Turning the debate on India’s data protection laws

Jayadevan PK July 5, 2017 6 min

data-privcy-India

If the pizza guy tried to sell you a dildo, it would creep you out. You would look at it as a gross violation of your privacy.

The problem is, this is already happening in many ways in India and most of us are unaware of the consequences.

When we go to a supermarket, they ask us for our phone number at checkout. When we go to a medical store, they ask us for our number for the bill. To get into an apartment complex, we need to give our number at the security gate. When we receive a government service, we need to share our phone number. The apps we have on our phone are constantly getting a read on us: where we went, who we called, our ability to spend, which sites we visit… Most apps want permissions far beyond what’s needed for their efficient functioning.

Most people don’t seem to care much either.

Barring a few exceptions, none of these entities who collect our data, spell out what will happen to it, how long it will be stored, or who else it will be shared with. Informational privacy, or the right to control the collection and usage of our personal information, does not exist in India

Barring a few exceptions, none of these entities who collect our data, spell out what will happen to it, how long it will be stored, or who else it will be shared with. Informational privacy, or the right to control the collection and usage of our personal information, does not exist in India.

The outcome of not having informational privacy often shows up as a minor irritant to begin with. A popup that tries to sell us something we’ve searched for, unsolicited calls and marketing messages.

Take it one level up — we’ll have data that helps corporations maximise profits. Insurance companies could ask us to pony up a higher premium based on our calling patterns. The telecom company could bill us higher for services that are being discounted for another customer. Or Uber could charge us more if our phone is low on battery. First world problems and nothing more than garden variety profiteering at play.

It gets worse when the real and virtual worlds converge. Turns out, finding someone’s address, phone number or even income tax filings aren’t that hard in India. Data protection laws are non-existent in the country  

Take it to another set of people — the poor, minorities, sex workers, victims of assault and the sick for instance. Lack of informational privacy and laws that deter indiscriminate sharing of information has even greater implications in these cases. It can be a matter of life and death or the difference between being able to live in peace or being harassed.

It gets worse when the real and virtual worlds converge. Turns out, finding someone’s address, phone number or even income tax filings aren’t that hard in India. Data protection laws are non-existent in the country.

Lately, the focal point of this privacy debate has become Aadhaar, India’s biometric identity system. Biometric databases, without the necessary checks and balances, can enable surveillance and potentially lead to an abuse of power. It can also lead to exclusion from services in some cases. The implementation of Aadhaar-enabled systems is messy (as were the railroads and most mega infrastructure projects) and leaves a lot to be desired. Some chinks are being ironed out. But there are more to go. There is very little chance that the government will scrap Aadhaar now. As of now, it’s up to civil society to point out problems; the Indian government to take action; and the judiciary to bring clarity.

Privacy and protection of an individual’s data should start way before we get to Aadhaar

Lately, the focal point of this privacy debate has become Aadhaar, India’s biometric identity system. Biometric databases, without the necessary checks and balances, can enable surveillance and potentially lead to an abuse of power  

That said, privacy and protection of an individual’s data should start way before we get to Aadhaar. It must start with telecom service providers and every other entity which collects your phone number because your mobile number is the ubiquitous number that enables tracking. Your phone number is the weakest link in the chain.

Getting a move on the Personal Data Protection Bill of 2014 will be a start. As Yuthika Bhargava reported in The Hindu last month, a data legislation is in the works. Mind you, this has been on the backburner for several years now. An overarching legal framework for informational privacy is an absolute must for India, when the entire population is starting to leave digital footprints. The government, on its part, has promised to bring about a data protection regime in the country. So far so good.

However, there is another side to this debate. Thinking of only data protection will be a mammoth mistake for India. If data is the new oil, having an overprotective regime will make sure we lose out on the benefits that technology has promised us. We should put in place a regime that not only protects the data and your privacy but also allows data sharing with consent. Used in the right way, this can be of huge advantage to India.

An overarching legal framework for informational privacy is an absolute must for India, when the entire population is starting to leave digital footprints. The government, on its part, has promised to bring about a data protection regime in the country  

As Greg Ferenstein pointed out in his piece, ‘The Birth And Death Of Privacy: 3,000 Years of History Told Through 46 Images’, throughout history, people have traded privacy for convenience or other gains. “Humans invariably choose money, prestige or convenience when it has conflicted with a desire for solitude,” Fernstein noted. The US post office introduced information privacy laws in the 19th century. But people chose post cards (less private) instead of envelopes because they were cheaper. In 2015, AT&T offered users a premium service to opt-out of browser tracking for ad targeting and not many chose to do so.

“This portends a future where most people will increasingly choose ever more invasive tracking in exchange for money, health advice and entertainment… If history is a guide, the costs and convenience of radical transparency will once again take us back to our roots as a species that could not even conceive of a world with privacy,” he writes.

Now take today’s Indian context. Say you have given information about your house to the government housing society’s database. Shouldn’t you be able to use the same data, digitally verified, to prove to the electricity board that you are indeed the owner of the house? Say you run a shop. Your transactions details are already used by the bank. The goods and services network will already have details on your trade. Shouldn’t you be able to use the data, digitally signed and made available in real time, to avail credit from a lender? Say you have a mobile phone. Most of your usage data is tracked by the operator at all times. Shouldn’t you be able to give this data to a third party service that helps you optimise your bill plan for you? Data laws in India should not only protect data but also help build a society of the future where data is shareable.

Think about it.