by Noah Jan Kramer, Naemi Hirschbiel, Mariia Soloveva, Varvara Karimova, Cornelia Hirmann, Ricarda Pfingstl, Lucie Pignard, Fanni Schaumann
For decades, one of the most popular ideas when it came to making the internet accessible to the population, was the idea of broadening the horizons of every individual while having a simultaneous democratising effect, but due to commercialisation it got imperceptibly lost over time and now a space has been established which by law and constitution acts unreservedly. Therefrom big data is able to influence many democratic procedures, such as elections, in ways which are showing why it is becoming of paramount importance that this has to be well-regulated. The background to this concern: malicious data handling – as well as the polarising effects of social media – which could possibly endanger democracy.
That is why we placed our focus on Facebook’s handling of private data in different parts of the world and questioned why there is no such agreement which rules worldwide. A case study might yield interesting results that back up our argument of the importance of a universal data handling convention.
Since the process of handling people’s private data entails working with sensitive data, it should be conscientiously protected and in some parts of the world it is already well regulated. The GDPR of the European Union for example, outlines the legal framework of how companies should handle and collect private data. Countries within the Union, for instance Germany, launched new federal data protection acts that only apply within their borders and can be seen as a complete independent operating law, which merely concretises and supplements the data protection law of the GDPR, but cannot be considered alone. A supreme law that operates worldwide is therefore de rigueur, not only to protect our private data from misuse, but also to protect written body of thoughts that we do not share online, but store on our devices. Drawing the connection to the Cambridge Analytica scandal in 2018, it becomes apparent that there is a strong link between data handling, political interests, and overall strategic advantage.
The discussion papers, which are available to Handelsblatt show that in progressively more countries, the realisation is gaining ground, that state regulation must intervene in algorithms  that presently decide what content users are presented with. Schirach states that the signatories of the old constitutions in Europe did not know about the internet nor social media, so they could not imagine the use of algorithms or artificial intelligence, therefore we need a rewrite that is adapted to our present time and gives everyone the right to digital self-determination and the understanding of a retracing enablement of transparent, verifiable and fair algorithms. However, the main issue is to put it succinctly, networks are raising privacy concerns, and the developments are bringing up dangers on emerging data-driven practices that present a major shift in the operation of the democratic process . In consideration of that: “It’s up to us – the public – to determine what the future of this remarkable instrument will become, recognizing the forces that will try to impede it and shape and mold it for the wrong purposes”,  as Noam Chomsky likes to say.
This document proposes content for a chapter on the topic of data privacy and data handling. Hereby we actively recommend to adopt this chapter into the New Data Convention. The overall aim of this policy brief is to help establish a regulatory structure, that private data should be handled in a well-regulated manner and that its protection is a highly critical task, by addressing various international organizations through a proposition of a specific well-developed chapter. More specifically, through this chapter, we are raising an inquiry on stronger global rules on the protection of personal data as a matter of public interest. Monopolies (such as big tech companies) ought to be avoided and dismantled, in such a way shifting the power back to the users and original owners of the data through a transparent information flow and communication and present a consent in management regarding exactly what data is being collected, why it is being collected, where it is being stored, for how long it is being stored, and who has access to this data. Users need to feel a complete sense of security and control over their personal information, knowing that other companies will not be purchasing/ selling/ using this private data for any reasons, other than those specifically for which this data collection was originally indicated for and agreed on. Additionally, this content also includes in itself a focus on the establishment of reglementary bodies that would in turn actually be able to enforce any breach to these regulations and fundamental rights.
As discussed in the context of our objective, we believe that the power over data collection should be shifted to the users. Therefore, we follow the principle of promoting versatility and diversity in media ownership and content accessibility. This approach aims to prevent the growth and abuse of monopoly power in the media and to ensure that monopolistic companies cannot exploit consumers. Monopolistic power limits choices and the number of content providers, which can harm society by restricting the flow of information, reducing diversity and plurality, and placing cultural and political influence in the hands of a few companies. 
This goes hand in hand with our second policy principle: providing protection for the users, as well as the society. This principle is based on the protection of the dignity and privacy of individuals from improper invasion or exposure of personal information. Most media-related problems usually involve the disclosure of private facts and information, and intrusion into the lives of individuals. The increasing ability of governments, media, digital companies, and other businesses to collect information about individuals by tracking their social media, purchases, internet and mobile device use and other behaviours has led to new privacy concerns. Although such data collection can help provide better services to users, it is not transparent to the public itself.
In addition, user rights and protections are often unclear. We trail the principle to protect users, personal privacy and secure the data from invasive corporate and government surveillance or misuse. Policies should mandate transparency in data collection and storage, allow individuals to decide for themselves whether to collect their data or not, limit the duration of data storage for commercial and government purposes, and restrict disclosure to commercial organizations. Consumer protection is a policy issue as consumers increasingly rely on commercial intermediaries to receive content, use social media, have access to the internet and a range of other services. 
Furthermore, our policy principles would include a framework for transparency on the part of those involved in the management of personal data and information. Thus, at various levels, we could legally and globally control the management of this sensitive data.
The principle of transparency is a social practice guided by the sincerity and perfect accessibility of information in areas that concern public opinion, property or private data. It is also the concern to account for an activity. The primary objective of transparency is to establish a relationship of trust. These requirements for platform managers, can be compared to transparency in political or economic matters, transparency relates to the knowledge of decisions and their motivations, on how they are taken on security issues due to an activity or a project, on access to information, etc.
We can therefore define transparency as the fact of making available clear, intelligible and easily accessible information on data processing to the persons concerned, at the time of the collection of their data, but also at the time of their subsequent use. Thus, it is important to be transparent about the responsibility of the actors, but also on the conditions of extraction, use and storage of data.
In addition, the share of the global market taken by the resale of information from data centres has increased significantly. It is therefore important to provide transparency regarding the price of this information and the associated services. Finally, it is essential to associate a legal and moral framework to the ownership of the firms responsible for data collection.
It is only by exposing the mechanisms of operation, the financial stakes, and the risks of the ownership of information by big tech, that we can bring logic to the users and guarantee them transparency.
Audience and recipients
We want to address the United Nations and other global institutions, which should embody and ratify this convention in order, for it to be applicable anywhere in the world. As malicious data handling can affect millions of people and attack the basis of democratic systems, national governments as well as intergovernmental alliances should take interest in passing a universal convention of data handling. This issue turns out to be a global issue, which is why it needs to be addressed by global institutions.
In total, we identified two key audiences so that the New Data Convention may be adopted by a supranational body and being able to facilitate and foster real change among Big Tech companies; these key groups are:
- The United Nations General Assembly as our first and foremost target; as well as other supranational institutions, like the WTO and the OSCE in order to be politically binding;
- Civil society NGOs and technology companies
This also indirectly refers to the general public. However, this paper aims at providing research-based inputs for a global New Data Convention.
Starting from a rather grassroot level, we find this to be indicated by recent developments under German initiative, as the German foreign ministry launched the Digital Policy Lab, which brings together government officials and regulatory bodies from the European Union, the United States of America, as well as other territories . German foreign affairs minister Maas sees the relevance of creating universally binding rules for global internet use:“Dass unsere Werte auch online verteidigt werden müssen, sehen inzwischen viele ein und schließen sich Forderungen nach internationaler Koordination an” .
In addition, although Data Protection is known as a right to citizens in many countries, in the United States this issue is not ruled out in one Data Protection legislation . Likewise, in China, citizens may be granted protection against unconsented processing, the reality may differ from that: “In China, people are protected against data processing for commercial purposes, however, the government is not bound by the rules. It wants to control every aspect of the citizens’ lives and uses advanced Artificial Intelligence technologies to monitor, track and assess (sic!) their behaviour.”  On the contrary, the European Union passed legislation of the EU-GDPR – the General Data Protection Regulation, which was enacted in April 2016 and reaffirmed that: “the protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.” .
On the base of these contrary legal environments that differ vastly from one country to another territory, we see the necessity of bridging these international gaps of Data Protection, Privacy and Data Handling. In order to do so, we envision the General Assembly of the United Nations, as our foremost and first key audience to adopt a New Data Convention in order to ratify and manifest a global common understanding on these highly sensitive issues. This includes the WTO and the OSCE for example, because the convention should in fact be politically binding. We understand that the United Nations have already expressed the importance of privacy in digital space in 2013 by passing Resolution A/RES/68/167,  strongly linking this issue to the human rights, especially to article 12 and article 17 of the Universal Declaration of the Human Rights . On that account we strongly believe that the UN General Assembly has the necessary experience in facilitating this kind of change and the expertise in gathering a common understanding on these issues.
Representation – WHO are we?
We are a group of -young, -volunteer, -research activists and we are very concerned about this topic of data handling and privacy, not only for our own data to be safe, but also for the future generations as a foundation for a more just world – online and offline.
Our approach entails the following three A’s:
Activism: Public Diplomacyto our work and the urgency of the issue. Measures could be public campaigns, speeches, etc. (a more radical process would involve direct action such as protesting) We want to regulate as much as The United Nations Geneva Office provides a key platform for international dialogue and diplomacy. We could use this opportunity to pitch our Data Convention Proposal during these discussions. The Division of Conference Management (DCM) provides this opportunity. We would need to contact the United Nations Meetings Management Sector and reserve a meeting room.
Advocacy: displayed as a process of dialogue, friendly exchange or negotiation. Build our legitimacy, serve as an interpreter between the two, a bridge to help them hear and understand one another, thus creating and elaborating fruitful common ground, and seek to understand those we are trying to influence.
Allyship: Establishing allyship with foundations, non-profit organizations, NGOs, politicians, celebrities, coalitions, social good firms and VC’s, unions, movements. International organizations and institutions such as the United Nations, the European Union and the Council of Europe, The Federation-wide Databank and Reporting System (FDRS), UN/CEFACT, Digital New Deal, IT for Change, Center for Humane Tech, UNAOC, ICRC Data Protection Office, Commission for Computerised Information and Privacy, UN High Commissioner for Refugees: Policy on the Protection of Personal Data of Persons of Concern to UNHCR, INTERPOL, EDPS.
 Christine Nielson, 2017, 00:33 – 1:30
 Witzleb et al., 2019, (online: p.2. book: p.15.)
 Koch & Riecke, 2021
 Schirach, 2021, p.8ff.
 Al Hasib, A., 2009, p.292.
 Witzleb et al., 2019, (online: p.3. book: p.16.)
 Nielson, C., 2017, 03:06 – 03:21
 Baker, 2006
 Lane et al., 2014
 Brynjolfsson & Kahin 2002; Peitz & Waldfogel, 2012
 Koch & Riecke, 2021
 The International Comparative Legal Guide, 2020, p.1f.
 Adil Nussipov, 2020, p.1.
 Official Journal of the European Union, 2016, p.1.
 UN General Assembly, 2014, p.1.
 Ibd., p.1.