Three Challenges in Data Protection and Privacy

Three challenges in data protection and privacy 

Geneva – In our era of data revolution, big data and artificial intelligence, it is widely accepted that the collection and dissemination of migration data can yield many benefits. However, privacy and data protection considerations need to be at the centre of all data discussions as the risks associated with data processing may be substantial for the data subjects whose personal data are being processed. It is paramount to respect and ensure human dignity and the right to privacy of individuals, a fundamental human right that is not restricted to a country’s own nationals nor to persons with a specific migratory status.

Data protection is the systematic application of a set of institutional, technical and physical safeguards that preserve the right to privacy with respect to the collection, storage, use, disclosure and any other type of processing of personal data[1]. The protection of personal data of migrants in particular is of fundamental importance as it is an integral part of protecting the life, integrity and human dignity of migrants.

Firstly, many challenges in the field of privacy and data protection derive from the rapid pace of technological advancements. Technology nowadays is facilitating people’s everyday life, but it also leads to large amounts of personal data being collected and processed in a small amount of time. For example, developments in the Internet of Things technology allow individuals today to monitor and track their physical activity with wearable fitness monitors, turn on the heating or electricity before they arrive home or even remotely unlock their door for visitors if they are not at home.

This leads to a second group of challenges which is linked to technology moving at a quicker pace than the law. Even though many States have data protection legislation in place, some of it is not sufficiently updated to take technological advancements into account. Creating legislation for new technologies is by no means an easy task. Legal gaps are evident, for example, in the case of self-driving cars as most laws are silent on whether it is necessary for a human being to be driving a car.

Thirdly, additional challenges derive from data ethics, which go beyond legal compliance. In today's digital data-driven world, adherence to the law is not considered to be enough; the ethical dimension of data processing needs to be considered. [2] Ethical problems concerning data would include, for example, algorithmic biases that might lead to discrimination and perpetuate pre-existing social and cultural biases. Automated decision-making is nowadays part of many national immigration systems, predictive policing mechanisms are put in place for security reasons and several biometric recognition software are used at border crossing points. From an ethical point of view, it is crucial that all such initiatives are not only based on robust legal regimes but that they are fair, transparent and impartial.

To conclude, despite the increase in regulatory efforts around the world, a lot remains to be done. States are encouraged to ratify Convention 108, if they have not already done so, as a first step towards demonstrating their commitment to strong standards of privacy and data protection. The adoption of comprehensive national data protection legislation together with the creation of an independent data protection authority overseeing the implementation of that legislation is also crucial to ensuring the protection of personal data of all people, including migrants present in the State’s territory.

In the end, it should be highlighted that at the heart of data protection and privacy is the migrant’s human dignity and these are intricately linked with migrants’ right to a private life, being autonomous and in control of their personal data. Safeguarding the privacy and data protection of migrants is not a problem in that respect but part of the solution.


Read more on Migration and Data Protection here:

[1] Adapted from the IOM Data Protection Manual, International Organization for Migration, 2010, available at (last accessed 18 January 2022).

[2] European Data Protection Supervisor (EDPS), Opinion 4/2015, Towards a new digital ethics, 11 September 2015, page 4, available online at  (last accessed 18 January 2022).

SDG 17 - Partnerships for the Goals