Waiting Game
Cour tesy Aadhaar, the demand for an appropriate privacy law in India has come to the forefront. The privilege of an individual citizen’s data is extremely important, not just because of Aadhaar but because large Internet companies are among the world’s leading hoarders and miners of user data.
Directly obtained data, information derived from usage patterns — it could be something as simple as your mobile phone company knowing your route to work and where you stop every evening for a drink — and the ability of technology to draw upon ambient noise and learn habits about your consumption and lifestyle that you may not quite have shared: the risks to privacy are both innumerable and inevitable.
In much of the world, the real debate about data is not so much about a national identity card used for accessing public services — or indeed the creation of an identity platform such as Aadhaar on top of which service providers, public and private, can build and base their apps. The real debate is about large Internet companies — whether Facebook or Google, Amazon or Microsoft — that are repositories of enormous data.
The more we use these Internet services, the more data we share with them. The more we share with them, the better they tailor products and user experience for us. The better they tailor products and user experience for us, the more we use them. Since many of these companies happen to be American, the data about users from other countries usually lies in servers in the United States. Access to them is controlled by US law.
There is a perception — and to be honest, this is often a contested perception — that US law enforcement agencies have easier access to this data than other jurisdictions. In particular, the theoretical likelihood of the data of a non-US citizen — say an Indian or a South Korean — being more easily accessible to the US government than to his or her home government has exercised both privacy activists and diplomats. What if, as is commonly understood, the US government is less sensitive about the privacy rights of aliens (non-citizens) than its own citizens?
Different countries have responded differently to this challenge. In China, international Internet companies have virtually been driven out by policy and regulatory norms that actively discriminate against them. Whether Twitter, Facebook or Amazon, the Chinese have promoted their own alternatives and have kept user data at home. In parallel, the availability of such data has become an instrument of the surveillance state.
Yet, this is not a blackand-white model. Take WeChat, a Chinese messaging app that is roughly the equivalent of WhatsApp. Recently WeChat was banned in Russia, a country that is politically friendly to China. This was part of a clampdown on international social media companies and the desire of the Russians to control user data. Ironically, while targeting a Chinese company, the Russians were borrowing a surveillance policy that had been inspired by China.
The European discussion is more complex. The battle with the American Internet giants is slowly moving from an obsession about privacy to a need for governments to access data to anticipate and punish acts of terrorism. This shift in nuance has been very marked since the Paris attacks of November 2015 and has gained ground with every subsequent terror strike.
Governments in the United Kingdom, France and Germany are believed to be coordinating an effort to get American Internet companies, particularly