Data Rights as Human Rights


As the data revolution intensifies across the continent, the subject of data rights has become an important debate. Data rights are not limited to privacy and data ownership. They ensure that individuals have certain freedoms to protect themselves from unwanted intrusions of privacy or overwhelming control and surveillance by state and non-state actors. They also provide a framework for citizens to give them the right to decide what data is collected from or about them and how it is used.

So, what do we mean by data rights as human rights?

Privacy is an essential human right guaranteed by the United Nations International Human Rights Charter, including the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights (ICCPR). These rights existed long before the advent of major technology companies in the 2000s, but as the amount of data collected, especially digital data, increased, personal data rights became more of an issue around the world.

The United Nations Commission on Human Rights added in 1988 to Article 17 of the ICCPR on Right to Privacy:

  1. The gathering and holding of personal information on computers, data banks, and other devices, whether by public authorities or private individuals or bodies, must be regulated by law (ICCPR, Article 17 G.C.)
  2. Relevant legislation must specify in detail the precise circumstances in which such interferences may be permitted.
  3. Every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes
  4. If such files contain incorrect personal data or have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination (ICCPR, Article 17 G.C. No 16-10)

An important response to the ICCPR was the General Data Protection Regulation or “GDPR” which was the world’s first comprehensive national data protection law. The GDPR was developed by the European Union in 2016, building on previous regulations. Since then, it has become a global model for countries developing national data protection laws. It applies to any entity operating within the EU, as well as any country outside the EU which offers goods or services to customers or businesses in the EU. It gives EU citizens more control over their personal data, and it aims to simplify the regulatory environment for business so that both citizens and businesses in the EU can benefit fully.

This model has been exported to countries around the world who wish to establish stronger data rights for their citizens and to curtail the indiscriminate collection and use of data by the private sector and other institutions who hold or process data.

While it’s important to treat data rights as human rights, is the GDPR the only possible model? And is it the right model for African contexts?

Read more about Data Rights as Human Rights in Part 1 of the Responsible Data in Monitoring and Evaluation paper. To follow the series, check our previous blog posts: How is the data revolution influencing digital MERL in Africa? and MERL and the African Data Ecosystem

Stay tuned for the next blog post as we unpack data rights in the African context.

Leave a Reply

Your email address will not be published. Required fields are marked *