Having civil society at the table comes with great benefits: more inclusive, open and richer legislative processes
National and International civil society organisations (CSOs) play vital roles in many aspects of our societies as watchdogs of state powers, as representatives of the voices of the people, as experts to inform and educate an array of stakeholders.
One of our key lessons learned from three decades of work, including 10 years with the Privacy International Networkto build a global privacy movement,promoting and advocating for the highest privacy and data protection safeguards has been how civil society engagement in policy-making processes changes power dynamics.
Repeatedly, our experience has shown that the more CSOs, from across disciplines, are involved in these policy processes, the better-informed actors of change are, and the greater policy discourse there is: ultimately the aspiration is laws and policies uphold, respect and promote fundamental rights.
It makes the process more inclusive, open and richer.
Opportunity 1: An inclusive debate
With the generation and processing of personal data by public and private institutions touching on an increasing number of aspects of our lives, this has meant that an array of fundamental rights and freedoms are impacted and thus any advocacy work on data protection requires joint efforts across sectors and disciplines.
The regulation of personal data does not, and should not, only be an issue for privacy advocates. From those who advocate for economic and social rights to civil and political rights, and who work on the issue of equality, economic empowers, democracy, rule of law, amongst many others, we all have a stake to ensure that the processing of personal of data be subject to legal and security safeguards to ensure that such activities do not unlawfully interfere with the rights associated with those areas of work nor undermine an individual’s ability to live in dignity, to have autonomy and to be in control of their data, their identity, their lives.
“Data protection was a complex subject, until Unwanted Witness embarked on sensitizing CSOs about this right and formed a ‘Privacy Cluster’ in 2015. We have witnessed the ‘Privacy Cluster’, a consortium of 15 NGOs, collectively reviewing the draft data Bill and producing joint strategies.”
- Unwanted Witness, Uganda
Opportunity 2: Opening up the debate
A systemic problem we have observed is how there is a lack of opportunity for civil society to engage with policy development often happening in the shadows, behind closed doors. Too often, new laws and policies are drafted and adopted behind closed doors or pushed through by decree, diktat, or through means that allow less democratic accountability.
This demonstrates the necessity of having civil society at the table is that that the powerful, governments and industry alike, are held to account and subject to public scrutiny. Governments must be reminded of their national and international obligations, and what any of their attempt to bypass, undermine or ignore those must be brought to the attention of the public.
When it comes to data protection it is particularly important as it allows to generate more public engagement and raise awareness on data protection, an issue which many may find overwhelming and thus far the debates on it have been poor or misinformed. By opening up legislative processes, there is an opportunity for individuals and those who represent them and advocate for their rights and needs to seize the chance to be part of the discussion and take ownership of the process.
“Opening up of political space to CSOs, in Pakistan, is crucial to the formulation of public policies and legislation on data protection. It provides us with the opportunity to voice our suggestions for more openness and accountability-- pertaining to the use of technology in storing, accessing and processing of data by government and private entities. Our job is not just educating the citizens but also the government.”
- Digital Rights Foundation, Pakistan
Opportunity 3: Enriching the debate
Data protection can be seen as a complex issue which includes a myriad of legal and technical issues from understanding the basics such as what is data and what is data processing, to grasping new data processing activities including profiling, automated decision-making, and knowing what safeguards are necessary, how do they operate, and what are their limitations such as when talking about pseudonymisation and anonymisation of data.
At the same time, the increasing volume and use of personal data, together with the emergence of technologies enabling new ways of processing and using it, through profiling, automated-decision making, artificial intelligence, machine learning.
In order for regulations to be relevant and adequate they cannot be drafted in the abstract. We need to understand and integrate what is happening in practice into any legislative process to ensure that the law is adequate, timely and relevant.
We have witnessed over the years that in many instances those tasked with developing new laws or policies are ill-equipped and they do not have the necessary expertise and knowledge to develop strong, adequate and relevant laws. Civil society organisations play an important role in enriching and informing the debate.
Thanks to their direct connection with citizens and representatives of communities as well as their concerns and interests, civil society organisations are able to develop a robust evidence base to share with policy-makers what the state of data processing is, to illustrate the risks of weak regulatory mechanisms, and present what the current problems and challenges are and how those can be addressed.
“If CSOs don’t take part in these discussions, the debate will be dominated by the public sector or private companies, who address the topic from a perspective that doesn’t take human rights into account. CSOs’ participation strengthens the democratic pedigree of the decisions made by public authorities.”
- Asociación por los Derechos Civiles, Argentina
Turning opportunities into actions: Advocating for data protection
Reflecting on the above opportunities and our lessons learned from our engagement with the Privacy International Network, we noted the need to provide CSOs, from across disciplines, with the foundational knowledge to understand data protection and what a law constitutes of: principles, rights of data subjects, grounds for processing, obligations on those who process and enforcement and accountability mechanisms.
With this aspiration in mind, we have developed a guide entitled "The Keys to Data Protection" to serve as a tool for understanding what data protection is, what it encompasses and to facilitate interested actors to analyse proposed data protection law, in order to assess existing legislation, advocate for reform, and rectify any shortcomings.
The guide is not meant to serve as a model data protection law, but it has been structured to provide a coherent and efficient analytical process by addressing in turn the various provisions which are commonly present in a data protection law.
In particular the guide focuses on areas which, in our experience, are of weak or missing which have required further engagement during legislative processes to ensure that the law upholds a country’s national and international human rights obligations to protect the right to privacy and other fundamental rights, as well as complying with international and regional data protection standards and principles.
We hope that by working through the guide, CSOs will be able to determine how data protection relates to their work, and how they could be engaging themselves in policy development processes on data protection in their respective countries and/or within regional and international regulatory mechanisms depending on where their work takes them.