Global Privacy: Time To Reclaim Control!
What we can achieve. What we are doing.
A week to discuss global privacy
Throughout these last days, in the context of the #dataprivacyweek, we have been talking about privacy from a global perspective, while showcasing the research done by Privacy International and the organisations who are part of its International Network.
The right to privacy is a particularly multifaceted human right, which manifests in diverse and nuanced ways. As we said when we set the tone for this week, privacy is no longer perceived nor addressed only as confidentiality or secrecy, and involves power dynamics between individuals, states, markets, and international organisations, as well as one’s autonomy, dignity, and self-determination.
Today, in the last day of the week and as we start to look at the next steps, it is time to talk about the challenges we have ahead. Undertaking research, as we showcased this week, is essential to understand how different regulations, technologies and social practices, as developed and promoted by innovations in technology and governance, can interfere with our right to privacy, and what we can do to defend this right. It also helps to uncover the power dynamics behind these discussions. And at the same time, brings global context and perspective to these discussions.
Time to reclaim control
Despite all the mounting surveillance, unfettered data exploitation and all the privacy interferences that are happening across the world, there is reason to have hope. Never before have we had this much understanding and evidence of how governments, industry and intermediaries affects our privacy, and the debate has slowly moved from small elite circles to the public domain.
Many countries are discussing or improving their data protection laws, and the General Data Protection Regulation will enter into force in May this year, creating new data protection rights for more than 500 million people and impacting data protection rights across the world. India, with 1.3 billion inhabitants, got a landmark supreme court ruling recognising a fundamental right to privacy in their constitution and has initiated a process to develop and draft a data protection law.
At the same time, the world is starting to fully recognise the value of the human right to privacy. The General Assembly and Human Right Council of the United Nations have been increasingly issuing resolutions about the right to privacy and these issues are being raised in human rights reporting and monitoring mechanisms. And all the research in the field is increasingly proving that we don’t have to choose between development and privacy, or between security and privacy. We can have it all. The time to reclaim control has come.
What can we achieve?
In relation with the four themes we explored (access and control, data protection, identity and urban surveillance), there are many opportunities to reclaim our right to privacy and develop a new narrative. In terms of policy, and far from being exhaustive, we can associate each theme with a key outcome:
- When it comes to access and control of public information, implement effective regulations allowing citizens access to public information while preserving their privacy. Avoid exceptions that restrict transparency and accountability of how military, intelligence and law enforcement bodies process personal data.
- In relation to data protection, while more than 120 countries already have passed some kind of data protection regulations, a key challenge is to make them more effective, through enforcement and institutions who can uphold those rules, as well as to identify what data, processing mechanism and actors are falling through the cracks and are not subject to any regulation.
- Pertaining to identity systems, we need to put human dignity and self-determination at the forefront of those discussion, and to question if we need them in the first place. If we do, they need to be implemented in an inclusive, accountable and secure manner, minimising data generation and processing, profiling and discrimination.
- And finally, regarding urban surveillance, there is an urgent need to put the individual at the centre of decision-making process as we question what lies beneath these techno-utopic visions, challenge the dominant narratives and empty promises made to citizens, and start taking measures to place limits on the surveillance of public spaces and what is being done with the increasing amounts of generated and processed data.
What we are doing?
Privacy International, its International Network, and many other privacy advocates around the world are already working to achieve better privacy protections, and to put a stop on the unfettered surveillance and data exploitation we see today. And we can all do even more, by helping us to:
- Work with a global perspective. While privacy is a universal human right, it has different expressions around the world, which we need to take in account. But at the same that global perspective doesn’t mean we can’t have global standards, and we need to increase and extend them to all the world, while working with international organisations and networks to achieve these goals.
- Put national governments in check. Globally, and particularly in the countries with weaker checks and balances and limited respect for rule of law, many of the threats and challenges we face are related with how decision-makers (mis)understand privacy. In some cases, privacy violations are generated as a by-product of other initiatives, to make life easier for bureaucrats, or because governments see privacy as a barrier for public security. We can and must address and solve those issues.
- Private sector is responsible too. Industry claims that ‘data is the new oil’, or an unlimited resource they can exploit as a business model. But that view overlooks the importance of privacy, not just as secrecy or confidentiality, but as the ability of people to have control over their information and identity, and increasingly every aspect of their lives. Countries with weaker bargaining powers shouldn’t become laboratories for data exploitation, nor ‘data havens’ to take advantage of less demanding regulations.