Author: Luca Belli
Brazil, Russia, India, China and South Africa are home to 3.2 billion people, 42% of the world's population. In effect, these countries hold 42% of one of the most valuable resources on the planet: personal data. BRICS countries are not only increasingly aware that they are the main data producers, they also increasingly understand that free digital services offered by foreign corporations are not really free. They are paid with data and with sovereignty.
Over recent years, digital colonizers launched a true scramble for data, rushing to offer "free" services, designed to be as addictive as possible, to drill as much data as they can out of entire populations that are increasingly seen as potential data wells. The research my colleagues and I have been conducting at the CyberBRICS Project shows that BRICS countries are increasingly considering data privacy regulations and other digital policies as a tool to curb the power of foreign technology companies and reassert their sovereignty.
The push towards digital sovereignty is frequently criticized as a Trojan horse for authoritarian measures. This is an explanation, but it would be tremendously naïve to think it is the only one.
The past years of scandals have tellingly demonstrated that total reliance on foreign technology can create substantial costs in terms of loss of control over personal data – opening the door to manipulation of people and democracies – and (cyber)security, while also potentially undermining fiscal systems.
The capacity to collect and analyse data massively is not only lucrative. It has become an incredibly strategic asset. The popularisation of "free" social networks, the automation of industry, the advent of the Internet of Things and Smart Cities sound like truly fantastic innovations. But only if smartphone, factories, and all objects and infrastructures do not become tools for hacking, spying, meddling, and draining data out of digitally colonised countries.
As the 2019 BRICS summit unfolded in Brasilia, digital economy, cybersecurity, and cooperation on science, technology and innovation emerged as key issues around which BRICS leaders are building further synergy.
Half of these five countries' population is already online, contributing significantly to domestic and international economic activity. The countries are working to welcome digital innovation, while sounding an alarm about cybersecurity and personal control of personal data. The governments are also aware that as more of their people come online, developing countries' national security and even sovereign power may be at risk of hackers and foreign adversaries.
Only a few months ago, the New York Times reported the US Cyber Command was stepping up "digital incursions" into Russia's electric power grid, highlighting the fact that this Command enjoys powers to conduct clandestine military activity to deter, safeguard or defend against attacks.
As a result, many of the BRICS nations are massively investing in their digital capabilities while developing Internet sovereignty legislation, crafting new data protection frameworks and increasingly requiring tech companies to store data about a person in that person's home country.
The five BRICS countries are not turning away from technology's potential to make businesses more efficient, governments more accountable and give citizens cheaper communications, smoother transportation, more reliable electricity and cleaner environments.
China has the most ambitious approach of the five, making major investments in 5G networks, artificial intelligence and high-tech manufacturing in a bid to be an even larger global technology power than it already is. Russia, close behind, is planning to serve 80% of its population with 5G wireless broadband Internet service by 2025.
Brazil's efforts are more recent, but it has begun to computerise its government operations and recently approved a plan aimed at boosting the adoption of the 'Internet of Things' to automate industry. After having approved the Internet Rights Framework (better known as Marco Civil da Internet) in 2014 and a new General Data Protection Law in 2018, the tropical giant is now aiming at new business opportunities and improvement of productivity.
Critically, without strong cybersecurity and modern data protections the rights of 3.2 billion individuals may be at risk, businesses would face juridical uncertainty, and the digital dreams of the five developing nations could turn into real nightmares.
Giant challenges for giant countries
The governments of the BRICS nations clearly understand that each of their citizens is a producer of immensely valuable personal data, and know that strong cybersecurity frameworks are key to protecting this economic resource. This is part of the reason India is so insistent on having data about Indian citizens stored on computers within India, rather than overseas. This also partly explains why Russia adopted Sovereign Internet Law, earlier this year.
The establishment of sound regulation to protect individual rights is an essential step to foster sustainable digital environments. The billions of people in the BRICS are also beginning to understand the potential value of their data, and are increasingly demanding high standards for data protection.
In China, a consumer rights protection organisation sued Baidu for collecting user data without consent. In South Africa, the Information Regulator has just cautioned that large scale CCTV surveillance can violate privacy and contravene the Protection of Personal Information Act. In addition to protecting their rights, people want to be sure that when digital technologies collect their personal data, they retain control on data that are not used against them.
Moreover, it is worth noting that BRICS countries are, simultaneously, amongst the most frequent targets of cyberattacks but also some of the countries from which most cyberattacks originate. This situation is bringing cybersecurity to the top of the BRICS governments' agendas and Brazil, for I stance, is now developing a cybersecurity strategy.
The early findings of the CyberBRICS Project's research show that BRICS countries face common challenges. BRICS can also collaborate to develop shared, or at least compatible solutions. The elaboration and implementation of sound cybersecurity frameworks is a clear example of a quintessentially common problem that would immensely benefit from compatible and convergent policies.
However, policy making is only part of the work lying ahead. A monumental effort still has to be done in terms of building digital capacities of BRICS nationals. People in the BRICS will only enjoy a strong and homogeneous level of protections and secure digital environment if their digital literacy is enhanced, while convergent digital policies are adopted by their leaders.
Enhanced cooperation for compatible digital policies
As the pioneering experience of the CyberBRICS project demonstrates, many digital policy elements are already spontaneously converging. This is the case, for instance, of data protection principles. Analyzing existing regulation is paramount if we want to understand what elements of digital policies are already compatible. It is even more relevant in identifying good practices and proposing sustainable and fair solutions.
In recent years, BRICS governments have consistently stressed the value of enhanced cooperation on research and technological development, and acknowledged the key role that research plays for their sustainable development and for their digital transformation.
To live up to their expectations, they should stimulate a virtuous circle of research and policy proposal, supporting the establishment of a BRICS cooperation mechanism aimed at fostering compatible digital policies.
Modern and compatible frameworks are needed to protect individual rights and provide legal certainty for businesses. Given the BRICS appetite for 5G and IoT and data-angry technologies, cybersecurity could be a suitable testbed to start enhancing digital policy cooperation.
In the absence of such cooperation, the reality of the policy elaboration may remain distant from the policy declarations.
Luca Belli is Professor of Internet Governance and Regulation at FGV Law School, where he directs the CyberBRICS project. This article represents his personal views.