Tracking the Global State of Privacy
This piece was written by PI Advocacy Officer Matthew Rice.
In March 2016, Privacy International launched the State of Surveillance reports — a global effort to benchmark surveillance policies and practices in the countries that are part of the Global Privacy Network, by undertaking collaborative research with our partner organisations. Today, we update that work and expand on it- both topically and geographically- with the ‘State of Privacy’.
Having already published State of Surveillance reports from partner organisations in Argentina, Chile, Colombia, India, Indonesia, Kenya, Morocco, Pakistan, the Philippines, Thailand, Tunisia and Uganda, we returned to these reports with the updated and expanded survey. We also have the pleasure in bringing in reports from new members of the Network, and now have reports on Brazil, Jordan, Mexico, and South Africa.
A new survey of questions was developed, expanding into areas beyond surveillance such as Data protection regulation; Smart Cities; Data breaches; Biometric IDs; Voter registration; SIM card registration, Cybersecurity, Cybercrime, Encryption, Licensing of telecommunications industry; E-governance; Health sector; Smart policing; Transport; Smart cities; Migration; Emergency response; Humanitarian programmes; and Social media.
These reports detail a number of growing trends, many of great concern. But the initiative itself is a positive trend. Around the world, more civil society organisations are standing up and getting involved in more debates about identity, about accountability of technology, about the exploitation of citizens’ data. This is a benchmarking exercise, but it is also a landmark initiative in the breadth and depth of the information that is available around the world courtesy of the next generation of privacy activists.
Growing up with technology while technology is growing up
There are a number of areas that a few years ago would have been considered emerging trends which can now be considered established orthodoxy for some countries. SIM Card Registration has now been established in 11 of the 16 State of Privacy countries (Argentina, Indonesia, Jordan, Kenya, Mexico, Morocco, Pakistan, South Africa, Thailand, Tunisia, Uganda), with two more countries — Chile and Colombia — currently discussing device registration.
When we look at emerging trends, Biometric identity card programmes are operating in 11 of the 16 State of Privacy countries (Argentina, India, Indonesia, Jordan, Kenya, Morocco, Pakistan, South Africa, Thailand, Tunisia, Uganda), with initiatives being discussed Brazil and the Philippines. In addition, “Smart City” initiatives have been launched in India (100 “smart cities” in the country by 2020), Indonesia (Jakarta), Jordan (Amman), Morocco (Casablanca), and the Philippines (Davao City).
That each of these “smart city” adopters are also — save the Philippines — Biometric identity adopters should come as no surprise. These countries have drunk the Kool-Aid on data: that data provides solutions to the social and infrastructural problems these countries face. All they need is more of it coming from more places. Biometric Identity cards were the vessel for that message years ago, it now seems initiatives like “Smart Cities” have become the next vessel.
So, with the increase in data collected about how citizens identify themselves, how they communicate, and how they interact with their city you would expect to see robust protection frameworks in place, right?
Wrong.
9 of the countries in the reports are completely without a comprehensive data protection law, including those countries racing towards innovation in the form of “smart cities”: Indonesia, India, and Jordan.
Well, you may ask, in absence of legal protections, at least if the data is protected at a technical level that should be sufficient….
If only. The ‘State of Privacy’ reports detail data breaches in Brazil, India, Mexico and the Philippines, among others, indicating that collecting data on its citizens appears to be more of a priority to States than securing it.
Elections and security do not seem to go together these days with this year’s Philippines COMELEC breach of 55 million records of registered Filipino voters. The COMELEC breach was the largest data breach to date, for about a month. In April 2016, a database containing voter registration records were published online in Mexico, exposing the personal information of 93.4 million Mexican citizens.
Brazil had data of 650,000 patient and public agents from the public health system of Sao Paolo leaked, the data included identification, address, phone number, and even medical information. And India was reported to have suffered 20 breaches in 2015 resulting in 32.1 million records being exposed.
Brave New Worlds
These trends demonstrate the challenges organisations from around the world working to strengthen the right to privacy face with data exploitation. The important point here is that those organisations exist, and Privacy International are able to support those groups working on this topic. This debate cannot just be about the United States or Europe; the majority of the world struggles with these issues. There are challenges — and solutions — out there that risk being muted due to the vaunted challenges faced by stereotypically “rich” or “developed” countries.
Privacy International and the Global Privacy Network will continue to update and expand on the State of Privacy as time passes. The next update will be in the new year. This is necessary as topics evolve so quickly and without warning that to try and present something static will inevitably age badly, and do so very quickly. If you’d like to suggest a country or topic to be included in a ‘State of Privacy’ report, we would love to hear from you at research@privacyinternational.org .
Bit by bit, we continue to build on the work begun years ago, aiming at creating a unique, forward looking resource that will develop over time, whatever those challenges are, and wherever they occur.
