The annual International Women’s Day (IWD) on 8th March is a global day celebrating the social, economic, cultural, and political achievements of women. The day also marks a call to action for accelerating women’s equality and, more generally, gender equality. The theme of this year’s IWD is “DigitALL: Innovation and technology for gender equality.”
Celebrating IWD 2023, in today’s blog post, we discuss the inherent nature of the relationship between privacy and gender and why gender is essential in assessing privacy risks.
The gendered nature of privacy risks and harms
Applying gender as an analytic to accurate data collection can help ensure that a programme, a policy, or even a product is designed with the societal dynamics and power relations arising from gender and gendered difference in mind.
However, there are also a whole host of situations in which the knowledge of someone’s gender is completely redundant and irrelevant to the task at hand. In such scenarios, collecting this kind of sensitive personal data is not only an invasion of privacy but can also increase the severity of the harm caused by misuse of that sensitive personal information.
Just as there is inequality offline, there is inequality online. The virtual world mirrors – and at times exacerbates – ‘real’ world situations. Technology has transformed many forms of gender-based violence into something that can be perpetrated across distance, beyond borders, anonymously, or even without physical contact. Privacy risks are therefore higher for those groups who already deal with disadvantage, underrepresentation, inequality, and discrimination on the grounds of their identities. Privacy-related harms disproportionately impact members of marginalized, under-served, or vulnerable groups, including women and girls, and lesbian, gay, bi, trans, and intersex (LGBTI) persons.
Privacy harms, whether caused by data breaches, surveillance, or other invasions of privacy, do not impact everyone equally. This fact is demonstrated, for example, by research that found that the issue of perpetrators using technological means to engage in and facilitate abuse of women is significant and on the increase. When considering a case about cyberviolence and online harassment, in 2021 the European Court of Human Rights (ECtHR) issued a judgement which found that these activities were a violation of the European Convention on Human Rights. The Convention, and its Article 8 on respect for private and family life, has been extended to Bermuda since 1953.
Online and privacy-related harms
Referring to a number of international frameworks in the decision, the ECtHR noted that “violence online and offline, or ‘physical’ violence against women and girls (VAWG) and ‘cyber’ VAWG, feed into each other” and that “abuse may be confined to networked technologies or may be supplemented with offline harassment including vandalism, phone calls and physical assault”. The Court also observed that forms of cyber VAWG fall into six broad categories:
hacking – the gaining of unauthorized access to data in a system or computer,
impersonation - the use of technology to assume the identity of the victim in order to embarrass or shame her (e.g., by sending offensive emails from the victim’s email account),
surveillance/tracking - stalking and monitoring a victim’s activities either in real-time or historically (e.g., GPS tracking),
harassment/spamming - the use of technology to continuously contact, annoy, threaten, and/or scare the victim,
recruitment - luring potential victims into violent situations, and
malicious distribution - manipulating and distributing defamatory and illegal materials related to the victim (e.g., threatening to or leaking intimate photos/video) with the aim of publicly shaming and humiliating that person, and even inflicting real damage on the target, such as getting them fired from their job.
Five general characteristics distinguish cyber VAWG from in-person or physical violence:
“anonymity” (the abusive person can remain unknown to victim),
“action at a distance” (abuse can be done without physical contact and from anywhere),
“automation” (abusive actions using technologies require less time and effort),
“accessibility” (variety and affordability of many technologies make them readily accessible to perpetrators), and
“propagation and perpetuity” (texts and images multiply and exist for a long time or indefinitely).
A 2019 report by the UN Human Rights Council’s Special Rapporteur on the Right to Privacy, entitled Privacy and technology from a gender perspective, concludes that gender-based breaches of privacy are a systemic form of denial of human rights: they are discriminatory in nature and frequently perpetuating unequal social, economic, cultural and political structures. The report discusses gender issues arising in the digital era from the perspective of the human right to privacy. It considers how these issues impact on women, men, and individuals of diverse sexual orientations, gender identities, gender expressions, and sex characteristics. The report notes that addressing gender-based incursions into privacy requires frameworks at international, regional, and domestic levels. The Special Rapporteur encourages the protection of privacy through policy development, legislative reform, service provision, regulatory action, educational and employment frameworks, and support to civil society organizations. Actors should consider the experiences of women, men, transgender women and men, intersex people, and others who identify as outside the gender binary.
The UN Human Rights Council also appoints a Special Rapporteur on violence against women, its causes, and consequences on online violence against women and girls from a human rights perspective. The Special Rapporteur had previously issued a report, which found that online and internet-facilitated forms of violence against women have become increasingly common, particularly with the use of social media platforms and other tech. This report points out that all forms of online gender-based violence, including the misuse of private information, are used to control and attack women and to maintain and reinforce patriarchal norms, roles, and structures, as well as unequal power relationships. The Special Rapporteur formulated several recommendations, including the recommendations that States should clearly prohibit and criminalise online violence against women, in particular the non-consensual invasions of privacy. This is particularly relevant to the recent ministerial statement regarding ‘revenge porn’ in Bermuda. We will be discussing the topic and its link to privacy and PIPA in an upcoming blog post.
IWD 2023 and the Personal Information Protection Act (PIPA)
International Women’s Day 2023 is a good opportunity to reflect. We should ask: to what extent does technological progress support and to what extent does it hinder, or even jeopardise, the fundamental human rights of women, LGBTIQ and gender diverse people, including their privacy rights? It is also an opportunity to take action and get educated about privacy rights under Bermuda’s PIPA. The fundamental right to have our privacy protected irrespective of who we are, as enshrined in PIPA, means people for whom their gender and other identities represent a particular vulnerability can navigate online and offline spaces more safely.
If you want to learn more about data privacy, PIPA, and how it relates to and impacts individuals, as well as businesses and other entities in Bermuda, you can review our Downloadable Guidance, SME Hub, or book your place at one of our free training courses coming up in 2023.