be warned about the potential for misuse of data that they supply online. Government bodies and non-state actors collecting, retaining, processing or disclosing data have a responsibility to notify the concerned party when the personal data or information collected about them has been abused, lost or stolen. Mass or indiscriminate surveillance of individuals or the monitoring of their communications, constitutes a disproportionate interference, and thus a violation, of the right to privacy, freedom of expression and other human rights. Mass surveillance shall be prohibited by law. The collection, interception and retention of communications data amounts to an interference with the right to privacy and freedom of expression whether or not the data is subsequently examined or used. In order to meet the requirements of international human rights law, targeted surveillance of online communications must be governed by clear and transparent laws which, at a minimum, comply with the following basic principles: first, communications surveillance must be both targeted and based on reasonable suspicion of commission or involvement in the commission of serious crime; second, communications surveillance must be judicially authorised and individuals placed under surveillance must be notified that their communications have been monitored as soon as practicable after the conclusion of the surveillance operation; third, the application of surveillance laws must be subject to strong parliamentary oversight to prevent abuse and ensure the accountability of intelligence services and law enforcement agencies. It should also be recognised that for the enjoyment of their right to privacy, individuals must be protected from unlawful surveillance by other individuals, private entities or institutions, including in their place of work or study and in public internet access points. • Security, stability and resilience of the internet Everyone has the right to enjoy secure connections to and on the Internet including protecting from services and protocols that threaten the security, stabil- ity and resilience of the Internet. Security, stability and resilience of the Internet must be protected and technical attacks against information systems should be prevented. Encryption is one of the key ways in which this can be achieved. States should recognise in their legislation and practices that encryption is a basic requirement for the protection of the confidentiality and security of information. In particular, States should promote end-to-end encryption as the basic standard for the protection of the rights to freedom of expression and privacy online, and promote the use of open source software. At the same time, States should refrain from adopting measures requiring or promoting technical backdoors to be installed in hardware and software encryption products. They should repeal laws banning the use of encrypted products, particularly by end-users, or laws requiring government authorisation for the use of encrypted products. Companies should also refrain from weakening technical standards and roll out the provision of services with strong end-to-end encryption. Initiatives to improve security of the Internet and address digital security threats should involve appropriate collaboration between governments, private sector, civil society, academia and the technical community. • Marginalised groups and groups at risk States and non-state actors shall respect and protect the right of all individuals to have access to and use the Internet. Special attention should be paid to the needs of groups at risk of discrimination in the enjoyment of their human rights, including women, the elderly, young people and children; minorities, including ethnic, linguistic, sexual and religious minorities; and other marginalised groups such as indigenous people, persons with disabilities, and rural communities/people living in rural areas. • Due process States must respect the right of every individual to equal protection under the law. This means that no one can be arbitrarily detained or punished for any