The immensity and volume of information available in the world’s various electronic media, and the trend toward its growth, have led some institutions (1) and analysts to focus on what happens to people’s data in the hands of companies (2), but also, and above all, to what happens to data held by governments and, specifically, state intelligence agencies.
And even more so, whether it is secure, or whether it is used for purposes other than legal ones, or whether it is exchanged with other economic or political actors without the knowledge of the individuals concerned.
This concern arises because there are signs that the size of the digital community is already very significant at a global level, as evidenced by many studies (3), and that, therefore, there are already major specific problems arising from this new reality. Furthermore, because its rapid coverage and growth are clearly overwhelming (4).
In this case, one of such studies, released 2024, (5) refers to a global digital population of 5.56 billion people who are internet users, representing 67.9% of the global population, while of this total, 5.24 billion, or 63.9%, are social media users. And while China, India, and the United States are ahead of other countries in terms of the number of internet users, by age, the global average for internet use is concentrated mainly in the 15-24 age group, at 79% (6).
However, according to economic factors, higher-income countries use the internet more, with 93%, compared to only 27% of lower-income countries (7).
So, for now, the phenomenon seems to be concentrated in certain regions and populations, but given its speed, it is clear that it will soon cover almost the entire world population.
It is also evident that the existence of this global digital community is producing many benefits for companies, businesses, and governments, but it is also generating an extraordinary increase in the information collected about ordinary people and the organizations that create and manage it, an aspect that is not necessarily positive for human beings.
This is because the millions of pieces of data already collected or the thousands of new pieces of data collected every day, which are expressed in figures, numbers, photos, sounds, or people’s addresses, have reached the point where they allow us to identify habits, customs, thoughts, decisions, travel routes, or more or less profound aspects of a human being’s life, which, in theory, individuals, and by extension society, can be controlled and manipulated more efficiently in their actions.
In other words, with the information available in the hands of third parties, it is not only possible to create profiles that are quite close to the life of a specific individual, but also to guide the decisions of an entire community before it even knows how to act. This is already happening in practice, as evidenced by hundreds of market consultancies, political advisory services, and political campaigns carried out around the world. Above all, there are the well-known cases of extreme data manipulation by Cambridge Analytica and Facebook (8), with serious human implications, in the midst of political campaigns in the United States and England (9).
On the other hand, the existence of this growing digital community has been associated with the theft and misuse of data by other economic and political actors, as shown by some studies (2024), which indicate, for example, that more than 1.5 billion pieces of data were leaked in nine months of that year (10), while other analyses show that 56% of these events involved data stored in the cloud (11). Furthermore, the weight of cybercrime within this universe is very significant, as according to the latest World Economic Forum (2025), it has increased sevenfold in one year (12).
Meanwhile, according to reports from the same Forum, the results of surveys conducted among organizational leaders indicate that 85% of respondents in Europe and North America have confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure, but that this proportion drops to 64% in Africa and 58% in Latin America (13).
In other words, the inhabitants of certain regions of the world are at greater risk of having their personal information compromised, although given the global interactions in the communication of such data, many aspects of human life can be manipulated from many centers of global or national power.
As a result of all of the above, the current role of governments and their intelligence agencies is increasing and diversifying, as it poses multiple challenges (14). In reality, in terms of security, their obligations are expanding, as they are no longer limited to providing physical security to members of society, but now must also protect, monitor, and enforce all the rights of individuals, in this case represented by the data managed by individuals, companies, other governments, and especially themselves.
This complex situation requires thinking and acting with greater ethical and legal rigour, especially in the processes of obtaining, accessing, recording, organising, structuring, adapting, indexing, modifying, extracting, consulting, storing, preserving, processing, transferring, disseminating, possessing, using and disposing of people’s data within state institutions.
This is no easy task, as the thousands of databases existing in cyberspace, containing information on individuals, and the multiple tools developed for their manipulation, some legalized and others existing in the dark world of the deep internet, are now associated with satellites, drones, mini cameras, and mini sound and video recorders, which invite their use without much control, albeit based on the supposed general benefits for society.
Furthermore, because in many government circles, it is still viewed with a certain degree of calm that it is possible to possess, obtain, share, and use databases of people, and make many types of decisions with them. This is because technology itself, with its current electronic means, encourages, facilitates, and promotes its use, without many technical restrictions.
For all these reasons, it is worth remembering that state intelligence—referring to the set of activities and agencies responsible for collecting, analyzing, and disseminating information relevant to national security and the fulfillment of state objectives—carries out its mission-critical activities by obtaining information from individuals through various sources, processing and analyzing it, and disseminating it to decision-makers. And that these processes must be carried out within strict protocols and within the framework of specific regulations, which include issues associated with the processing of personal data and the archiving of that information.
It is also worth remembering that this point was reached when democracies understood that all dictatorial regimes were based on capturing, processing, maintaining, and manipulating information about people in their living space, and then using it for the sole purpose of preserving their existence as a regime and maintaining the interests of those in power. And this was done even before the existence of computers, networks, or electronic information processing equipment. In addition, thousands of irregular events in the past led to national discussions whether an effective means of resolving internal conflicts that arose in countries—for example, in Central America or even those arising from the Spanish dictatorship during the last century—would be to establish legal prohibitions on the state’s possession of files, active or inactive, containing personal data associated with political, religious, or economic positions that were associated with the political opponents of governments.
Fortunately, many countries around the world now have solid legal and institutional frameworks for the processing of such personal data, with more than half a century of experience in its management, particularly in Europe and the United States, and at least 40 years in the case of Latin America (15).
However, given the size, growth, and depth of this digital community, analysts are once again seeing how some states and their governments are exacerbating the human problems associated with greater control, surveillance, and manipulation of their data, as already demonstrated in the famous Snowden and Assange cases (16), or in the US intelligence processes using sensitive data to combat irregular migration (17), or in the attack on hundreds of Muslims suspected of terrorism using their beepers as lethal weapons (18).
Because if government actions are linked to large private global technology companies, as is suspected to be the case, and as attested to by many prestigious international analysts (19), then the situation becomes very delicate.
Naturally, on the other side are those who present these issues as associated with the need to protect society from attacks on national security, and how better personal data could have prevented or at least mitigated the simultaneous terrorist attacks of September 11 in the United States (20). The bombing of the FBI building in Oklahoma City (21) or the major global internet blackouts since 2011, attributed to hackers from different countries (22).
Of course, when we look at the increasingly frequent cases of domestic terrorism in many countries around the world, causing thousands of deaths in schools, universities, streets, and shopping malls, or at high-impact international attacks such as those on the London Underground, Spanish trains, Israeli civilians on buses, or even car bombings in Colombian cities at the height of the war against the Medellín cartel, or the situation that arose in Culiacán, Mexico, following the capture of a drug trafficker, then we understand the need for governments to collect better and more comprehensive data on certain individuals in order to prevent such attacks.
The consequence of these realities is that states, governments, and their intelligence agencies are asking new questions about the security of personal data and its relationship to human and national security, even though today these issues are associated with the existence of a growing digital community.
There are profound questions that directly concern the nature of security, such as:
What is more important to guarantee, the human dignity represented in the integrity and protection of the data of specific individuals, or the security of society as a whole and of individuals themselves, which cannot be fully guaranteed without personal data?
How should we act in critical security or national security cases? While there are special rules for the processing of personal data in the hands of the state, it is also clear that we cannot ignore the importance of respecting the universal norms of autonomy, integrity, and human dignity that have been developed by the entire world.
And there are many other questions, some of which are related to those above, like:
How and with what new technological, human, legal, and administrative tools can we respond to these new ethical, legal, and technological demands?
How much of the public budget should be allocated to ensure that hundreds of entities and agencies can support the fulfillment of such rights and respond to new technological threats?
Who, how many, and under what conditions should public servants be recruited or trained to address such problems?
And here another problem arises,. As pointed out by the World Forum global report, released on 2025, the public sector is disproportionately affected, with 38% of respondents reporting insufficient resilience, compared to only 10% of medium to large private sector organizations. This inequality extends to the cyber workforce, with 49% of organizations in the public sector indicating that they lack the necessary talent to meet their cybersecurity objectives, representing a 33% increase since 2024 (23).
In other words, states do not have sufficient or adequate personnel to carry out these tasks. In addition to this lack of training in the field of cybersecurity among public servants, there are other important issues, such as the fact that, when it comes to human rights associated with personal data, many state information operators have a conception of national security that privileges the defense of particular interests over those of individuals.
And while many states, governments, and their intelligence agencies make great efforts to analyze why technological developments related to personal information can have negative effects and consequences, many of them still hold beliefs, conceptions, and actions associated with the idea that protecting national security authorizes any other action, even if it means affecting the security of individuals.
In short, the current scenario of processes associated with personal data and the technology used to process it, which is also linked to the emergence of a global digital community, has become dangerous for human beings and for democracy itself, as it is associated with precise and detailed knowledge of human lives. This is even more so in the case of governments and intelligence agencies, if it is assumed to be part of traditional conceptions of national security.
Therefore, it must be evaluated, in depth and publicly, whether such ideas are still valid, and whether, in order to guarantee national security, one of the most important human rights, after life itself, which is also linked to physical integrity, such as human dignity and autonomy, represented in personal data, should be ignored or not.
Author: Mauricio Diagama Durán – Professor of geopolitics and Colombian foreign policy at the Escuela Superior de Guerra. Researcher and professor at several universities in Colombia and abroad. Public administrator, specialist in international business, and holder of a master’s degree in national security and defense.
(The opinions expressed in this article are solely those of the author and do not necessarily reflect the views of World Geostrategic Insights).