INTERNATIONAL LAWS ON DATA PROTECTION & PRIVACY RIGHTS- A

RIGHT NEEDLE IN DIGITAL HAYSTACK OF DATA?

ABSTRACT
In the economy where the personal data and the global information became a fuel for the
online activities, the prominence of data protection and privacy is recognized with the span of
time. However, several cultural and social norms around the world are inclusive of respect for
privacy but at the same time the current system of data protection is highly disintegrated and
fragmented. The information which is shared and transmitted are subject to many potential
drawbacks apart from the opportunities it promises. Therefore, there is need for international
compatibility as some areas still have no laws, some have outdated laws, some have partial
laws, and some laws need amendments. Such compatible data regimes are desirable to avoid
fragmentation and duplication in the international and regional approaches to the data
protection. This study reviews the data protection regulations and its consonance with the
evolving needs and emerging possibilities to facilitate the potential benefits. The findings of
the study are an attempt to inform the much-needed people on how to ensure international
compatibility and also throws light on the concerns regarding data protection and privacy
rights. Numerous challenges have been encountered concerning the implementation of the
existing data protection laws. However, this study concentrates on gaps that persists,
jurisdictional concerns, regional and national initiatives, international developments,
surveillance of data protection laws, and some recommendations and suggestions. The
countries which still do not have appropriate laws in place shall have regulatory principles
and shall follow the policies that is being developed, reviewed by nations.

Keywords- data protection, privacy rights, UNCTAD, user data, international laws,
cybercrimes, cyberworld, cyberspace

INTRODUCTION

Presently, protection of data and privacy rights is the challenge for the policymakers
concerning the control over the generation of information through online activities. The
policymakers are concerned with making the legislation which protects its citizens from any
sort of harm and interference and also from purposeful and painstaking acts of misuse.
Therefore, the putting in place the data protection measures should be a key element of any
policy because in many international agreements, data protection is considered as a
fundamental right.
It is evident from the following that data protection is high on the political and ministerial
agenda-

 In 2015, United Nations designated a Special Rapporteur concerning right to privacy

 Various international agreements of trade are including data protection
 In issues of national surveillance, data protection is being considered on high profile
cases in courts
 United States and the EU [European Union] re-negotiated on cross-border agreement
of data protection which is called EUUS Privacy Shield.

DATA PROTECTION LAWS- GAPS THAT PERSISTS

Despite several initiatives at regional and national level, enormous gaps persist and exists
concerning the coverage of data protection laws. For instance, 30 percent of countries have
no legislations for data protection which resulted in reduced trust and confidence in many
commercial activities which further poses a threat to international trade opportunities as
meeting cross-border legal requirements in absence of data protection laws may be
problematic. Additionally, more than 60 percent of the representatives of their respective
nations faced difficulties concerning legal issues related to data protection and privacy.

ASEAN Countries faced several challenges while enacting data protection laws such as –

 Funding issues
 Lack of skills for policymakers and parliament members
 Lack of adequate ICT infrastructure

Also, issues such as inconsistent court interpretations and cross-border rules acts as a barrier
in enforcing the laws of data protection. Besides these gaps, there are many countries which
do have relevant laws but with certain gaps and exemptions. For instance, Australia &
Canada where such laws exclude small scale businesses. Other exemptions are related to data
collection sources, or sectoral data which is specifically restricted to health/credit, etc.

Therefore, legislating, enforcing, and implementing the data protection laws is subject to
time-consuming and thus, is a challenging procedure. UNCTAD conducted survey in around
48 countries to create awareness and knowledge among policymakers and the judiciary so
that informed policies and legislations can be enforced in an effective manner.
SURVEILLANCE & DATA PROTECTION

It is difficult to imagine but the association of surveillance with data protection was
considered as a “fringe” issue in the history. Although many initiatives at the global and
regional level have been taken but they have been slow to address the issue of surveillance.
Besides, the inapplicability of the European Data Protection Directive to the national security
rendered cursory impact. However, the national security as well as surveillance were
subjected to desultory and brief mentions in the APEC Privacy Framework and the guidelines
on Privacy of OECD.

However, with the span of time

The Council of Europe Convention 108 is the only data protection initiative to provide any specifi c
coverage of national security and surveillance issues, and even this coverage is restricted to a minor
exemption (Article 9) that allows countries to derogate from just three of the Convention’s
provisions (data quality, sensitive data and access rights) in order to protect state security. The
derogation is only allowed “to the extent necessary in a democratic society”. However, the global
context for data protection has been changing rapidly; surveillance and national security issues have
now come to the fore. The interest in surveillance began with the growth in cloud computing, which
often required personal data to be moved to another country for processing, storage and/or back-
up. For example, if the target country was the United States, questions arose about the potential
impact of United States national security legislation (chiefl y the PATRIOT Act). Similar issues were
raised about other jurisdictions. These concerns were fairly muted and had little impact on the rapid
growth of cloud computing until June 2013, when Edward Snowden, a former U.S. intelligence offi
cer, revealed extensive details about the surveillance activities carried out by the intelligence
services in the United States and some of their allies. The new material revealed (or in some cases
confi rmed) the extent of surveillance of U.S. and nonU.S. citizens. The exact nature and extent of
private sector involvement is still subject to debate. The material also revealed that some
surveillance activities went beyond the likely expectations of consumers regarding ‘national security’
issues. For example, the material highlighted instances where delegates at a climate change
conference were subject to surveillance. Since June 2013, there has been signifi cant law and policy
reform in the U.S. This has included improved governance, restrictions on mass surveillance of U.S.
citizens, the extension of some legal rights to foreign citizens, and new restrictions on the operations
of U.S. intelligence agencies. The Snowden revelations also exposed surveillance practices in other
countries, notably Germany and the UK, which had previously been unknown to the general public.
Unsurprisingly, numerous legal cases were initiated by consumers and civil liberties organizations to
challenge the extent of the surveillance. The cases rely on a mix of constitutional law, treaty law and
national laws. There have been several cases in the United States and the UK, but the most signifi
cant case is Schrems v Facebook (box 1).

The task of balancing surveillance and data protection requirements remains challenging. The
Schrems v Facebook decision is a direction to place conditions and restrictions on surveillance in any
data protection regime in Europe, and this may have knock-on effects on all those jurisdictions that
follow European law closely. The United States has initiated multiple reforms that strengthens
governance and oversight of the intelligence agencies, and provides consumers with potential
avenues for redress.