Opinion & analysis

A new balance for data protection?

This blog is part of a series on collective data rights in Latin America. Read additional perspectives from Javier Pallero of Access Now and Carlos Cortes of Linterna Verde, and join our session at RightsCon on Thursday, June 10, as the authors of this series come together for a discussion on collective data rights in the region. 

By Mariana Valente and Francisco Brito Cruz, InternetLab

In “The Data Delusion”, Martin Tisné provokes the digital rights field to go beyond the limits imposed by the normative frameworks for data in place - such as the celebrated General Data Protection Regulation (GDPR). Instead of a framework based on individual protections, Tisné argues it is high time we consider data privacy a collective and public issue.  

The proposal deserves attention. As the author correctly observes, there is a growing mismatch between the collective nature of Big Data technologies and regulatory solutions based on individual control and rights ideas. The comparison with environmental risks helps: what good is my own protection if the data of people around me are being gathered and revealing information about me that might be just as valuable?

In Tisné’s argument, automation gains special attention due to how companies’ and governments’ use can greatly impact citizens - mostly invisibly, always single-handedly. Algorithms profile citizens through extracting their data, make decisions about them based on assumptions and predictions, and individuals’ rights are not enough to counter processes that affect collectives and society as a whole.  

As a reference for the policy discussion, Tisné proposes a Public Interest Bill framework based on “hard accountability”. It enunciates the need to guarantee “clear transparency”, “public participation” (a right to demand answers and mandatory public consultations for using algorithms that impact rights) and “sanctions”. He is not alone in this effort: regardless of contradictions and problematic clauses, the Digital Single Market proposal currently under discussion in Europe tries to address similar issues. 

What can this proposal represent for the discussion of data protection and tech policy in different realities, whose data protection laws and traditions are other than those found in European or North American contexts? As researchers rooted in the Brazilian reality, we understand that the collective approach is fruitful, especially if combined with pre-existing collective legal action arrangements. At the same time, some challenges remain.

The path enunciated in the article aligns with what we call, in Brazil, the “protection of collective and diffuse interests”, which is used for issues such as environmental and consumer protection. Thus, countries in the Global South may have institutions and normative tools developed to face collective damages. According to Rafael Zanatta, a Brazilian researcher on the subject who has worked at InternetLab and currently directs Data Privacy Brazil, our country “counts on a collective protection system that is more advanced than in Europe, and a system of personal data protection that is less advanced than in Europe”. The question that remains is how to build the bridge across the river. That is, how to propose a turning point in the big data discussion in realities in which the culture of protecting collective and diffuse interests is consolidated, but not the culture of protecting personal data, as in Europe.

One further challenge is that the rights and values at risk through the use of Big Data are still represented in generic concepts that require interpretation. That is no different from the idea of "sustainable development", promoted by environmental legislation and international treaties. This concept is highly political and has been disputed by social groups from different sides over time - and finally, certain views won over the others. What are the normative values, the "common goods" that would anchor a Public Interest Bill? Democracy? Equality? Human dignity? 

Using open concepts requires extra legitimacy efforts when normative frameworks are enforced. When the State's action is based on “open-texture ideas” (such as that of "public interest"), a path for discretion opens, especially in realities where governments are particularly prone to economic capture. 

Between the conceptual and the practical, the philosophical and the advocacy, Tisné’s proposal frames essential contemporary issues involving privacy. Still, it leaves important questions open for development in diverse contexts.