Why privacy is no more a zero-sum game in India
Now that it has been declared a fundamental right, Parliament must define the contours of the SC ruling
The privacy debate has been framed by some as a zero-sum game between State interest and individual interest. Sections of the private sector worry that privacy as a fundamental right will have a dampening effect on scientific research and technological innovation. But this is not the whole truth. The armed forces and intelligence agencies depend on military secrecy. Democracy is a consequence of the secret ballot. The bureaucracy cannot function without official secrets. Science cannot progress without double blind peer reviews and anonymised data sets. Innovators and creators need to protect their trade secrets, patents [before registration] and copyright [before publication]. E-commerce and banking require passwords and authentication factors to be kept confidential. The free press depends on anonymous sources. All of this is predicated on the individual right to privacy. It is, therefore, not a refuge for scoundrels who have “something to hide” but the foundation of an open society and the free market.
How do we then address the tension between privacy and other fundamental rights like the right to free speech and derivative rights like the right to information? The RTI Act has privacy as one of the 10 exceptions — with public interest as the exception to the exception. But a comprehensive fix would be for Parliament to enact an omnibus privacy law that does four main things: One, establishes the contours of this right including exceptions; two, articulates national privacy principles; three, establishes the officer of the privacy commissioner; and, four, enables a co-regulatory regime that allows bottom-up data protection standards from each industry sector to be blessed by the regulator.
How do we resolve the competing imperatives of privacy and national security? First by converting some of these tensions from zerosum games to optimisation problems through innovative law and technology. Second, by updating 50 odd sectoral laws and regulations that impact the individual right to privacy in various domains.
How do we prevent Internet giants from using their legal teams to make a mockery of our privacy and data protection laws while at the same time protect emerging firms from over-regulation? Unlike the European GDPR, which has 37 years of historical baggage starting with the OECD Guidelines from 1980, India has the advantage of starting with a tabula rasa. If law makers are bold – we can leapfrog into the age of big data, machine learning and AI by reinventing principles such as consent, accountability etc. Rahul Matthan from Trilegal is leading some of the most innovative thinking here. Only through such regulatory innovation can we prevent both the “administrative paralysis” that might emerge from excessive litigation or the dampening effect on innovation from inappropriate regulation.