With the advent of digitalization and the ubiquitous presence of technology, we find ourselves grappling with newer and ever-emerging concerns for democracy and rights. The economic world order in terms of market capitalization is controlled by Global North-led technology corporations. In the last 15 years, these corporations have grown at breakneck speed owing to low regulatory intervention, establishing market dominance, cannibalizing competitors, and harvesting data from consumers, a vast majority of whom are based in the Global South. While we witness the impact of this untenable economic context now with massive layoffs in the tech sector, there is no denying that those in the South face the brunt of corporate impunity of Multinational Entities (MNEs) – be it environmental destruction, or erosion of workers’ rights, or the exodus of invaluable data resources. 

Against this backdrop, corporate accountability frameworks that transcend jurisdictions become key for checks and balances, a shared understanding of rule of law, and imposition of obligations on and liabilities for actions of transnational corporations. Or so, at least, has been the goal through Global North-led frameworks like the Organization for Economic Co-operation and Development (OECD) Guidelines on MNEs or the European Union (EU) Supply Chain Directive. These regulations are often referred to as extraterritorial responsibility frameworks (ERF) as they regulate the human rights impact of multinational corporate entities registered in the Global North, but specifically covering their global operations through supply chains not just in the North, but across the Global South.

At a time when these frameworks are being overhauled (as in the case of the OECD Guidelines) or introduced afresh (like for the EU Directive), it is imperative that the Global South considers a more forceful role in the process.

Definitive shifts are urgently required in how voices from the Global South can shape global supply chains in various sectors. Action on the legislative front in building out access to extra-territorial authorities is a necessary next step, but requires an alternative perspective, with emphasis on a clear and coherent data justice agenda that offers a supra-liberal perspective to human rights. This essay analyzes and provides a bird’s eye view of the possible contours of data rights and data justice in the two ERFs mentioned above.

Extraterritorial Responsibility Frameworks

Extraterritorial responsibility frameworks are legislations or policies focused on the human rights impact of multinational corporate entities. ERFs acknowledge that regulation of complex multi-jurisdiction supply chains through voluntary or mandatory mechanisms cannot be operationalized merely through piecemeal applications, and hence offer a minimum benchmark for the supply chain as a whole. These ERFs provide, in short, a high-level checklist against which, corporate entities can monitor, review, and remedy human rights violations across supply chains. It is, thus, a site of policy contestation where Global South actors need to engage consistently.

These ERFs provide, in short, a high-level checklist against which, corporate entities can monitor, review, and remedy human rights violations across supply chains. It is, thus, a site of policy contestation where Global South actors need to engage consistently.

In that regard, the two frameworks discussed here – the OECD Guidelines and the EU Supply Chain Directive – offer scope to discuss extraterritorial responsibility systems from a Southern perspective. Taking the example of the OECD Guidelines, even though not binding, these are significant recommendations since they represent agreement from a bloc of countries with control over two-thirds of global production of goods and services, (~48 countries, including the US, EU, and others come under its direct or indirect influence).

ERFs and their Discontents

The current form of the OECD Guidelines dates back to 2011. The test of its relevance in the present era can be seen in its Science and Technology chapter, (now renamed the Science, Technology and Innovation chapter in the updated draft), a two-pager that extols the virtues of MNEs as benevolent harbingers of technological progress to Global South nations. Even subsequent updates to the version since are sorely lacking in a contemporary and holistic understanding of the data ecosystem within which MNEs function today. The chapter fails to account for the vast developments and shifts owing to economy-wide digitalization over the last decade. CSOs reviewing the chapter have pointed to glaring gaps in the edited draft, including its over-optimistic view of technology, a failure to emphasize the importance of due-diligence procedures, inadequate linkages between digitalization and harm to human rights, and the use of sub-optimal legal language for critical concepts such as privacy.

In terms of mandatory frameworks, the EU Supply Chain Directive (Directive) is positioned to provide a sound legislative foundation for businesses conducting human rights due diligence, monitoring and grievance redressal. Given that supply chains originating in the North are integrated with production systems in the South, provisions of the Directive need to be cognizant of several considerations to ensure a just system. As the Directive moves closer to implementation, there is an urgency to take stock of the provisions that need further assessment, especially from a data justice perspective.

Absence of Consideration of Data Harms

While, the second draft of the guidelines is cognizant of data theft, and the risks of the same to corporations and individuals alike, it does not take into consideration issues beyond theft, especially along the lines of data access, sharing, use, and re-use. The ambit of data rights is expansive in relation to considerations of data justice. Thus, considerations of data harms not limited to privacy risks become relevant to ensure protection across all levels of functioning of MNEs, not only their Global North employees, but also Southern consumers and citizens, a consideration for the EU Directive as well. This wider view of data harms beyond risks to data privacy would include: algorithmic discrimination, exploitation, and exclusion; facilitation and amplification of violence; manipulation of democratic processes; spread of misinformation; risks associated with dual-use technologies, that is technology with both civil and military application; and environmental impacts of technology.

Lack of Due Consideration to Collective Rights to Data

Beyond individual data rights, collective data rights are key to consider within corporate responsibility frameworks. Three prongs become crucial here: collective rights as economic rights, collective rights as rights to self-determination, and collective rights as right to development and sovereignty. These are drawn from international protocols that rely on human rights principles in their engagement with natural resources, and while data is not to be conflated with natural resources, these documents offer a direction for a data governance regime rooted in the notion of data as a societal commons.

Beyond individual data rights, collective data rights are key to consider within corporate responsibility frameworks.

In fact, the UNCTAD Digital Economy Report of 2021 recognizes the need for a global data governance regime, especially in light of the fact that developing countries may find themselves in subordinate positions with data, and their associated value capture being concentrated in a few global digital corporations and other multinational enterprises that control the data. Recognition of the need for a collective data rights regime that underscores the right to development and sovereignty, within the scope of the OECD guidelines would offer a first step towards this direction. Similar recognition for a collective data rights regime can be argued for within the EU Directive as well, within its definition of “adverse human rights impact” under Article 3(c).

Emphasis on Worker Data Rights and Protection from Algorithmic Management

Collective data rights of workers, specifically in national social security programs (such as a right to register with accuracy and the right to correction) need to be prioritized to improve working conditions of workers in the Global South in North-led supply chains. Parallelly, collective data rights for workers in the aggregate data commons is another key thrust that Global South actors need to consider. This right can mitigate the damage caused by exploitative working conditions by platform companies. Access to this walled data, as seen in efforts by the Worker Info Exchange, can empower workers to make informed decisions. Recognizing collective rights of workers to this data will enable the process to become more institutional, and not piecemeal. The positive effects of these changes will be felt upstream in diverse struggles of workers in the Global North. For example, under Article 22(1) of the General Data Protection Regulation that provides protection against automated decision-making, worker rights organizations have faced significant hurdles in judicially reversing unjustified removal of workers from platforms. Limitations of Article 22(1) that allow platform companies to hide behind a tokenistic human view can be combated through wider set of data rights under the EU Directive. These wider set of data rights can enable workers to reclaim data intelligence and tackle algorithmic management and automated decision-making.

There also needs to be a focus on protection against data harms relating to increasing algorithmic management of workflows and workers in various sectors, most prominently in the platform workspace. Algorithmic strategies – whether directly effected in the workplace to control workers (like on platforms), or used indirectly to squeeze more value out of Global South supply chains (like in manufacturing industries such as garments or electronics) – need to be recognized as a core element of evidencing data harms.

Insufficient Grievance Redressal Mechanism for Data Harms

Grievance redressal pathways through access to the national contact point (NCP) complaints mechanisms for data harms are vital. Communities, worker representatives, trade unions, and civil society actors need to have a meaningful and predictable route to raise complaints with NCPs in the OECD countries. This needs to be clarified and expanded in the updated Guidelines. As an extra-territorial and non-judicial route to remedy for data rights violations, the NCP mechanism is a low cost and low threshold route. Also, NCPs should not be housed in institutions with potential conflict of interest, such as investment promotion councils, and should have autonomous access to the physical and digital infrastructure that are necessary for their functioning.

Under Article 9 of the EU Directive, the complaints mechanism should also account for data harms. This also ties back to ensuring data harms are recognized as having “adverse human rights impact” in the EU Directive and the argument of collective rights made earlier, derived from international protocols.

Low Importance to Impact of the Digital Across Chapters in the Guidelines

The scale of digitalization today means that practically all sectors and all kinds of work have witnessed its impact. That needs to be reflected in the OECD Guidelines as well, which is not the case in the latest OECD draft. Connected chapters like those on employment, or taxation need to be updated to suitably integrate the current digitalized context of economic activity. There needs to be a provision on the need for the Employment and Industrial Relations chapter (Chapter V) to account for algorithmic management of workers, an increasing reality in not just platform work but also traditional forms of factory work. The Taxation chapter (Chapter XI) needs to account for fair taxation policies for digital MNEs, which are some of the lowest taxpayers despite their inflated profits. Without such a holistic perspective on the impact of the digital on all the chapters, the overhaul process will be grossly insufficient.

Algorithmic strategies – whether directly effected in the workplace to control workers or used indirectly to squeeze more value out of Global South supply chains  – need to be recognized as a core element of evidencing data harms.

Due Regard to Host Country Policy Space

The current draft of the OECD Guidelines, in the Science, Technology and Innovation chapter, includes a line on MNEs contributing to the policy frameworks of the host country to purportedly enable an environment conducive to innovation. Corporations in digital space have a long and troubling history of entrenching themselves in public governance systems in the Global South. Technological infrastructure creates dependencies through the gatekeeping and protocol power that Big Tech firms wield. MNEs in the digital space, thus capture institutions and hold public interest hostage, constraining the ability of host countries to build their own infrastructure. This directly impacts the sovereignty of host countries. As such, there is suffficient research in the public domain about data colonialism and the power that MNEs exert over Global South nations. The involvement of Global North entities in the policy space of developing countries must, therefore, be completely resisted.

Way Forward

The two frameworks discussed in this essay are at different points of completion. The EU Directive is expected to be passed soon, likely by the end of the year.

With regard to the OECD Guidelines, the first two rounds of closed consultations end by 30 November 2022, and a third revised version will be available for public comment in January 2023. This is an opportunity for stakeholders in the South to provide valuable and contextual input and increase visibility towards concerns that Southern countries have to grapple with as a result of MNE activity. Civil society inputs have focused on the considerations of human rights due diligence obligations, protections for human rights defenders, environmental considerations, as well as the digital paradigm and impact on data rights and sovereignty. For interested readers, the OECD Watch and its work is a good place to begin.

From a CSO standpoint, it is imperative to engage with both and advocate for a data justice agenda that protects host countries and their citizens from exploitative and extractive practices of MNEs in the Global North.