Everyone has the right to the protection of the data that concerns them and to be able to understand, in very simple terms, how that data is processed. No one shall be subjected to arbitrary interference of this right, and any limitation of this right shall be reasonable, necessary, proportionate and justifiable. Moreover, any processing of data shall be fair, lawful and transparent, adhering to data processing principles set out in international norms and standards.
Despite this, there is a gender dimension present in data collection, as it never takes place in a gender-neutral setting. Activities that are inherently about labelling and categorising individuals through methods are often predicated on existing binary gender norms. Systems developed by such data can be exploited in ways that either perpetuate such norms or to limit access and discriminate against those who do not conform. Moreover, the capitalisation and monetisation of data has proven how some companies prioritise profit over user privacy and the public good.
Additionally, past experiences have demonstrated that when data breaches occur, they have a more severe impact on women and gender-diverse people because of historical and structural inequalities in power relations based on gender and sexuality. Women and girls, in all their diversity, are more profoundly affected by the consequences of data breaches because they may face discrimination or even prosecution as a result. These breaches impact not only their right to privacy but also their sexual and reproductive health and rights.
Moreover, no matter how strong the security system is, no data is 100% safe. When data is associated with gender-based violence, it becomes categorically sensitive and if accessed, it can be used to name, shame, blame and even harass or re-offend survivors. Women and people of diverse genders and sexualities are at risk when there is not enough information on how data is collected, how it is stored and for how long, and who has access to it.
We believe that a feminist approach to data and datafication examines the nature of data and constantly resists disembodiment of data. It is centred on the understanding that the consequences of data and datafication, both the harms and possible benefits, are embodied, with individuals and communities facing those consequences.
The privacy violations that women and people of diverse genders and sexualities experience in the online space take place within a context of existing structural inequalities and discrimination, which put them at particular risk of violence and other types of human rights violations. It is important to recognise, therefore, that for these communities, conversations about privacy cannot take place without also reflecting on the surveillance they face in their immediate social environment. Privacy creates the necessary space for people who face discrimination or marginalisation based on their gender, sexual orientation, gender identity or expression to fully enjoy their human rights.
Encryption and anonymity provide the privacy and security necessary for the exercise of a range of rights. Weakened encryption undermines human rights: it can make it easier for malicious actors to gain access to people’s personal information and communications; it can lead to journalists’ sources being revealed, human rights defenders being targeted by governments, and a person in an abusive relationship being blackmailed. Therefore, the GDC’s principles should be oriented to strengthen anonymity and encryption.
APC encourages the GDC to take an intersectional approach when considering gendered dimensions of privacy. Intersectionality as a framework gives visibility to and questions powers and privileges that emerge as a result of gender, race, ethnicity, class and other social and cultural hierarchies. Individuals and groups who are viewed as being situated lower in social and cultural hierarchies, or seen by society or the state as needing to be controlled, are afforded less privacy.