UNDP and CCG issue a report on the importance of protecting legal identities
The United Nations Development Programme (UNDP) and the Centre for Communication Governance (CCG) have issued a report, highlighting measures to be taken in order to protect digital identities, due to extensive personal data collection and biometric information in certain countries.
The UN Development Programme (UNDP), in collaboration with the Centre for Communication Governance (CCG) at National Law University Delhi, has issued a report titled ‘Drafting Data Protection Legislation: A Study of Regional Frameworks.’ This report underscores the critical role of data protection in the context of legal identity and its being a crucial human right, highlighted by target 16.9 of the UN’s sustainable development goals.
Granting legal identity often entails collecting extensive personal data, including biometric information. Countries like India, Mexico, and Estonia, with expanding digital identity systems, are amassing substantial citizen data, heightening concerns about data breaches, invasive surveillance, and privacy vulnerabilities.
However, to mitigate data privacy risks, the report urges nations to develop appropriate data privacy legal frameworks and regulations. The report encompasses a range of data protection facets, including principles like consent, notice, and transparency, while addressing the entire data lifecycle, from collection to management. The ‘CIA triad’- confidentiality, integrity, and availability – forms the cornerstone of data security.
Furthermore, the report stresses safeguarding the rights of data subjects, including the right to change inaccurate data, mainly when such data is used in automated decision-making processes affecting access to public services.
With the increasing digitalisation of education systems, children are highlighted as a particularly vulnerable group, necessitating regulations on the age of consent and age verification within digital ID systems. In scenarios involving cross-border data sharing by businesses, the receiving territory must adhere to robust data protection standards.