Should data rights be human rights?

Hannah Young

When combined, Google, Amazon, Microsoft, and Facebook, store at least 1,200 petabytes of information, which is several orders of magnitude larger than was physically possible in 1998 when the search engine stood up. At this point, it is both cliché and pervasively true to state that data influences the daily life of the majority of the world’s population. The change visible in the last 21 years is unprecedented and will only continue to grow. By 2025, 6 billion people – 75% of the world’s population – will interact with data every day. Each person will have at least one data interaction every 18 seconds.

So, how do these inconsequentially large numbers affect human rights? The point here is not to debate whether the data revolution is good or bad. Clearly, there are pros and cons to big data. Data can be an open access good for public innovation as much as it can be a tool for covert election interference. The relevant question is rather: is personal data a right that human rights regimes can and should protect?

An important concept to acknowledge is that personal data privacy is both an intrinsic human right and a vector by which other human rights are violated.

PERSONAL DATA PRIVACY AS AN INTRINSIC HUMAN RIGHT

Data privacy is, in fact, a right guaranteed in the United Nations International Bill of Human Rights, as contained in the International Covenant on Civil and Political Rights (ICCPR). A General comment adopted by the Human Rights Committee in 1988 added the following to Article 17 of the ICCPR, the Right to Privacy:

The gathering and holding of personal information on computers, data banks, and other devices, whether by public authorities or private individuals or bodies, must be regulated by law.” -ICCPR, Article 17 G.C. No. 16-10

…relevant legislation must specify in detail the precise circumstances in which such interferences may be permitted.” -ICCPR, Article 17 G.C. No. 16-8

…every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes…If such files contain incorrect personal data or have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination.” -ICCPR, Article 17 G.C. No. 16-10

Even though UN officials have unequivocally included personal data as a human right, treaties such as the ICCPR only apply to signatory governments – companies like Google do not have the same restrictions and obligations. This lack of regulation has been made explicitly clear in recent years, as concerned citizens such as Professor David Carroll have attempted to retrieve their personal data file from analytics firms like Cambridge Analytica, the company at the center of the well-publicized Trump campaign/Facebook data scandal. Years of litigation with Cambridge Analytica data firm left Professor Carroll empty-handed.

Although it is routinely not treated as such, personal data must be treated as an intrinsic human right. The UN framework is exceedingly clear; now governments must begin establishing institutional regimes for enforcing it with regards to private companies that hold all our data. In a world where one’s online profile can predict buying patterns, personality, and predictive future behavior to a high degree, our ownership over this information must be protected.

PERSONAL DATA AS A VECTOR FOR OTHER HUMAN RIGHTS ABUSES

Seeing as how dire and immediate human rights abuses are concurrently taking place, it may seem challenging to justify diverting attention and resources toward ensuring individuals can retrieve things like their advertisement profile from Google. However, personal data aggregation is also a key vector by which modern bad-faith actors can commit a variety of incredibly tangible human rights abuses.

For example, the legal system in Saudi Arabia routinely engages in a vague reading of the nation’s anti-cybercrime law to criminalize online activity that impinges on “public order, religious values, public morals, and privacy.” Resulting prosecutions are flagrantly anti-LGBTQIA+ and anti-extramarital sex, even though the Kingdom has no formally codified laws concerning sexual orientation or gender identity. Saudi Arabia is not a signatory to the ICCPR, so the aforementioned Article 17 obviously does not apply to the country. The international community, however, underrecognizes the role that multinational, US-based tech companies, like Facebook, play in allowing such violations to occur. Alongside LGBTQIA+ persecution, tech companies are complicit in similar violations to human rights and the rule of law in the realms of extrajudicial killings and women’s rights.

The norm of personal data rights as human rights was institutionalized by the United Nations ten years before Google’s founding. Since then, the world has been revolutionized by both the depth and breadth of data’s involvement in our individual well-being and self-determination. It is time that national governments acknowledge the importance of data rights and enact legislation that protects its citizens, much as they do with other industries that have the potential to threaten human rights. Under the current global arrangement, it is reasonably within the best interest of most tech companies to collect and monetize our private information. We must demand of our governments to protect it for both its intrinsic and instrumental value to our rights as humans.

The above text can be found here

Access the following articles and videos for more:

The conversation

The Great Hack documentary is available on Netflix on this issue but you can watch an overview here, watch a discussion about the documentary here and watch a news report about it here.

Cambridge Analytica

Your data as property Ted Talk

GDPR explained

What do you think? Should data rights be human rights? Leave your comments below: