Digital4development? European data protection in the Global South

Abstract

While the European Union has recently become a champion of privacy rights and data protection, by enacting its General Data Protection Regulation (GDPR) in 2018, there is a growing body of research on the costs and benefits of digitalisation in the aid industry. On the ‘cost’ side, risks associated with privacy and protection of personal data are clear. The purpose of this paper is to explore how the EU and European aid organisations can protect the privacy rights of individuals residing outside the EU’s borders, by scrutinising those GDPR articles that may be relevant from the perspectives of aid-implementing actors working outside the EU and the European Economic Area (EEA). This analysis of the important EU documents describing its foreign and development policies shows that promoting digitalisation outside of the EU seems to be more important to the EU than data protection. Furthermore, while aid organisations registered in the EU/EEA are supposed to comply with GDPR, the regulation’s territorial scope is not clear enough and the EU is not able to protect the privacy rights of individuals residing in the Global South, nor is it necessarily interested in doing so.