Data localization mandates can impact a broad range of human rights, including privacy, freedom of expression, freedom of association, personal security, and non-discrimination. The workshop hosted by GNI and Freedom House explored the technical and legal dimensions of data localization requirements and featured company and non-company perspectives.
"MR5" regulation in Indonesia, for which implementation is currently postponed, features problematic elements similar to those we have highlighted in other recent digital regulations: broad, vague definitions of companies and content in scope, significant threats of penalties for noncompliance, including to required local company contacts, and exceptional powers to access company data — both metadata and content of communications — including a potential direct access arrangement.
GNI encourages lawmakers to examine the practice of government procurement of user data and support legislative efforts to ensure that government agencies are not procuring such data in order to avoid or circumvent legal requirements that would otherwise apply.
Defining Direct Access: GNI calls for greater transparency and dialogue around mandatory, unmediated government access to data
This web page calls attention to legal and technical arrangements that allow government authorities to access data streams directly – that is, without having to request data from, or even notify, the service providers that collect and/or transmit the data. Read more for the full GNI statement, "defining direct access", plus a one-page visual explainer and related resources.
GNI welcomes this opportunity to provide input to UN Human Rights on the preparation of the thematic report on artificial intelligence and the right to privacy. In our submission, we outline risks and opportunities for human rights, recommended safeguards, and legal and regulatory considerations to ensure the increasing adoption of AI technologies contributes to the promotion and protection of the right to privacy.
Recently notified IT Rules in India, which follow a previous draft GNI commented on in early 2019, continue to pose significant risks for freedom of expression and privacy. Read GNI's letter to the Ministry of Electronics and Information Technology and corresponding analysis of the Rules.
Given the severe social, economic, and human rights consequences that the draft cybersecurity law is likely to have on both users and companies inside the country, GNI calls on the Myanmar military to withdraw and reconsider the law.
Several provisions of the proposed "Law of Freedom, Responsibility, and Transparency on the Internet” in Brazil would be counterproductive to the stated intent of the bill and pose risks for freedom of expression and privacy. Brazil’s legislature should heed calls from international experts and civil society and take care to respect the rights enshrined in Marco Civil by rejecting the bill and engaging in meaningful and transparent multi-stakeholder consultation to find a truly rights-respecting way forward.
With over 100 individuals from GNI members in attendance, the calls discussed the opportunities and risks of using ICT company data to respond to the pandemic, as well as the impact of different government measures on the flow of important health information.
The Citizens Protection (Rules Against Online Harm) 2020, approved by the Government of Pakistan on 21 January 2020, creates significant risks for the privacy and free expression rights of ICT users both within and outside of Pakistan.