Opinion & analysis

Collective approaches in data protection in Latin America: Finding a narrative that sticks

This blog is part of a series on collective data rights in Latin America. Read additional perspectives from Mariana Valente and Francisco Brito Cruz of InternetLab and Javier Pallero of Access Now, and join our session at RightsCon on Thursday, June 10, as the authors of this series come together for a discussion on collective data rights in the region.

By Carlos CortésLinterna Verde 

During the early days of the COVID-19 pandemic, Latin American governments offered a basic trade-off to their citizens: give me your data and I will protect you. Under the official framing, our commanders in chief were leading a war against an external enemy; critical voices were seen as obstacles and individual concerns, regarded as petty or superfluous.  

Over a year after this crisis began, it seems clear that handing over our data did not prevent the outbreak. Contact tracing apps are all but an expensive failure – reflecting the misplaced determinism of technological narratives. However, our governments did siphon from us countless data points, and certain extraordinary practices – such as requiring basic information to visit stores or travel between cities within a country – might become normal practice. 

Arguably, the individual toll of this data extraction is in the eye of the beholder. For many people, privacy advocates exaggerate the risks arising from giving our information to governments and private intermediaries. “He who has nothing to hide has nothing to fear”, they say. But what about collective risks?  

Take, for example, people with pre-existing conditions like obesity. As COVID-19 represents a special threat for this group, official health apps and data systems have collected plenty of information about them: age, location, related risks. Will insurers be interested in this information? Will public health systems use it for new purposes after the pandemic? Which problems will arise from mining this data?  

“In the era of big data and AI, people can suffer because of how the sum of individual data is analysed and sorted into groups by algorithms”, writes Martin Tisné in ‘The Data Delusion’. Artificial intelligence in Latin America is still in its infancy, and official initiatives –in the judiciary, for example– are undertaken with no accountability. But big data poses a present risk, which is collective and has been largely ignored.  

Tisné suggests this debate should move beyond individual rights and make the invisible visible“The more collective the harm, the less people are protected and the less visible it is”. Data processing and data-based decision making are invisible, but its effects are real. However, civil society is struggling with proper narratives and metaphors that can advance a theory of change.  

Although the region has robust constitutional and legal data protection frameworks, collective approaches to data protection lack sophistication and nuance. In this realm, authorities and judges are used to individualize problems and responsibilities, or at most they understand collective risks as the sum of individual ones. Assessing inferred and optimized harms - following Tisné’s characterization – seem to be beyond their reach.  

Regarding the visibility element, Tisné suggests finding collective metaphors for people to grasp the challenge we face. “As with CO2, data privacy goes far beyond the individual. We are prisoners of other people’s consent”, he asserts. Would such an idea work in Latin America?  

For starters, the individual value of privacy needs to be revisited and promoted. The pandemic showed, but was by no means the first example, the secondary importance citizens give to this right. In order to make this issue visible and see that privacy is a right, individuals need to acknowledge and understand this problem 

On the other hand, collective metaphors should be locally and contextually defined. Where are the common points of tensions in our public debate? Which collective issues are driving indignation and could be used to activate new framings related to societal data risks? Perhaps fracking, urban concerns such as public safety, mobility and green zones, or technical topics like tax evasion. Even the collective risks related to COVID-19 (social distancing, mask use) can charter new ideas.  

Tisné’s paper is certainly a necessary provocation for our region, and in the same way the pandemic triggered new privacy risks, civil society should find avenues not only against those changes, but also to redefine the narrative of the conversation.