Open-Source Intelligence, Armed Conflict, and the Rights to Privacy and Data Protection

Abstract

This paper examines the use of open-source intelligence (OSINT) during armed conflict and in humanitarian-emergency settings by States and non-State actors. It highlights real-world harms that can arise from the misuse of OSINT in such contexts, in particular through the lens of the rights to privacy and data protection, thereby demonstrating gaps in current terminology, regulatory frameworks, and ethical practices governing the use of this technology. Regarding OSINT’s use by States, the paper highlights the limits of existing legal frameworks regulating digital privacy and data protection in conflict settings, drawing on domestic regulatory frameworks and parallels from human rights law to identify key conceptual problems and regulatory limitations. Where non-State actors use OSINT, this paper highlights – via two case-study users, Bellingcat and the OSCE’s Special Monitoring Mission in Ukraine – the ‘doctrinal gap’ that arises from the patchwork of ethical standards and the relative absence of legal restraints. This gap poses a risk of harm to individuals and communities affected by OSINT activities that needs to be rectified, initially through the development of an evidence-based ‘theory of harm’.