn't. As the phone hacking scandal shows, corporate abuse and weak and ineffectual regulation can happen just about anywhere.

Human rights is (or at least ought to be) a concern for everyone, everywhere: not just garment workers in Bangladesh or environmental protestors in Nigeria. The “corporate responsibility to respect” human rights is not part of some charitable or neo-colonial endeavour. It is not about telling foreign countries how to do things. It is simply about getting companies to understand, acknowledge and address their impacts on ordinary people, consistently with internationally agreed human rights principles.

This should not be so much to ask.

© Jennifer Zerk


1.See, for instance, the European Convention on Human Rights, Article 8: “ Everyone has the right to respect for his private and family life, his home and his correspondence”.

2. See the European Convention on Human Rights, Article 10, “ Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.

3 .See for instance, the European Convention on Human Rights, Article 10(2), which states that “ The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or the rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary .”

4. The Regulation of Investigatory Powers Act 2000 is the main UK statute relating to phone hacking. It creates a criminal offence of intercepting “ intentionally and without lawful authority … any communication in the course of its transmission ” (see section 1).

5. See Guiding Principles on Business and Human Rights: Implementing the United Nations 'Protect, Respect and Remedy' Framework”, 21 March 2011, UN Doc. A/HRC/17/3. Copy available af . See Guiding Principle 15 .

6. Guiding Principle, 17.

7. See Guiding Principle 16 (commentary).

8. Banking reforms 'may not happen until 2015', BBC News, 31 st August 2011,

9.See Press Complaints Commission ‘Report on Phone Message Tapping Allegations',

10.See ‘Statement of the Press Complaints Commission', 6 July 2011,


The Leveson Inquiry

The Ruggie Guiding Principles

UPDATE: The Leveson Inquiry is now complete and the report of the inquiry was published on 29 November 2012. A copy of the report can be obtained from here



See our previous Talking Points
written by Jennifer Zerk


Jennifer Zerk Consulting: +44 (0)1223 207305 -