How can we balance security and privacy in the digital world?

Privacy is crucial for individuals to safeguard their personal information and data, while security measures aim to protect them from harm. However, security often requires access to private information, which can create a conflict with the right to privacy. Striking a balance between security and privacy is crucial for creating a safer internet, while also upholding human rights.

The debate on this topic is multifaceted, with various stakeholders providing differing perspectives. Some argue that privacy is a fundamental right and should be protected at all costs, while others argue that security concerns often outweigh individual privacy rights.

The General Data Protection Regulation (GDPR), implemented by the European Union in 2018, is an example of legislation that prioritises individual privacy rights. The GDPR requires companies to obtain explicit consent from users before collecting their personal data and provide them with the right to access, correct, and delete their data. Companies that fail to comply with these regulations face severe penalties, including fines of up to 4% of their global revenue.

However, some argue that privacy regulations can hinder security efforts. For instance, the US government has been in conflict with technology companies such as Apple over their refusal to provide access to encrypted data on their devices. The government argues that access to this data is crucial for national security purposes, while Apple maintains that granting access would compromise user privacy and security.

Privacy concerns in the MENA region

In order to reduce the spread of COVID-19, some countries in the Middle East and North Africa (MENA) region have deployed technology to identify and isolate infected people, especially through applications. Some countries like Tunisia, Qatar, and Morocco developed their own digital tracing applications.

Nevertheless, in spite of the debate surrounding the efficacy of these applications in limiting the spread of COVID-19, civil society and human rights activists suggest that without the legal protection of personal data, some of these applications can open the way for a breach of human rights by authoritarian governments.

Personal data tells a lot about people, their ideas, and their way of living. Therefore, they can easily be used to harm them. This is especially dangerous for vulnerable communities and people like journalists, activists, human rights advocates, and marginalised groups. That’s why it is important to protect this data.

The use of COVID-19 tracing applications in some countries of the MENA region is a cause for concern, as observers fear that it may lead to population monitoring without independent oversight. Due to the lack of transparency and limited access to information in these countries, it is difficult to ascertain the safety of personal data, the entities that can access it, and whether it will be deleted by predetermined deadlines. This is especially concerning in politically tense contexts, where civilians have limited recourse when their privacy rights are breached.

An example of this occurred in April 2021, when Malcolm Bidali, a Kenyan security guard in Doha, was targeted through a phishing link that disclosed his identity. Bidali had been using an anonymous Twitter account (@noaharticulates) to document the abuse and exploitation of migrant workers on World Cup 2022 building sites. Bidali was arrested in May 2021 and accused of ‘connecting with foreign forces to destabilize the country’. He was imprisoned for three weeks before his disappearance was reported to NGOs. Eventually, he was convicted of ‘spreading misinformation’, forced to plead guilty, pay a fine of 25,000 riyals (€6,300), and deported to Kenya on August 23.

What can be done?

To address these issues, highly security-focused countries must adhere to legislative frameworks that protect basic rights, and work to increase transparency and build trust with their citizens in domains such as cybercrime, digital identity, and data flow across borders, where personal data is particularly important.

To manage the relationship between security and privacy better, a collaborative effort between policymakers, technology companies, and users is necessary.

Policymakers must strike a balance between privacy and security concerns in legislation, taking into consideration the potential consequences of violating either right. Technology companies must design systems that protect user data while also providing adequate security measures. Users must also take responsibility for their privacy by being aware of how their data is collected, used, and shared and making informed decisions.

Mr Nourredine Bessadi is a researcher, independent consultant, and translator. He is interested in human and minority rights, gender, civil society, internet governance, environmental issues & solutions. He lives between Algiers and Tunis. Nourredine recently completed Diplo’s Introduction to Internet Governance online course.

Browse through our alumni blog posts at Diplo Alumni Blog.