Should companies harvest user data? Source: Shutterstock

Should companies harvest user data? Source: Shutterstock

Is data privacy set to become a basic human right?

REGULATORS and technology companies across the world have been going back and forth about whether or not data privacy should be a basic human right — and for good reason.

In the information age, user data is very valuable. Not only does it help companies understand their customers but also allows them to “follow” their customers and accurately target them with “relevant” advertising.

Sometimes, that shopping cart following users around the internet is funny (and great for business), but at other times (according to customers), it’s quite “creepy”.

And marketing is just one way a user’s data can be leveraged by the company to bolster their position in the market and boost their revenues. There are others which could be more harmful — which is why many user groups, non-profits, and regulators have been demanding a legally enforceable “right to data privacy”.

Most recently, according to The Economic Times, Microsoft CEO Satya Nadella called on technology companies to regard users’ privacy as a human right, asking firms and governments to work collaboratively in order to protect the most vulnerable section in society.

“All of us will have to think about the digital experiences we create to treat privacy as a human right,” said the 51-year-old Microsoft honcho.

In the EU, with the implementation of the General Data Protection Regulation (GDPR), residents and citizens are one step closer to making “data privacy” a basic human right.

And although the GDPR prompted several other nations, including several in Asia, to formulate similar laws (and strengthen existing cyber laws), none provide residents with the right to data privacy.

Take Singapore’s Personal Data Protection Act for example. It requires companies to obtain the customers’ consent, establish reasonable purpose to collect data, and inform customers of all the data processes within the business.

While the act imposes significant penalties for those in violation, there are no provisions that explicitly or implicitly suggest that data privacy is a basic human right.

Other laws in the region, such as Malaysia’s Personal Data Protection Act 2010 (PDPA), the Data Privacy Act (DPA) of the Philippines, the Data Protection Policy of Brunei, and Indonesia’s upcoming Personal Data Protection Bill too do put an emphasis on data security, privacy, and protection but steer clear of declaring it as a basic human right.

True, there will be many challenges to enforcing such a right — but as more and more technology leaders and regulators raise the point, it seems to be getting clearer: In the information age, data privacy should be a fundamental human right.