top of page
Writer's pictureLizzy Okah

Digitalization, Data Privacy and Our Human Rights: The Good, The Bad and The Cookies

Updated: Sep 17, 2023

Digitalization has made the world a global village and simplified life.


It has made available software and applications, that allow people to access, use, create and publish digital media. It enables the easy and free flow of information, as well as provides access to computers, other electronic devices, and communications networks.


This article delves into the transformative influence of digitalization on fundamental human rights, specifically focusing on the right to privacy, data protection, freedom of expression, and access to information. It is a thorough analysis of how digitalization has reshaped the exercise, protection, and potential violation of these essential human rights in the digital era.


What are Digital Rights?


Digital rights recognize the right of individuals to access, use, create and publish digital media, and the right of access to the computers, electronic devices, and telecommunications networks necessary to exercise them.


It is closely linked to universal and equal access to the internet, freedom of expression, information and communication, privacy and data protection, the right to anonymity, the right to be forgotten, protection of minors, and intellectual property. There is no goal under the Sustainable Development Goals that promotes digital rights, but its importance cannot be overestimated as it contributes to the fulfilment of every SDG.


Despite the numerous advantages of digitalization, it has ushered in a concerning era for data privacy.


Let's Talk About Data Privacy


Digital technologies have enabled the collection and storage of vast amounts of personal data. Companies, governments, and online services collect data on individuals' preferences, behaviors, and interactions. This extensive data collection raises concerns about the potential misuse or unauthorized access to personal information.


It has also increased the risk of data breaches and cyberattacks. Hackers and malicious actors have more opportunities to gain unauthorized access to databases and systems, potentially compromising sensitive personal information.


Data breaches can lead to identity theft, financial fraud, and other privacy violations. Many digital services and platforms require users to provide personal information in exchange for convenience, customization, or access to certain features. Individuals often must weigh the benefits of using these services against the potential privacy risks associated with sharing their personal data. Sometimes, websites and applications do not even give individuals a choice.


The collection of data also allows for profiling and targeted advertising. While this can enhance user experiences, it also raises concerns about privacy, as online activities of individuals are constantly monitored, and their personal information are exploited for commercial purposes.


Digital technologies have also made it easier for governments to monitor and access individuals' data. Mass surveillance programs, data retention laws, and government requests for user data from tech companies have sparked debates about privacy, civil liberties, and the balance between security and individual rights. Individuals do not have control over how their data is stored, shared, and used, and unfortunately, many people are not patient enough to read privacy policies.


Attributes of technology such as WEB 2.0 and 5G, and content creation on social media have made the internet more interactive and the sharing of information very fast. This has created a blur in the lines of what can be shared, and challenges to the protection of data and data privacy.


What is WEB 2?

WEB 2 creates a more interactive web as it uses cookies, which has become very controversial.


If you've clicked a new website on your phone or computer over the past 18 months or so, you’ve probably seen it - a notification informing you that the page is using cookies to track you and asking you to agree to let it happen.


The site invites you to read its “cookie policy,” (which, let’s be honest, you’re not going to do), and it may tell you the tracking is to “enhance” your experience — even though it feels like it’s doing the opposite.


But let's take a step back... what are cookies?


To back up a little bit, cookies are pieces of information saved about you when you’re online, which track you as you browse. Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you — like what’s in your shopping cart on an e-commerce site, or your login information.


So, say you go to a weather website and put in your zip code to look up what’s happening in your area; the next time you visit the same site, it will remember your zip code because of cookies.


There are first-party cookies that are placed by the site you visit, and then there are third-party cookies, such as those placed by advertisers to see what you’re interested in and in turn serve you ads to fit your preferences — even when you leave the original site you visited. This is how ads follow you around the internet thereby creating your unique digital footprint.


These pop-up cookie notices all over the internet are well-meaning and supposed to promote transparency about your online privacy. But in the end, they’re not doing much. Most of us just tediously click “yes” and move on. If you reject the cookie tracking, sometimes, the website won’t work which is a violation of the European Union's (EU), General Data Protection Regulation (2016) and other data protection legislations. But most of the time, you can just keep browsing. They’re not too different from the annoying pop-up ads we all ignore when we’re online.


Laws, Regulations, and Legal Disputes


The digitalization of data has prompted the development of new legal frameworks and regulations to protect individuals' privacy. Examples include the European Union's General Data Protection Regulation (2016) (GDPR), the Nigerian Data Protection Act (2023) and the California Consumer Privacy Act (2018) (CCPA). These regulations aim to give individuals more control over their data and impose obligations on organizations to ensure privacy protections.


The GDPR does not expressly provide for third party cookies. However, It states that consent must be given for the use of personal data and such consent must be express and unambiguous. According to Article 4 of the GDPR, personal data refers to any information relating to an identified or identifiable natural person. This includes information such as names, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual. The GDPR provides a broad definition of personal data to ensure that individuals' privacy rights are protected and that organizations handling such data are subject to appropriate data protection obligations.


Articles 6 and 7 outline the requirements and conditions for obtaining valid consent from individuals for the processing of their personal data. Article 6 of the GDPR lays out the legal basis for processing personal data. It lists several lawful grounds for processing, one of which is obtaining the data subject's consent. According to Article 6(1)(a), processing is lawful if the data subject has given clear and affirmative consent to the processing of their personal data for one or more specific purposes. Article 7 of the GDPR focuses specifically on the conditions for consent. It details the requirements for obtaining valid consent, which include:

  • Consent must be freely given;

  • Consent should not be coerced, and individuals should have a genuine choice and the ability to refuse or withdraw consent without negative consequences;

  • Consent must be specific: It should be clear and specific about the purposes for which the data will be processed;

  • Consent must be informed: Data subjects should have sufficient information about the processing activities, such as the identity of the data controller, the purposes of processing, the types of data involved, and any third parties with whom the data may be shared;

  • Consent must be unambiguous: It should be given through a clear affirmative action, such as ticking a box or actively confirming consent; and

  • Consent must be demonstrable: The data controller must be able to demonstrate that valid consent has been obtained, including keeping records of when and how consent was given.

These provisions aim to ensure that individuals have control over their personal data and are fully aware of how it will be used by organizations.


The rise of alerts about cookies is the result of a confluence of events, mainly out of the EU. But looking at the bigger picture, these alerts underscore an ongoing debate over digital privacy, including whether asking users to opt in or opt out of data collection is better, and the question of who should own data and be responsible for protecting it.


We see this in the ongoing case against Facebook by the Federal Trade Commission (FTC). More than 185 million people in the United States and Canada use Facebook daily. Facebook monetizes user information through targeted advertising, which generated most of the company’s $55.8 billion in revenues in 2018. To encourage users to share information on its platform, Facebook promises users they can control the privacy of their information through Facebook’s privacy settings. However, following a yearlong investigation by the FTC, the Department of Justice filed a complaint on behalf of the Commission alleging that Facebook repeatedly used deceptive disclosures and settings to undermine users’ privacy preferences in violation of its 2012 Federal order. These tactics allowed the company to share users’ personal information with third-party apps that were downloaded by the user’s Facebook 'friends'. The FTC alleges that many users were unaware that Facebook was sharing such information, and therefore did not take the steps needed to opt-out of sharing. Facebook Inc., now Meta Platforms Inc. will pay a record-breaking $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy.


There is also a similar case against Cambridge Analytica.

How can data privacy rights be protected regardless of the prevalence of digitalization? Protecting data privacy in the digital age requires a multi-faceted approach involving individuals, organizations, and policymakers. It involves a combination of technological, legal, and societal efforts to ensure that personal data is handled responsibly, and individuals' privacy rights are respected. It is without a doubt the tremendous applause digitalization has received and is still receiving. However, we all need to be aware of the threat to our data privacy rights it poses and take steps listed below to protect this right as individuals and organisation.

DO MORE

The Legal and Regulatory Approach : What International Bodies, Government Institutions, and Policy Makers should do

  • The United Nations should include the promotion and regulation of digitalization into the development goals. Considering the importance and impact of digitalization on several the SDGs, it is important that digitalization be provided as an indicator for the achievement of the SDGs.

  • There should be regular audits and assessments of data handling practices, security measures, and compliance with privacy regulations. This helps identify and address any vulnerabilities or non-compliance issues.

  • Governments and regulatory bodies should establish and enforce comprehensive privacy laws and regulations: These should outline clear obligations for organizations, provide individuals with rights and remedies, and include penalties for non-compliance. The laws on data protection rights should be more comprehensive. GDPR is the most popular data protection rule, and it is the basis upon which many have written their own data protection regulation such as in Nigeria. Many countries have also adopted it yet, it doesn’t specifically address the proliferation of third-party cookies. These laws should be moving with the trend. It is without a doubt that the technology and digitalization is moving at a great speed. The drafters of the laws must be up to date to keep up. In this light it is suggested that there should be a frequent review of data protection laws and individuals with technological knowledge should be contacted during reviewing and drafting.

  • International cooperation and collaboration in addressing cross-border data privacy issues should be promoted. Agreements and frameworks to ensure consistent privacy protections when data flows across different jurisdictions should be established.

  • Organizations should be encouraged to adopt privacy best practices and hold them accountable for data privacy violations. Support privacy advocacy groups and initiatives that promote privacy rights and raise awareness.

The Technical Approach : What Technology Companies should do

  • Robust security measures should be taken to protect personal data from unauthorized access, including encryption, firewalls, and secure authentication methods. Software and systems should be regularly updated to patch security vulnerabilities.

  • Privacy considerations should be incorporated from the early stages of product and service development. Implement privacy-enhancing technologies, minimize data collection and retention, and ensure that privacy settings are user-friendly and easy to understand.

  • Organizations should provide clear and transparent information about their data collection, use, and sharing practices. Privacy policies should be written in plain language, easily accessible, and regularly updated. Explicit consent should be obtained from individuals before collecting or using their personal data. Web 3.0 is instrumental to transparency. Using blockchain and other decentralized application that allows for transparency and immutability of data, data practices can be more transparent.

  • Only the necessary personal data should be collected and retained for specific purposes. Avoid indiscriminate or excessive data collection. Ensure that data is used solely for the purposes stated and not shared or sold without consent.

  • Where possible, organizations should use techniques such as anonymization and pseudonymization to protect individual identities and minimize the risk of re-identification

  • Employ technologies that enhance privacy, such as differential privacy, which adds noise or randomization to datasets to protect individual identities while maintaining the overall usefulness of the data.

  • Develop and implement a comprehensive plan to respond to data breaches effectively. This includes promptly notifying affected individuals, taking remedial actions, and working closely with relevant authorities.

  • The advent of the WEB 3.0 is encouraging and applaudable. By using decentralized networks such as blockchain, websites and applications will no longer have ownership over our data and activities. This will reduce data exploitation. Several popular applications, like WhatsApp and Instagram, are investing in Web 3.

The Social Approach - What You can do!

  • Educate yourself and people you know about data privacy risks, best practices, and their rights.

  • Promote awareness of phishing attacks, social engineering, and other techniques used to exploit personal information

  • Ensure you use strong passwords and change them regularly

  • Don't click 'Accept All Cookies'! Ensure you read through Cookie policies before accepting them, and don't forget to decline cookies that are not necessary!

  • Always review Privacy Policies and use your privacy settings.

WRITTEN BY Lizzy Okah

Lizzy Okah is a Legal Practitioner. She believes that the Maritime Industry in Nigeria is a gold mine and is not underdeveloped as it has been tagged. If we all have good intentions and work together to enforce the SDG and ESG goals as it relates to the Maritime Industry, the industry can reach its full potential. Lizzy has a passion for assisting the survivors of sexual abuse, particularly, the girl child, to reach their full potential. She enjoys, researching, reading, listening to music, vlogs and podcasts and enjoying the soft things of life.

Want to connect with Lizzy? Follow her on Instagram and connect with her on Linkedin!


EDITED BY Chizulu Uwolloh.

'Zulu is a writer, self-proclaimed bibliophile, lawyer, and international development professional passionate about social impact and showing people how they can create change in their communities. Zulu Uwolloh is a lawyer and international development professional. She is also the founder of Kurerie, a digital platform, and community that amplifies the voices of youth making an impact in their communities. Kurerie educates young people on how they can become active stakeholders in the achievement of the SDGs. She is passionate about showing young people that they can change the world with the smallest actions.


Want to connect with Zulu?


Follow her on Twitter, Instagram or connect with her on Linkedin!






Comments


Commenting has been turned off.
Post: Blog2_Post
bottom of page