The accelerated evolution of information and communication technologies and the global ‎expansion of the ‎digital ecosystem have profoundly reshaped the nexus between security and ‎human rights. Cyberspace, as a socio-technical domain, represents a dual-edged sword. It ‎facilitates social, economic, and legal empowerment by enabling freedom of expression, ‎access to information, and democratic participation. Yet, it also introduces new vectors of ‎threats, including data breaches, information manipulation, cyberattacks on critical ‎infrastructures, and interference with democratic processes. This tension between security ‎imperatives and fundamental freedoms is at the heart of the challenges posed by cyberspace, ‎and this article argues that resolving it requires a human rights-based approach to ‎cybersecurity.‎

The study explores the historical trajectory of security, tracing its evolution from a ‎traditional state-centric conception focused on territorial integrity and military defense to ‎the more human-centered paradigm of "human security”. The article highlights how, with ‎the advent of cyberspace, security has taken on new dimensions that transcend national ‎borders and military considerations. Cybersecurity is presented not just as a technical issue ‎but as a complex socio-political challenge with legal, political, and ethical implications. ‎This redefinition of security, influenced by global governance initiatives and evolving state ‎practices, underscores the need for a holistic approach that integrates both security and ‎human rights.‎

Central to the analysis is the intersection of cybersecurity with core human rights, ‎specifically the right to privacy and the right to freedom of expression. Privacy, enshrined in ‎international instruments such as Article 12 of the Universal Declaration of Human Rights ‎‎(UDHR) and Article 17 of the International Covenant on Civil and Political Rights (ICCPR), ‎has become increasingly contested in the digital era. Mass surveillance programs exposed by ‎Edward Snowden, pervasive facial recognition systems, and intrusive spyware like Pegasus ‎illustrate how governments often justify disproportionate infringements on privacy under the ‎guise of security. Similarly, freedom of expression, guaranteed by Article 19 of the UDHR, ‎has flourished through digital platforms but is under increasing threat due to government ‎censorship, internet shutdowns, opaque content moderation by private companies, and ‎disinformation campaigns. The Cambridge Analytica scandal exemplifies how democratic ‎processes can be manipulated in cyberspace, undermining public trust and electoral ‎integrity.‎

The article employs the four classical criteria for legitimate limitations on rights, legality, ‎legitimate aim, necessity, and proportionality as the framework for assessing state and ‎corporate cybersecurity practices. These principles, developed in international human rights ‎jurisprudence and embodied in instruments such as the Johannesburg Principles, continue to ‎apply in cyberspace. Case law, such as the European Court of Human Rights’ 2021 judgment ‎on the UK's surveillance regime, illustrates the tension between broad, indiscriminate ‎surveillance and the necessity and proportionality required under human rights law. ‎Similarly, the EU Artificial Intelligence Act (2024) raises concerns over vague national ‎security exceptions, risking undermining the very principles of necessity and proportionality. ‎The use of spyware against journalists and human rights defenders without compelling ‎justification or judicial oversight is a stark example of disproportionate practices that erode ‎democratic governance and accountability.‎

On the international stage, the article discusses the absence of a binding comprehensive ‎treaty on cybersecurity and human rights, yet acknowledges the growing body of ‎international initiatives signaling an emerging normative consensus. These include UN ‎General Assembly resolutions on information and communications developments, work by ‎the Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) ‎on responsible state behavior in cyberspace, and the Human Rights Council’s thematic ‎resolutions. The 2024 UN Comprehensive Convention on Countering the Use of ICTs for ‎Criminal Purposes, though focused on criminal cooperation, marks a step forward in ‎aligning cybersecurity with human rights. Furthermore, the ongoing Global Digital Compact ‎‎(2024-2025) presents an opportunity to institutionalize transparency, accountability, and ‎multistakeholder cooperation in global cyber governance, although state rivalries and ‎fragmentation continue to hinder its full implementation.‎

A key contribution of this article is the discussion of the "right to cybersecurity" as a ‎novel normative construct. This right incorporates both negative obligations on states to ‎refrain from disproportionate surveillance and positive obligations, shared by both states and ‎private actors, to ensure resilient infrastructures and prevent cyber harm. Recognizing this ‎right reframes human rights as prerequisites for legitimate and sustainable cybersecurity, not ‎obstacles. It also fosters multistakeholder cooperation among governments, technology ‎companies, civil society, and international organizations, embedding human rights at the ‎core of digital governance frameworks.‎

The article underscores that bridging the gap between security and human rights in ‎cyberspace requires coordinated efforts at multiple levels. Domestically, laws and ‎regulations must narrowly define security exceptions, guarantee judicial oversight, and ‎provide foreseeability to prevent arbitrary restrictions. At the platform governance level, ‎technology companies should be compelled to ensure algorithmic transparency, publish ‎regular accountability reports, establish effective appeal mechanisms, and submit to ‎independent monitoring of their content moderation practices. At the international level, ‎states and institutions must advance the codification of norms for responsible behavior in ‎cyberspace, while also operationalizing human rights obligations into sector-specific ‎guidelines, particularly with regard to artificial intelligence, surveillance technologies, and ‎data governance.‎

The article concludes by emphasizing that the relationship between security and human ‎rights in cyberspace is not a zero-sum trade-off or binary conflict. Rather, human rights are ‎the essential foundation for sustainable and legitimate cybersecurity. Upholding legality, ‎legitimate aims, necessity, and proportionality is consistent with international human rights ‎law and crucial for preserving public trust, democratic legitimacy, and long-term stability in ‎the digital age. The transition toward rights-based cyber governance must be grounded in ‎legal transparency, multilayered accountability, and genuine multistakeholder cooperation. ‎By reframing human rights as enablers of security rather than constraints upon it, the article ‎offers a conceptual and policy roadmap for aligning cybersecurity with enduring values of ‎human dignity, freedom, and justice.‎