By Eduardo Bertoni
Representative of the Regional Office for South America of the Inter American Institute of Human Rights
Former Director of the Argentine Data Protection and Access to Information Authority
Any views expressed herein are not necessarily the views of CIPL nor Hunton Andrews Kurth LLP
Representative of the Regional Office for South America of the Inter American Institute of Human Rights
Former Director of the Argentine Data Protection and Access to Information Authority
Any views expressed herein are not necessarily the views of CIPL nor Hunton Andrews Kurth LLP
The pandemic caused by COVID 19 triggered many discussions about the benefits of “digital economies” and the mutation of our societies to what we can call “digital societies.” In truth, these discussions were latent. The health emergency only accelerated processes that were already in the works. As an example, teleworking was possible before the pandemic, but it has since become necessary, and as time passed, it became more and more incorporated into our lives. Similar processes took place in areas such as "telemedicine," or meetings to discuss global issues that today can be done at low cost by convening people from different countries virtually.
All these activities involve in one way or another the use or processing of personal data. If such use or processing is carried out without rules that we trust will protect our privacy, we run the risk of losing the enormous opportunities that technology offers us today.
The question we must answer is whether the rules that exist today are, in the first place, sufficient to generate trust in users and if, thanks to that trust, they might be useful for the continuation and development of what we now accept as usual activities in these “digital societies”.
My answer is regrettably that they do not.
The rules that exist today to protect personal data do not generate trust because they are not accepted globally. And this is a problem because personal data is constantly moving across country borders. Preventing this flow makes it impossible for activities of digital societies to occur.
An important reason for the decrease in trust is that the lack of globalization of these rules prevents state entities in charge of protecting personal data -in the few cases that they exist and are independent- from enforcing their decisions. In other words, if a company is sanctioned in a country for violating data protection rules, it could evade the sanction for reasons of jurisdiction or applicable law. The consequence is that users in "digital societies" do not trust both in state institutions and rules that should protect them.
It is true that there are developments that can make us feel cautiously optimistic: the European Union’s push for processes to adapt its own rules (the GDPR) or the Council of Europe’s attempt to globalize Convention 108 are examples of measures that aim to globalize these rules. But, for instance, in Latin America there are very few countries considered to have adequate legislation or that are party to the Convention 108.
Consequently, one of the greatest challenges we face today is to work for an international treaty, with clear rules that can be followed in practice and enforced and ideally enforced globally. An agreement that brings States, companies, academics and users to the table for discussion is essential. Just as the pandemic accelerated the practices of the use of technology that were latent, the pandemic can also perhaps be a factor to accelerate the discussion and adoption of such a global agreement.
All these activities involve in one way or another the use or processing of personal data. If such use or processing is carried out without rules that we trust will protect our privacy, we run the risk of losing the enormous opportunities that technology offers us today.
The question we must answer is whether the rules that exist today are, in the first place, sufficient to generate trust in users and if, thanks to that trust, they might be useful for the continuation and development of what we now accept as usual activities in these “digital societies”.
My answer is regrettably that they do not.
The rules that exist today to protect personal data do not generate trust because they are not accepted globally. And this is a problem because personal data is constantly moving across country borders. Preventing this flow makes it impossible for activities of digital societies to occur.
An important reason for the decrease in trust is that the lack of globalization of these rules prevents state entities in charge of protecting personal data -in the few cases that they exist and are independent- from enforcing their decisions. In other words, if a company is sanctioned in a country for violating data protection rules, it could evade the sanction for reasons of jurisdiction or applicable law. The consequence is that users in "digital societies" do not trust both in state institutions and rules that should protect them.
It is true that there are developments that can make us feel cautiously optimistic: the European Union’s push for processes to adapt its own rules (the GDPR) or the Council of Europe’s attempt to globalize Convention 108 are examples of measures that aim to globalize these rules. But, for instance, in Latin America there are very few countries considered to have adequate legislation or that are party to the Convention 108.
Consequently, one of the greatest challenges we face today is to work for an international treaty, with clear rules that can be followed in practice and enforced and ideally enforced globally. An agreement that brings States, companies, academics and users to the table for discussion is essential. Just as the pandemic accelerated the practices of the use of technology that were latent, the pandemic can also perhaps be a factor to accelerate the discussion and adoption of such a global agreement.