"While governments should be able to enforce tax regulations, they shouldn't do that in a way that impinges on the right to privacy," said Cynthia Wong, senior Internet researcher at Human Rights Watch. "The ARPT shouldn't put in place any system that gives them access to customers' sensitive personal information."
In a January 19 letter, three telecom operators stated that they would not comply without greater clarity about the objectives and legal basis for the request. ARPT representatives told Human Rights Watch that the information was sought for tax purposes only and that they would meet with phone company operators to try to resolve the issue. Human Rights Watch received information that two of those companies had agreed to comply with the government's request.
The proposed system, if connected directly to the telecommunications company's networks and billing systems, could allow the regulator to monitor all data and voice traffic and, if misused, would give the operator, the regulator, and potentially other government departments' back-door access to customers' call records.
As part of the implementation of the new system, the ARPT had also requested access to parts of the companies' phone records - known as "CDRs" - for the month of December 2015, as well as the necessary technical information to decode the CDRs.
Although CDRs do not reveal the contents of a phone call, they can include the phone numbers of both parties on the call, the time and date, the call duration, and even the approximate location of the people making the call. Such data can reveal sensitive information about a person's contacts and movements, especially when aggregated. Indeed, this information often can reveal more about a person's private life than the actual content of conversations.
While governments should have the ability to enforce telecommunications and tax regulations, requests for documentation should not disproportionately burden the right to privacy and other related rights. If phone data is being sought for other reasons, such as national security or law enforcement, then any government request should require judicial supervision and specific justification, and should be targeted only at individuals suspected of wrongdoing.
The Guinean government should clarify whether, in requesting records from phone operators, the ARPT, or any other government agency, has obtained or will obtain sensitive customer information. Any sensitive customer information acquired in response to the January 6, 2016 request should be deleted.
Before moving forward with future requests for call data or with a central control system, the government should ensure the necessity and proportionality of any method used to verify tax revenue and prevent fraud that involves intrusions on privacy. The government should also ensure that any effort to gain access to data held by telecommunications companies respects privacy and other rights.
"While Guinea's phone companies have an obligation to accurately report on their revenue and tax obligations, they should resist any attempt by the government to obtain access to sensitive personal information from their customers," Wong said. "Phone companies should also be transparent about the government's demands and the information they share with it."