Building the Global Privacy Movement

Development and humanitarian actors have a mandate to provide assistance and protect people in some of the world's most challenging political, social, economic, and technological environments. Over the past decade, they have been experiencing changes to their relationships with their beneficiaries and affected populations as well as their contexts of engagement including the pressure to be efficient and demands to be accountable, the need to gain and sustain access and proximity to beneficiaries and affected populations, and the urgency and immediacy of the response required, amongst others.

This means mean that they have had to re-think how they continue to effectively deliver their mandates as well as how they design and implement their modes of operations. These new modes of operations, and the new relationships they entail are increasingly mediated, enabled, enhanced, and limited by technologies. This all results in a significantly different set of risks, which currently many humanitarian actors are not prepared for, and must be addressed urgently.

There is no question that advancements in technology, communications and data-intensive systems have significantly changed the way development programmes are delivered and humanitarian assistance can be provided to ensure more people can benefit, more rapidly and more effectively. We are seeing the deployment of mass biometric systems for the registry of beneficiaries and the management of their access to aid, new technologies are being deployed for the delivery of aid programmes including automated decision-making and blockchain, and all of this within a general dominant discourse favouring the need for more data to better assist and respond to needs of beneficiaries. 

In this complex interplay of assessing the benefits and the challenges, it is necessary and urgent to understand how technology is modifying the protection of those assisted, and ultimately how this impact the ability of development and humanitarian organisations to undertake their mandate in an ever-challenging environment whilst abiding by the principle of “do not harm”.

Versión en Español

In this section, you can access the different parts of our guide for policy engagement on data protection "The Keys to Data Protection". The guide is intended to help organisations and individuals improve their understanding of data protection, by providing a framework to analyse the various provisions which are commonly presented in a data protection law.  

The guide was developed from Privacy International’s experience and expertise on international principles and standards applicable to the protection of privacy and personal data, and our leadership and research on modern technologies and data processing. 

Part 1 introduces data protection: what it is, how it works and why it is essential for the exercise of the right to privacy.  

While data protection laws vary from country to country, there are some commonalities and minimum requirements, underpinned by data protection principles and standards which tend to be reflected in the structure and content of relevant legislation. Each part of the report presents these, including: 

  • General provisions, definitions and scope (Part 2);
  • Data protection principles (Part 3);
  • The rights of data subjects (Part 4);
  • The grounds for processing personal data (Part 5);
  • The obligations of controllers and processors (Part 6); and
  • Oversight and enforcement structures (Part 7).

Part 8 provides some additional resources on data protection, and outlines opportunities for organisations to engage on data protection. 

Much of our engagement on data protection for the last decade has been undertaken through our work with our partners in the Privacy International Network. We would like to take the opportunity to acknowledge their incredible efforts to promote and advocate for the adoption of data protection laws across the world. 

Please reach out to us via social media or email if you have any feedback on the guide:


English version

En esta sección puede acceder a las diferentes secciones de nuestra guía para participar en políticas sobre protección de datos "Las Claves para Mejorar la Protección de Datos". El objetivo de la guía es ayudar a organizaciones e individuos a mejorar su comprensión en materia de protección de datos, proporcionando un marco que permita analizar las diversas disposiciones que se presentan comúnmente en una ley de protección de datos.

La guía se desarrolló a partir de la experiencia y los conocimientos de Privacy International sobre los principios y estándares internacionales aplicables a la protección de la privacidad y los datos personales, y nuestro liderazgo e investigación sobre las nuevas tecnologías y el procesamiento de datos.

La Parte 1 presenta la protección de datos: qué es, cómo funciona y por qué es esencial para el ejercicio del derecho a la privacidad.

Si bien las leyes de protección de datos varían de un país a otro, existen algunos puntos en común y requisitos mínimos, respaldados por principios y normas de protección de datos que tienden a reflejarse en la estructura y el contenido de la legislación pertinente. Cada parte del informe presenta esto, incluyendo:

  • Disposiciones generales, definiciones y alcance (Parte 2);
  • Principios de Protección de Datos (Parte 3);
  • Los derechos de los Interesados (Parte 4);
  • Fundamentos Para el Tratamiento de Datos Personales (Parte 5);
  • Obligaciones de los Responsables y los Encargados del Tratamiento de Datos (Parte 6); y
  • Autoridad Control Independiente (Parte 7).
  • La Parte 8 proporciona recursos adicionales sobre protección de datos y describe oportunidades para que las organizaciones se involucren con la protección de datos.

Gran parte de nuestro compromiso con la protección de datos durante la última década se realizó a través del trabajo en conjunto con los socios de nuestra red Internacional. Queremos aprovechar la oportunidad para reconocer sus increíbles esfuerzos para promover y abogar por la adopción de leyes de protección de datos en todo el mundo.

Si tiene algún comentario sobre la guía, póngase en contacto con nosotros a través de nuestras cuentas de redes sociales o correo electrónico:



While there is no internationally accepted definition of cybersecurity, the dominant discourse around the world, promoted by policy-makers and government agencies, focuses on international crime, prevention of terrorism and the quest for ever increased surveillance of our communications and data.

Despite the multitude of warnings evident in the continuing global data breaches from poorly secured databases in companies and governments’ networks, leading actors in this field, both private and public, have not prioritised addressing the root causes of insecure systems and governments have continued to adopt policies and pass laws that undermine cyber security as a whole and therefore place human rights at risk.

Data protection law is going through another revolution. Established in the 1960s and 1970s in response to the increased use of computing and databases, re-enlivened in the 1990s as a response to the trade of personal information and new market opportunities, it is now becoming much more complex.

New challenges are also emerging in the form of new technologies and business models, services, and systems increasingly rely on analytics, 'Big Data', data sharing, tracking, profiling, and artificial intelligence. The spaces and environments we inhabit and pass through generate and collect data from human behaviour. The devices we wear and carry with us, install in our homes, our channels of communications, sensors in our transport and our streets all generate more and more data. 

Data protection frameworks may have their boundaries and new regulatory regimes may need to be developed to address emerging new data-intensive systems, new frameworks nevertheless provides an important and fundamental starting point to ensure that the fundamental strong regulatory and legal safeguards are implemented to provide the needed governance frameworks nationally, and globally, before we see ourselves the subject of data exploitation.

Financial institutions are collecting and analysing a growing amount of data about us, in order to judge us and make decisions on things like creditworthiness. Increasingly, financial services such as insurers, lenders, banks, and financial mobile app startups, are collecting and exploiting a broad breadth of data to make decisions about people. This has a huge variety of possibilities: the tracking of cars to charge for insurance; reading the contents of your text messages to determine if you’re suitable for a loan; seeing who your friends are to determine your interest rate. The financial sector is changing in how it uses data. This has to be of particular concern when it affects the poorest and most excluded in societies.