UN Report Highlights Growing Concerns Over Unregulated International Data Collection
Personal data has emerged as a critical global resource, yet the legal frameworks governing its circulation remain fragmented and incomplete. This has led to increasing concerns about the international collection of personal data without adequate oversight, as highlighted in a recent report to the United Nations Human Rights Council.
The Regulatory Gap
According to Ana Brian Nougrères, the UN Special Rapporteur on the right to privacy, billions of internet users are vulnerable to having their information collected from anywhere in the world without a robust international legal framework to protect them. The report emphasizes that the digital age has outpaced the development of international law, leaving a significant regulatory vacuum.
Currently, international standards primarily focus on data transfer – when one entity sends information to another across borders. However, the collection of data directly from the internet presents a different challenge. There isn’t always a clear “sender” or national authority to oversee the operation, allowing actors in one country to collect data from users on another continent without traversing any jurisdiction.
Privacy Risks and the Lack of Consistent Standards
This legal loophole exposes individuals to potential privacy violations. Data protection relies heavily on varying national laws, with some jurisdictions, like the European Union, having stricter regulations than others. This creates a complex “regulatory mosaic” that is hard to enforce consistently.
The distributed nature of the internet further complicates matters. Data collection often involves servers in multiple countries, intermediary companies, and real-time algorithms, raising the question of which authority should have jurisdiction when data is collected in one territory, processed in another, and used in a third.
Digital Sovereignty and the Need for a Global Treaty
The report ties into a broader discussion about digital sovereignty and global internet governance. The increasing strategic value of personal data – not only for commercial purposes but also for artificial intelligence, national security, and political influence – has prompted governments to reconsider the traditionally open and decentralized model of digital infrastructure.
Nougrères urges states to consider a global treaty regulating the international collection of personal data, establishing common principles to safeguard the right to privacy regardless of the data’s origin. She also recommends expanding the extraterritorial reach of national data protection laws to ensure privacy rules apply even when data is collected from foreign jurisdictions.
Updating Existing Frameworks
This initiative builds upon previous efforts to update international data protection standards. The report complements a 2024 proposal to update the resolution titled “Guiding principles for the regulation of computerized personal data files,” originally adopted in 1990. That earlier document predates the widespread adoption of the internet and the rise of global digital platforms.
Today, data collection, processing, and monetization are central to the global economy, making the need for updated regulations more urgent than ever.
Watch: UN Human Rights Council discussion on the international collection of personal data.