El Salvador’s newly enacted cybersecurity and data protection laws have sparked significant concerns among human rights advocates, with warnings that they could undermine media freedom and privacy rights. Human Rights Watch, a U.S.-based nonprofit, issued a statement highlighting the potential risks posed by the laws, which were approved in November.
Overreach in Cybersecurity Authority
The legislation establishes a state cybersecurity agency led by a presidential appointee, granting it sweeping powers to remove online content about individuals. Digital rights experts argue that these “overly broad powers” open the door to censorship and a lack of transparency.
“These new laws could be used to delete online publications that are critical of the government under the guise of data protection,” said Juanita Goebertus, Americas director at Human Rights Watch. “This is a recipe for censorship and opacity.”
A History of Government Surveillance
El Salvador’s government has previously faced accusations of using digital tools to spy on journalists and activists. In 2022, investigations by Citizen Lab and Access Now revealed that dozens of individuals in El Salvador had their phones hacked using Pegasus spyware. The evidence suggested government involvement, though officials denied the allegations.
With these new cybersecurity and data protection laws, critics warn that the government could further suppress dissent under the pretext of protecting privacy.
“Right to Be Forgotten” Raises Concerns
A key provision of the law, the “right to be forgotten,” allows individuals to request the removal of their data from the internet if it is deemed “inadequate, inaccurate, irrelevant, outdated, or excessive.” While this may seem like a protective measure, it carries significant implications for media outlets and search engines.
Violating these requirements could result in steep fines, up to 40 minimum monthly salaries, placing considerable pressure on the media.
Human Rights Watch expressed concerns that this provision could be used to force the removal of public-interest information about government officials or their allies by claiming the information is inaccurate or incomplete.
Need for Safeguards
The organization has called for strict limitations on the “right to be forgotten,” arguing that it should focus on de-listing content from search results rather than outright removal. It also emphasized the importance of procedural safeguards, such as appeal rights, to ensure that public access to critical information about government officials or matters of public interest is not compromised.
Global Implications of Cyber Legislation
El Salvador’s laws are not an isolated case. Earlier in November, India introduced similar regulations aimed at protecting critical infrastructure from cyber threats. However, privacy advocates have raised alarms about vague provisions in the Indian legislation, which require telecom entities to share user traffic data with cybersecurity authorities.
Critics argue that the lack of independent oversight and clear limitations on data collection and sharing could lead to government overreach and misuse of personal information.
Conclusion
El Salvador’s cybersecurity and data protection laws represent a growing trend of governments expanding their digital authority under the guise of security and privacy. While protecting sensitive data is a legitimate concern, these laws must be balanced with safeguards to ensure they do not become tools for censorship or abuse of power.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
