Digital Rights as Human Rights
From communications to social services to remittances and building social connections with people, digital is the new world order. One out of five daily activities revolve around the use of digital tools and internet access. For example, social media has not only changed access to and appetites for news, but it has also transformed how quickly information travels, and more importantly, it has changed the process of news creation and distribution.
As with most things, the power of the internet and digital is a double-edged sword, and the other end of its many benefits is the growing erasure of privacy. The same tools that facilitate access and some measure of inclusivity with opportunities for people to share thoughts and opinions generate vast amounts of data at a scale that most users cannot even imagine. And this is the other end of the sword, the collection and use of personal and non-personal data impacts digital rights and fundamental human rights like privacy and autonomy. This end of the sword cuts deep into rights that should be basic and unalienable.
As these risks grow, the recognition of digital rights as human rights takes on far more significance than ever before.
The Right to Privacy and Data Protection
Data Privacy specifies who should have access to one’s data, while data protection introduces safeguards and policies that control who can access the data. The same protections accorded to free speech apply to the privacy of data. Individuals have the right to control their private information with autonomy, and to safe handling of personal information to prevent exploitation and unethical use.
Section 37 of the 1999 Constitution of the Federal Republic of Nigeria guarantees the right to privacy to its citizens. According to Mandel Solicitors, data privacy protections can be enforced proactively before a breach occurs, when a breach happens, and afterwards. The courts can implement this right, including granting monetary compensation to the aggrieved party. One example of the Nigerian court’s interpretation of data privacy protections is the case between Chiebuka Nworah v. United Bank for Africa Plc. The bank opened a domiciliary account without the applicant’s consent, which constitutes a breach of data privacy. The applicant won this case, and the courts awarded compensation.
However, the nature of privacy breaches has become increasingly complex as digital tools continue to evolve at breakneck speed. When does a user grant consent for their data to be used? Does the use of tools or platforms infer consent? Are consent labels, notices and instructions truly understandable by the average user? Beyond individual users, do activities like publishing on websites remove the right to control the use of the data produced? Does
The evolving complexity of digital rights and its real-world impact on both individuals and businesses further strengthens the case that digital rights cannot be optional protections but intrinsic human rights.
Across the world, laws and regulations have emerged to provide guardrails against the violation of privacy and to uphold digital rights. The General Data Protection Regulation (GDPR), an EU law which was enacted in 2016 and implemented in 2018, and the Nigeria Data Protection Act (NDPA) of 2023 are just two examples of these laws and regulations.
These laws provide a legal framework and represent an awareness of the need to confer stringent protections on digital rights. However, there are vulnerabilities including enforcement and practical protections and the lag with the speed of digital; the regionality of these laws with different countries and regions having sometimes conflicting provisions, and perhaps the biggest vulnerability is the collusion between Big Tech and State powers.
Key Vulnerabilities – Tech-State Collusion, Weak Protections, and Regional Gaps
There is increasing concern for politically motivated internet shutdowns, which directly impact citizens’ digital rights. Between January and May 2021, a digital advocacy group, Access Now has documented at least 50 internet shutdowns in 21 countries. In countries that already struggle with interpreting fundamental human rights, digital rights often suffer a similar, sometimes worse fate.
Beyond obvious actions like internet shutdowns and platform restrictions, big tech’s cooperation with states often impacts the enforcement of laws and regulations, as well as the protection of digital rights. One investigation revealed Meta’s concessions to Vietnamese authorities to suppress criticism, and another report showed that US law enforcement requests for user data from Apple, Google, and Meta have increased by 600% in the last decade.
Big Tech’s deep pockets drive extensive lobbying in the corridors of power. One report revealed in 2021 that Google, Facebook and Microsoft lead tech companies that outspent Big Pharma and fossil fuel companies in attempts to win influence in the EU, targeting the EU’s Digital Markets Act (DMA) and Digital Services ACT (DSA), which was passed into law in 2022.
In Africa, the power imbalance between Big Tech and Governments provides a loophole in regulatory action. One report frames Big Tech’s exploitation of this imbalance as “coercive exit threats”. Companies like Meta made arguments that they should not be subject to African courts since they are a US-based company, a sentence that betrays their awareness of the imbalance of power and attempts to exploit it.
As arguments go, it is important to spotlight that infrastructure intermediaries are important, often overlooked, players in the digital ecosystem. Private actors often control infrastructure that facilitates internet access, from network operators to ISP providers. Their autonomy from state control, and not only in weakened democracies, is a critical risk factor in the digital rights conversation. Intermediaries can easily be turned into instruments of control by authoritarian governments. Nigeria’s Twitter ban in 2021, Econet’s cooperation under government pressure in Zimbabwe’s 2019 protests, the United Kingdom’s Investigatory Powers Act that compelled ISP and telecoms operators to provide government agencies access to metadata. The AT&T – NSA collusion in the United States, Canada’s pressure on ISPs in content blocking orders; are just a few real-world examples of the impact of infrastructure intermediaries’ vulnerabilities on digital rights.
Weak Protections and Regional Gaps
The regionality of most digital rights regulations creates friction in achieving consistent outcomes. Different countries have unique laws and provisions that make enforcement problematic and provide responsibility bearers like Big Tech with opportunities to evade responsibility. The European Union presents the best example of how uniform regional regulations safeguard digital rights. Outside of the EU, fragmented regulations and requirements risk undermining the rights they are designed to protect. Country-specific regulations with no regional touchpoints might be counterproductive because a provision that safeguards data rights in Abidjan, does not necessarily apply in London. Meta’s attempt at evading accountability because it thinks it should not be subject to country-specific laws, is one example of the vulnerabilities that fragmented regulations present.
Big Tech Companies and Data Accountability
For Big tech companies, they run on data, shaping products, operations and user experiences. Whatever jargon is used, their commercial model is clear: the more data they collect, the better they can target users through algorithms that monetise their attention. With generative AI, the more data it has, the better it can simulate human experiences and interactions.
Their reliance on and consumption of data make them key responsibility bearers in the digital rights ecosystem, not fringe players. The influence they exert is not abstract, and it is often at the expense of user safety.
Demanding accountability and defending digital rights should command the same urgency as any other fundamental human right. Flagging violations after the fact is not enough; pre-emptive scrutiny of the entire data value chain, from collection to transfer and use through living regulations that can keep pace with innovation without losing sight of the granular mechanics of the data value chain, oversight that is not influenced, algorithmic audits and cross-border collaboration. The need for accountability is not mere rhetoric in favour of overregulation of the shiny new thing or stifling innovation; it impacts how the world is being shaped now and in the future.
Digital Rights as Human Rights
Ultimately, protecting digital rights is about people, a point easily lost in technical jargon and complex metrics. It is about preserving people’s autonomy, privacy, agency, and safety, and this must always be at the forefront whenever the argument is presented. Governments, Big Tech, Infrastructure Intermediaries all sit at critical points of the digital rights ecosystem. This is not the responsibility of a single actor; it is a collective obligation.
It may be hyperbolic to say that digital rights will soon be the culmination of all fundamental human rights. Still, the future of this right depends on how well we can align technology, policy, and infrastructure with the fundamental human rights that they continue to shape and influence.
