Data protection, and the Taliban!

For the past couple of years, the debates related to data protection and privacy have entered the mainstream. Cambridge Analytica and multiple other instances of mass data breaches exposed the vulnerability of user data. GDPR emerged as the Gold Standard for regulations related to data protection and privacy. At the same time, the implementation challenges of such complex regulation limited the intended objectives. Even China turned to data protection to control the dominance of technology giants such as Alibaba and Tencent. China’s Personal Information Protection Law (PIPL) lays down for the first time a comprehensive set of rules around data collection and protection.

Today, we see a different perspective on the importance of data protection, and possibly in a unique scenario. There are concerns that digital ids and various databases, the digital trails are enhancing the risk of citizen safety in Afganistan. As there is no legitimate government in power, all databases are prone to unauthorized access and possible misuse.

“We understand that the Taliban is now likely to have access to various biometric databases and equipment in Afghanistan,” the Human Rights First group wrote on Twitter on Monday.

“This technology is likely to include access to a database with fingerprints and iris scans, and include facial recognition technology,” the group added.

The U.S.-based advocacy group quickly published a Farsi-language version of its guide on how to delete digital history - that it had produced last year for activists in Hong Kong - and also put together a manual on how to evade biometrics.

“With the data, it is much more difficult to hide, obfuscate your and your family’s identities, and the data can also be used to flesh out your contacts and network,” said Welton Chang, chief technology officer at Human Rights First.

The situation in Afganistan confirms the fact that we need to respect the foundational principles of data protection and privacy without any exceptions. A citizen or a user is the ultimate owner of personal data. Governments and all service providers need to not only follow the consent protocols, usage rights but also ensure the safety of data in such unprecedented situations. On the other hand, citizens should have easier access to delete all data if such a situation arises.

Data protection and privacy are one of the fundamental rights of a citizen, as recognized by many countries across the globe and Governments, are responsible to empower and enable citizens to make a choice, especially when unauthorized access to data may endanger their lives.

References/Sources

https://www.cnbc.com/2021/04/12/china-data-protection-laws-aim-to-help-rein-in-countrys-tech-giants.html

https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal

https://www.reuters.com/article/afghanistan-tech-conflict/afghans-scramble-to-delete-digital-history-evade-biometrics-idUSL8N2PO1FH