Data Privacy in the Digital Era: Are Human Rights at Risk?
The Protection of Personal Information Act 2013 s 5(d), states that, “A data subject has the right to have his, her or its personal information processed in accordance with the conditions for lawful processing of personal information as referred to in Chapter 3, including the right — to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal information as provided for in terms of section 11 (3)(a);[1]” The increased usage of digital tools and information systems has resulted in an exponential growth in the volume of data that has been generated. This data is big data, this data is data on consumers, individuals, you, and I[2]. This Big data is analyzed through the understanding of its characteristics volume, velocity, variety, and validity.
During December 1966, the UN General Assembly adopted international treaties that would form the foundations of the, now established, International Human Rights; these treaties are the International Covenant on Civil and Political Rights (ICCPR) and the International Covenant on Economic Social and Cultural Rights (ICESCR). Of the two treaties, the ICCPR treaty is the only one that explicitly states that the “Right to privacy” is a human right[3]. Now the question arises, what is a human right? According to the United Nations, “Human rights are rights we have simply because we exist as human beings — they are not granted by any state. These universal rights are inherent to us all, regardless of nationality, sex, national or ethnic origin, color, religion, language, or any other status.[4]”
So, what is the difference between human rights and digital rights? The digital era brings new technologies for data collection and analysis in real-time, these are include APIs, biometrics, artificial intelligence and machine learning, digital identity, and distributed ledger technologies, of course this list is not exhaustive. Applying these new technologies in a jurisdiction may result in an economy that is represented by Figure 1. These illustrate an example of a nearly complete centralized economy where especially the public sector has the most access and control of personally identifiable information, and the private sector also has significant access to the same data. Intrinsically, there is no difference between human rights and digital rights. Digital rights are the fulfilment of human rights in the digital era.
Digital rights are aimed at promoting the use of data privacy respecting technologies. Furthermore, these technologies must respect intellectual property rights, disinformation, protect democratic use and human rights. Initiatives to support digital rights include new rights for the digital context, which have been implemented in Brazil, Chile, Spain, and Portugal[5]. Lastly, technology-related rights, which support digital rights have been introduced, especially for artificial intelligence in countries such as the United States, Colombia, and Japan[6].
A significant measure of digital rights is the internet privacy index, which is based on data collected on data privacy laws, cybercrime legislations worldwide, freedom of expression statistics, democracy statistics, and press freedom[7]. From a survey of 110 countries around the world, Figure 2 illustrates the state of internet privacy by country, where the top 5 best and worst countries are listed in Table 1.
Cutting through the theory and statistics, what is the voice of the human in need of protection in the digital era? The right to privacy is the right to be let alone and under this light, in the digital era, humans and their sub-category of consumer, want to remain in control of their personally identifiable information, or personal data, which may be used for marketing purposes, sold to data brokers, and used for further processing unbeknownst to the data subject, the human being who owns the data. The human being wishes to be let alone and not tracked through which product clicks they make in an effort for directed advertising by digital ads. For the consumer, data privacy is a significant concern in the digital era.
Now, who is responsible for this niche area of consumer protection? From the private sector certain efforts may be made to protect the consumer, these include end-to-end encryption, limited data access, data minimalization, informing consumers of the organization’s privacy policy in language that is not full of legal jargon. How can regulators step in to ensure consumers are protected in the digital era? Domestic, regional, and eventual global harmonization of data privacy and protection legislation is key, especially as we live in a globalized world and cross-border data sharing has become ubiquitous. Policymakers and regulators need to ensure that, during this process, they don’t lose sight of an important component, the legislation and regulations that they draft need to be context specific, with a holistic and risk-based approach to protecting the consumer.
Where data privacy and protection legislation is enacted, its sister legislation is not far behind, cybercrime legislation. Cybercrime legislation seeks to ensure that the cybersecurity confidentiality, integrity, availability (CIA) triad is maintained, thereby ensuring data protection and privacy. Why does this matter? 68% of individuals are significantly concerned about not knowing how their personally identifiable information is collected online and used. Furthermore, 66% of individuals wish to have the ability to stop receiving notifications from an organization’s data use when they are no longer interested in their product(s)[8]. Moreover, when individuals where asked if the prohibition of organizations buying and selling data should be mandated — the question was met with an overwhelming yet.
As digital transformation deepens there are significant potential gains that can be realized. However, as with all innovation, it needs to be embraced with prudence thereby understanding its holistic effect on economic agents. The prudential and market conduct approach matters for this scope because data privacy is a human right, which we all have for existing as a human beings. This fundamental right should not be compromised for technological advancements.
References:
[1] Government of the Republic of South Africa (2013), “Protection of Personal Information Act, 2013”, available here.
[2] BIS (2020), “Payment aspects of financial inclusion in the fintech era”, available here.
[3] Office of the United Nations High Commissioner for Human Rights (2023), “International Bill of Human Rights: A brief history, and the two International Covenants”, available here.
[4] Office of the United Nations High Commissioner for Human Rights (2023), “What are human rights?”, available here.
[5] OECD (2022), Rights in the Digital Age: Challenges and Ways Forward”, available here.
[6] See Footnote 5.
[7] BestVPN.org (2023), “Internet Privacy Index (2023), available here.
[8] See Footnote 7.
