Data and Privacy in Autonomous Weapons Systems

Anyone's personal data could end up training a lethal algorithm — and most of us would never know. A binding international instrument regulating AWS should embed strong privacy and data protection safeguards.

Advocacy
Title of report cover - Data and privacy in autonomous weapons systems

Autonomous weapons systems (AWS) rely on the large-scale collection, processing, and inference of personal data to identify, select, and engage targets. That makes privacy and data protection core human rights obligations in any framework to regulate these weapons — not peripheral technical details to be settled later.

Our briefing sets out why data and privacy belong at the centre of the debate. AWS risk normalising mass surveillance in both wartime and peacetime, fusing civilian, biometric, social-media, commercial, and military data — and reaching well beyond the battlefield into policing, border control, and other everyday settings. Much of this data is processed in a regulatory vacuum, as national-security and defence carve-outs in data protection and AI laws leave it largely ungoverned, while major technology companies become ever more deeply embedded in the pipeline that feeds these systems.

More data does not mean more accuracy. Poor-quality, biased, or contextually flawed datasets increase the risk of misidentification, discrimination, and unlawful targeting, while opaque "black box" machine learning can be difficult for humans to understand, challenge, or control. In fast-moving, complex operations, a human operator alone cannot safeguard against these failures — and the consequences can be lethal.

We therefore call for a binding international instrument to ban and strictly regulate AWS: one that embeds strong privacy and data protection safeguards, transparency and accountability duties, and clear limits on the data feeding these systems, while rejecting "national security" as a blanket excuse to escape oversight.