In the digital age, data plays a huge role in our everyday lives. It's present in lots of obvious ways, when we're shopping online, for example, and have to type in our name and address. But data collection can also be less visible. Take data brokers, for example.
You've probably never heard of them, but these businesses specialise in creating in-depth profiles of individuals for advertisers. A single profile might draw on up to 1500 data points. This can include a person's sexuality, browsing history, political affiliation and even medical records.
One US-based data broker, Axiom, claims to have files on 10% of the world's population. It's not just businesses, of course. In 2013, Edward Snowden uncovered a vast regime of mass government surveillance programs, opening a global conversation which is still unfolding today.
In this video, we'll take a closer look at this debate, focusing on the related but distinct concepts of privacy and data protection. By the end, you should have a clear idea of how these issues differ and overlap, how both are affected by the digital age, and how you can engage with companies and governments to protect and strengthen these rights. So what are we talking about when we say privacy and data protection? Let's take privacy first. Article 12 of the Universal Declaration of Human Rights treats privacy as a distinct human right.
It says that No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. Everyone has the right to the protection of the law against such interference or attacks. This is simple enough. Agreeing on what privacy actually means here has proved harder. Depending on the context, it can mean the right to freedom of thought and conscience, the right to be left alone, the right to control one's own body, the right to protect your reputation, the right to a family life, or the right to a sexuality of your own definition.
There are other ambiguities. In legal terms, privacy isn't an absolute right. This means it can be restricted for certain reasons, for example, to protect national security or public safety, or if it conflicts with other rights, like the right to free expression.
An example could be a public figure invoking privacy to avoid disclosing their financial records. And what about data protection? Contrary to popular belief, It is not the same thing as privacy.
Privacy is a broad concept referring to the conditions which enable a basic foundation of human dignity and autonomy. Data protection is more specific. It's concerned with the ways third parties handle the information they hold about us.
How it is collected, processed, shared, stored and used. In other words, privacy is the big picture and data protection is one corner of it. Like privacy, data protection is also subject to limits, for example when a warrant is obtained allowing law enforcement to access the phone records of a suspect.
And while data protection is in some ways more clearly defined than privacy, how it is applied legally can still vary greatly depending on which country you're in. The digital age has created new ways to collect, access, analyse and use data. often across multiple borders and jurisdictions.
Unsurprisingly, this poses challenges for human rights. One challenge relates to the way companies use our data. The Internet's business model depends on people sharing their personal data in exchange for access to content, services and social media platforms.
While you might not pay anything upfront to go on Facebook, they still make money from you by selling your personal information to advertisers. By clicking Agree, to terms of service, users technically consent to this model. But in practice virtually no one actually reads them. This is a problem because no one knows what they're really signing up to, which creates opportunities for misuse. Another challenge relates to the collection of personal data by governments.
Technological developments now enable governments to monitor our conversations, transactions, and the locations we visit. In some countries, including Russia, Brazil, Australia and South Korea, companies are legally required to store this data locally for long periods of time, making it easier for governments to get information on their citizens. These measures are often introduced in the name of fighting cyber crime and terrorism.
But without adequate protections, this data can easily be abused to target dissidents and activists, undermining freedom of expression and the rights to association and assembly. And these are just the technologies we have now. Emerging technologies like the Internet of Things, wearables and artificial intelligence are likely to pose new challenges to human rights.
As human rights defenders, we need to be prepared for these. There are many bodies and forums where privacy and data protection issues are discussed and defined. National and regional courts have a crucial role here. The European Court of Human Rights, for example, has imposed limits on stop and search practices by the police and on the amount of time data can be legally retained. At the national level, it's common to find a specific public body responsible for privacy and data protection.
or an ombudsman. But the extent to which privacy is defined and protected varies greatly between different jurisdictions. For example, there is no clear right to privacy in the African Charter on Human and People's Rights.
However, there are mechanisms at the international level. Following a UN resolution on the right to privacy in the digital age, the Human Rights Council has established a new special rapporteur for privacy and various internet policy forums like the Internet Governance Forum, the Council of Europe, the Organisation for Economic Cooperation and Development, and conferences like Hope and Sci-Fi also contribute to shaping the scope of privacy in the digital age. And finally, we have companies. The decisions of companies can also have a huge impact on data protection and privacy rights.
For example, by building end-to-end encryption into their software, as WhatsApp did, in early 2016. Let's look at two examples of privacy and data protection in the real world. First, let's look at the Apple v. FBI case. After the 2016 terrorist attacks in the US city of San Bernardino, the FBI asked Apple for the information stored on the iPhone of one of the suspects. However, Apple's operating system is encrypted and only accessible through a PIN code.
The FBI asked Apple to modify the system to let them in. Apple refused, opening a lively debate on the right to privacy versus security needs. The case was almost taken to court, but in the end, the FBI found a vulnerability to crack the phone.
In privacy terms, this was a legal setback. If the case had gone to court, it could have helped popularize the risks of weakening encryption for society. and establish what constitutes a legitimate limitation on privacy by the state. Next, let's look at surveillance in Kenya.
In Kenya, a combination of invasive surveillance measures and a lack of adequate data protection facilitated a crackdown on civil society in 2013, which was documented by Peace Brigades International. Many human rights defenders had their offices raided, computers hacked and phones tapped by the government. One of the ways human rights defenders have been fighting back is by pushing for the ratification of Kenya's first data protection law, long stalled in parliament. If implemented properly, this could limit the worst excesses of state surveillance. Kenya is by no means the only country to bring in surveillance legislation justified by security concerns.
But this example is a good demonstration of how seemingly abstract restrictions on online privacy can have physical consequences in the offline world. So what can human rights defenders do to protect and strengthen privacy and data protection? An easy first step is taking digital security measures yourself.
This can be as simple as using encryption and anonymity tools and encouraging your friends to do the same. Human rights defenders can also advocate for alternative digital business models, which aren't based on the extraction and sale of data. Economic pressure on the existing model is already growing. For example, over the last few years, the number of users using adblock software globally has exploded. There is evidence that this is already pushing companies to less invasive advertising practices.
Engagement in debates at the national and regional level is, of course, crucial. Where privacy protections are weak, human rights defenders need to actively advocate for stronger ones. And even where they are stronger, we need to make sure legislation is keeping up with new technological developments, like the Internet of Things. Ultimately, if we want things to change, human rights defenders need to make these issues accessible and relatable by being more creative about the way we talk about them. When people see how data protection and privacy affects them on a day-to-day basis, they may be more inclined to engage with these concepts.
In the next video, we'll be taking a closer look at freedom of expression, association and peaceful assembly.