RS1. Privacy vulnerability - privacy vulnerability occurs when personal information is processed (shared, stored or used) without consent, beyond reasonable privacy expectations, or misused to cause harm. These breaches can lead to physical, financial, psychological, emotional and reputational damage. Significant risks include identity theft and fraud, especially in financial services like payments and credit, where victims may face severe financial losses. Privacy breaches may also enable governments to unlawfully access and misuse data to infringe upon human rights through means such as unauthorized surveillance.
RS2. Digital insecurity - extends beyond privacy vulnerabilities, encompassing service outages and sector-wide disruptions and other forms of systemic instability. Inadequately secured systems are susceptible to exploitation for malicious purposes, including the sabotage of critical infrastructure, unlawful surveillance, suppression of speech and assembly, espionage, and the destabilization of nations. The repercussions of digital insecurity are extensive, leading to financial loss, physical danger, reputational damage, and more.
RS3. Physical insecurity - often stems from digital insecurity. For example, physical harm may result when medical records in a data exchange system are compromised. Intrusive surveillance may expose persons’ movements and places of residence to tracking, harassment, or coercion. The safety of asylum seekers is threatened when their identities and movements are traceable, potentially leading to persecution,discrimination, or denial of protection. Poorly secured DPI can also deny stateless persons legal protections or access to essential services; and can be exploited to threaten the safety of individuals who express dissenting opinions or engage in lawful protest, through retaliation, persecution, or other forms of physical harm.
RS4. Lack of recourse refers to the absence or inadequacy of effective remedies and redress mechanisms for rights violations which leaves persons affected by DPI risks with no means of mitigating the harms caused to them. This deficiency undermines the integrity of DPI systems, eroding public trust and reducing adoption rates, which, in turn, challenges the sustainability of DPI, diminishes its effectiveness, and creates significant obstacles to realizing its potential benefits.