Human rights obligations of information and communication technology companies in the context of data governance

Abstract

While users all over the world entrust Information and Communication Technology (ICT) companies with sensitive data on a daily basis, cases of data leakages and privacy breaches have been constantly appearing in the last decade. At the same time, a cumbersome apparatus of a state does not always manage to promptly respond to the rapid technological developments. Adopted in 2011, the United Nations Guiding Principles (UNGPs) armed international law with a tool for implementation of the human rights approach in the context of business activities. However, up to now there is a number of issues regarding UNGPs implementation in ICT sector. Thus, it is important to put the general requirements for corporate responsibility to respect human rights into the operational context of ICT sector and take into consideration such issues as data usage for Big Data Analytics, privacy impacts remediation and operation in countries with high level of human rights risks. Hence, this research aims to analyse obligations that ICT companies have according to different levels of regulations and discover the ways to implement them based on existing best practices and initiatives. It also discusses the models of users empowerment and the role that they might play for their own data privacy.