Comment: Cybersecurity as a human rights issue: a particular challenge in emerging markets

In twentyfifty’s work, we are increasingly seeing a gap in companies’ own assessment of their human rights impacts relating to cybersecurity. As technology becomes more central to all sorts of different sectors, companies are struggling to keep pace with the potential challenges that such developments bring. This is a particular issue for those operating in emerging markets where the rule of law may be less strong.

Why is cybersecurity a human rights issue?

Cybersecurity is a term used to cover a wide array of issues, from preventing internet-enabled crime, to information security, to legitimising mass surveillance[1]. There are many ways in which cybersecurity intersects with human rights – either ensuring the protection of those rights or threatening them.

Take, for example, critical infrastructure such as electricity networks. These are increasingly being run remotely or through automated systems. The development of smart grids, which take advantage of the ‘Internet of Things’, enables electricity providers to switch domestic and business appliances on and off to smooth out peaks in demand. A cyber-attack on the electricity network that prevents it from working properly can have a significant impact on those affected: hospital patients may be denied the right to healthcare; schools may have to close temporarily affecting the right to education of children; and countless individuals may have their livelihoods negatively impacted. Having adequate security measures in place for critical infrastructure to ensure that it does not fail is essential for protecting human rights.

Cybersecurity is also about information security and data protection. A failure to protect the data of individuals can seriously impact their right to privacy and may have a knock-on effect on other rights as well. For example, if a person’s bank details are hacked and money stolen, this could affect their ability to pay rent and bills and to have future access to credit.

As well as ensuring adequate cybersecurity to protect individuals, the term can also be used as a means of undermining human rights. For example, some governments have started to refer to cybersecurity as a way to justify increased powers to monitor individuals, collect and store data, restrict internet browsing and prohibit encryption and other anonymization services[2]. Such approaches can infringe on people’s rights to privacy and to freedom of expression.

Cybersecurity and human rights in emerging markets

Companies operating in emerging markets have a particular role to play in terms of cybersecurity and human rights. Firstly, there are far fewer data protection laws in emerging markets[3], meaning it is often up to companies themselves to set the standards and adhere to them when it comes to collecting employee, customer and public data. Paying attention to this is particularly important where such data can reveal personal information which could put someone at risk such as a person’s political opinions, sexual orientation or medical history. In some countries, this information can lead to persecution, arrest and even death.

Related to this, companies need to ensure that they are prepared to respond to government requests for data or support for surveillance. Some organisations are managing this by publishing ‘transparency reports’ detailing which governments have made requests and which they complied with (without giving information that would identify the subjects of the data requests). Others have protocols in place to deal with requests to shut down the internet or policies that restrict the sale of some technologies to governments with poor human rights records.

Thirdly, higher levels of poverty and lower levels of development go hand in hand with less opportunity to access the internet. People who are not digitally literate risk being left further behind as the rest of the world increasingly moves online. In many countries, there is also a gender dimension to internet and mobile access, with women having less free time and knowledge to use technology and facing greater risks of online abuse, including cyberstalking, unwanted sexual advances and blackmail[4]. Companies may risk exacerbating divisions and discrimination if they have not recognised existing inequalities in the application of new technologies. In addition, companies operating in markets where internet penetration rates are low must recognise the limitations this puts on freedom of expression.

Finally, companies need to ensure adequate protection for critical infrastructure from cyber-attacks in order to prevent adverse human rights impacts. Companies involved in everything from water provision to traffic light systems need to build in adequate safeguards to protect such infrastructure, including plans for maintenance, upgrades and patching security flaws. Where governments have issued tenders for infrastructure without these requirements, companies that aim to respect human rights must include cybersecurity provisions regardless.

What now?

Technological developments are moving rapidly and much international human rights law has not yet caught up. This is a particular challenge for those companies operating in emerging markets where the rights of individuals have, in many cases, fewer protections either in law or in its application. Technology is also an important enabler of human rights – providing a platform for freedom of expression, increasing access to information and bringing people together to advocate for their human rights.

The role of technology is increasingly being looked at by companies seeking to identify and address their own human rights impacts but cybersecurity has yet to feature on the radars of most. However, it seems that there are few, if any, business entities today who do not need to look closely at their own human rights impacts in the field of cybersecurity.


[1] Travel Guide to the Digital World: Cybersecurity Policy for Human Rights Defenders, Carly Nyst, 2016

[2] Travel Guide to the Digital World: Cybersecurity Policy for Human Rights Defenders, Carly Nyst, 2016

[3] Travel Guide to the Digital World: Cybersecurity Policy for Human Rights Defenders, Carly Nyst, 2016