In 2008, the “Guiding Principles on Business and Human Rights: Implementing the United Nations ‘Protect, Respect and Remedy’ Framework” were crafted under the leadership of Prof John Ruggie, then serving as a Special Representative of the Secretary-General. After three years, the United Nations Human Rights Council unanimously endorsed the guidelines for States and companies to prevent and address human rights abuses committed in business operations.

In their operations, businesses can affect their consumers, community, and employees. The UN Framework recognizes that States are obligated, under international human rights law, to ensure the protection of everyone within their territory and/or jurisdiction from human rights abuses committed by any business entity. This duty means that States must have effective laws and regulations in place to prevent and address business-related human rights abuses and ensure access to effective remedies for those whose rights have been abused. The UN Framework also addresses the human rights responsibilities of businesses. Business enterprises have the responsibility to respect human rights wherever they operate and whatever their size or industry. This responsibility means companies must know their actual or potential impacts, prevent, and mitigate abuses, and address adverse impacts with which they are involved.

The guiding principles are supported by a three-legged stool namely:

1.   Protect – States have the duty to protect their citizens against human rights abuses by any actors in society including businesses, meaning that states must prevent, investigate, punish, and redress human rights abuses that take place in domestic business operations. It is also recommended that States should set clear expectations that companies domiciled in their jurisdiction must respect human rights in every country and context in which they operate.
2.   Respect – Business enterprises must prevent, mitigate, and remedy human rights abuses that they cause or contribute to. Businesses must seek to prevent or mitigate any adverse impacts related to their operations, products, or services, even if these impacts have been carried out by suppliers or business partners. The responsibility to respect applies to all internationally recognized human rights expressed in the International Bill of Human Rights and the International Labor Organization Declaration on Fundamental Principles and Rights at Work. There are three components to this responsibility:
3.       Companies must institute a policy commitment to meet the responsibility to respect human rights.
4.       Companies must undertake ongoing human rights due diligence to identify, prevent, mitigate, and account for their human rights impacts. Human rights due diligence is the process of identifying and addressing the human rights impacts of a business enterprise across its operations and products and throughout its supplier and business partner networks.
5.       Companies must have processes in place to enable remediation for any adverse human rights impacts they cause or contribute to.
6.   Remedy – The state’s obligation to safeguard rights encompasses ensuring that, in cases where human rights are violated by companies within their territory and jurisdiction, the state must guarantee access to an effective remedy for those affected. States should also provide effective and appropriate non-judicial grievance mechanisms with the capacity to hear and adjudicate business-related human rights complaints as part of a comprehensive State-based system for remedy.

Digital rights are human rights

The assertion that human rights activism is often an activity that businesses prefer not to engage in as it is always viewed as a fight with the state that could be unfavourable to their operations is not new. However, this misconception is far from reality.

Delving deeper into this is the campaign, “Digital rights are human rights” and that data privacy is not a luxury but in fact, a right that has been infringed upon for centuries now. The complexity of this matter is in the question, ‘How do we enable other rights such as the right to health while complying with data protection laws and regulations?’

In conducting a Human Rights Impact Assessment (HRIA), a Data Protection Impact Assessment (DPIA) should be done concurrently by businesses. HRIA helps identify, understand, assess, and address the adverse effects of a business project or activities on the human rights enjoyment of impacted rights-holders. DPIA on the other hand helps identify and minimise the data protection risks of a project. This kind of design thinking would then ensure that digital rights and all other human rights are protected and not at the expense of each other as this would not only be human-centred but also human rights-centred.

It is also important to highlight that there is now a horizontal obligation towards human rights. This means that policies on the protection of human rights, digital rights included, are not only applicable to state corporations but the private sector is also required to commit to the protection of human rights in their operations.

Despite there being a gap in knowledge, skills, and resources related to existing digital rights and mechanisms that should be adapted to protect and remedy any infringement, there is progress towards the right direction. An example would be the fact that when Huduma Number was first rolled out in Kenya, there were no existing data protection laws and the requirements for registration would discriminate against a good number of communities from the services that the product was offering. This resulted in the infringement of various rights, leading to a court case that led to the adoption of the Data Protection Act and Huduma Bill.

Still, there are quite a few issues to be considered and it is important to consider that there need not be a crisis for a remedy to be put in place. Instead, the remedies and preventative measures must be enacted in law for the benefit of all right-holders.