The Speaker
Sunday, 19 May 2024 – 19:08

Should data rights become human rights?

NOTE: This is an opinion article – any views expressed in this article are those of the author and not necessarily those of The Speaker or any members of its team.

The ubiquity of the internet is very much a given with many citizens of advanced economies heavily relying on it in their day-to-day lives. The internet has given people the ability to share and receive new information online. Although internet usage is becoming more prominent within society, with some countries making it a human right, many people are not aware of what their personal information is being used for. Clive Humby, a British mathematician and data science entrepreneur, referred to data being the ‘new oil’ based on how valuable it is within the 21st century. Recent events have exposed just how easily one’s personal data can be used to manipulate and exploit individuals. But do the current protections on data rights go far enough or should governments go a step further in extending human rights to encompass data rights?

The United Kingdom’s General Data Protection Regulation (GDPR) defines personal data to mean any information that relates to an ‘identified or identifiable natural person’. This means that personal data is considered as any data that relates to an individual. This act sets out strict guidelines for people or companies handling data; including handling data in a way that ensures appropriate security, including protection against unauthorised processing, access, loss, destruction, or damage. The right to privacy is also included as a human right under Article 8 of the Human rights Act 1998 which includes privacy within family life, home, and correspondence. Although legislation has been put in place to protect one’s personal information, contemporary events put into question whether these protections go far enough.

Recent events have illustrated just how dangerous it can be when one’s data rights are violated. An investigation carried out by the New York Times, The Observer and The Guardian, obtained a cache of documents from the company Cambridge Analytica. These documents proved that data had been obtained from Facebook in order to build up profiles of voters. A firm where Steve Bannon, previously an aide to President Trump, was a board member had used Facebook data in order to create these types of profiles. Further reports showed that Cambridge Analytica had obtained tens of millions of private data from Facebook, with the goal of selling information of American voters to political campaigns. Although in 2018 Facebook CEO Mark Zuckerberg said in a Congressional hearing that ‘people own all their own content’ on Facebook, the cooperation has managed to give unfettered and unauthorized access to over 87 million Facebook users personal information.

In many cases human rights have made a difference to the protection of personal information. For example, in the case of Big Brother Watch and Others v the United Kingdom (2021), concerning complaints by journalists and human rights organisations regarding three different surveillance regimes; 1) the bulk interception of communications; 2) the receipt of intercept material from foreign governments and intelligence agencies; 3) the obtaining of communications data from communication service providers. The court found that interception of communications and the receipt of intercept material from foreign governments violated article 8. The bulk interception regime and the regime for obtaining communications data from communication service providers was held to be a violation of Article 10 (freedom of expression). In this respect human rights can provide greater protection for one’s personal information by preventing states from unlawfully eroding one’s privacy through how they utilise and manipulate data.

Some have suggested that data rights should be considered property, the right to property is set out under Article 1 of the Human Rights act 1998. On the surface extending data rights to be considered property rights may be seen as having benefits. For example, it expresses the unfairness that many people feel about a system in which we know very little about how our data is used and shared by companies that receive and profit from it. However, if data becomes the individual’s property, this can lead to potential problems. Data becoming personal property could reduce it to a commodity. Many consumers are already consenting to giving away personal information for a small gain. If people owned their data as if it was their property, it would be likely that they would still sell this off and be manipulated by large companies with little in return.

Furthermore, making data one’s property would make it harder to access one’s personal information for systems that need our data in order to protect society. For example, the US Equal Employment Opportunity Commission mandates employers to report on data of protected categories like gender, race and sexuality. This type of census data goes through regulated systems for the reporting to be fair and accurate. It is important that individuals protected categories in the workplace are reported on otherwise it would be extremely difficult to find discrimination in certain companies. This data is also protected by the public policy that provides a minimum standard of protection for privacy rights. If data rights were seen as property rights, which resulted in them being regarded as a commodity, then it would be harder to access vital information that is not only used to record discrimination but can also be used for public health and social issues.

Overall, what I believe is effective in protecting one’s data rights is to ensure the enactment of legislation that provides; public transparency, disclosure of information, individual control, and to inform users when their data has been lost or misused. Transparency would allow users to obtain an understanding of how their data is being collected, and how it has been used or shared with third parties. Disclosing information would entail allowing the individual to know how and what information of theirs has been retained. Along with informing the individual as to how their information is being shared with third parties; data protection policies must allow the control for individuals to reject their information being shared with third parties. Finally, it is important that policies directly contact users if their information has been lost or misused. I believe that data rights being protected by human rights is important in preventing states and corporations acting outside of their jurisdiction. However, I believe that data should not extend to becoming one’s property as this can make the individual even more vulnerable to manipulation.

Skip to content