POV: THE SANC­TITY OF PER­SONAL DATA

India Today - - INSIDE - By Kri­tika Bhard­waj Kri­tika Bhard­waj is an ad­vo­cate who as­sisted the pe­ti­tion­ers in the right to pri­vacy case

Au­gust 24 marked one year since the Supreme Court’s land­mark judg­ment in the Right to Pri­vacy case. A wa­ter­shed mo­ment for In­dia’s con­sti­tu­tional ju­rispru­dence, the judg­ment un­equiv­o­cally recog­nised that pri­vacy was es­sen­tial to the core hu­man val­ues of dig­nity, lib­erty and au­ton­omy. This was also the first time the ju­di­ciary took no­tice of con­tem­po­rary, tech­nol­ogy-re­lated pri­vacy threats and ex­pressed the im­por­tance of in­di­vid­u­als hav­ing a choice in, and con­trol over, how their per­sonal in­for­ma­tion was col­lected and used. De­spite be­ing ar­tic­u­lated by six dif­fer­ent judges, the court was un­am­bigu­ous in its asser­tion that the in­di­vid­ual lies at the cen­tre of the right to pri­vacy.

It is, there­fore, not only sur­pris­ing but also dis­ap­point­ing that the Jus­tice Srikr­ishna Com­mit­tee, which sub­mit­ted its re­port along with a draft Per­sonal Data Pro­tec­tion Bill to the gov­ern­ment last month, chose to view data pro­tec­tion through the lens of in­no­va­tion and a ‘free and fair dig­i­tal econ­omy’. It is im­por­tant to note that the com­mit­tee was set up in the wake of the right to pri­vacy case it­self. By con­sti­tut­ing the com­mit­tee, the gov­ern­ment had sug­gested to the court that it was se­ri­ous about reg­u­lat­ing through a law the in­dis­crim­i­nate use of per­sonal in­for­ma­tion, and there­fore there was no need to carve out a sep­a­rate fun­da­men­tal right to pri­vacy.

Ir­re­spec­tive of the gov­ern­ment’s ap­proach, it was in­cum­bent on the com­mit­tee to en­gage with the court’s em­pha­sis on em­pow­er­ing the in­di­vid­ual and give mean­ing to the con­sti­tu­tional guar­an­tees ar­tic­u­lated by it. But in­stead of set­ting its goal as putting in­di­vid­u­als in con­trol of their data, the com­mit­tee ap­pears fix­ated on pro­mot­ing a dig­i­tal econ­omy, and sees the state as the key fa­cil­i­ta­tor in this ex­er­cise.

The com­mit­tee’s un­der­stand­ing of its man­date is ap­par­ent from the first chap­ter of its re­port, which is ti­tled ‘A Free and Fair Dig­i­tal Econ­omy’. This chap­ter calls for an ‘In­dian ap­proach’ to data pro­tec­tion, based on the coun­try’s de­vel­op­ment needs. It sug­gests that re­stric­tions on pri­vacy may be nec­es­sary in the in­ter­ests of in­no­va­tion and de­liv­ery of ser­vices, which is rem­i­nis­cent of the gov­ern­ment’s ar­gu­ment in court that in­di­vid­ual rights must give way to wel­fare con­sid­er­a­tions. Im­por­tantly, how­ever, the court had re­jected this line, not­ing that in­di­vid­ual free­doms are es­sen­tial pre­req­ui­sites for peo­ple to en­joy so­cial ben­e­fits.

The re­port makes no real at­tempt to jus­tify its de­par­ture from a (fun­da­men­tal) rights-based ap­proach to data pro­tec­tion. It fails to make a con­vinc­ing case for why (ad­di­tional) re­stric­tions on pri­vacy may be nec­es­sary, and er­ro­neously pre­sumes that in­no­va­tion is pos­si­ble only at the cost of pri­vacy. As a re­sult, the draft bill ends up di­lut­ing in­di­vid­ual rights and jet­ti­son­ing safe­guards. For in­stance, the re­port makes much of us­ing big data and ar­ti­fi­cial in­tel­li­gence for com­mon good. Pro­cess­ing large vol­umes of per­sonal data en­ables in­dis­crim­i­nate pro­fil­ing of in­di­vid­u­als, and while AI aims to make ma­chines ca­pa­ble of rea­son and de­ci­sion-mak­ing, the schol­arly con­sen­sus is that out­comes are prone to er­ror, re­sult­ing in dis­crim­i­na­tion and other kinds of harm. It is telling, there­fore, that the com­mit­tee felt it un­nec­es­sary to in­cor­po­rate the right to ob­ject to such au­to­mated de­ci­sion-mak­ing and a right to ac­cess the ra­tio­nale for such de­ci­sions.

An­other fea­ture of the bill that un­der­mines pri­vacy is the re­quire­ment to store a copy of all per­sonal data in In­dia. While ap­par­ently mo­ti­vated by the de­sire to cre­ate dig­i­tal in­fra­struc­ture in the coun­try, the pro­vi­sion makes per­sonal data more vul­ner­a­ble to se­cu­rity threats and open to surveil­lance by the gov­ern­ment. Given In­dia’s per­mis­sive surveil­lance laws, this re­quire­ment could be mis­used to tar­get cit­i­zens— for ex­am­ple, po­lit­i­cal dis­senters who ques­tion the gov­ern­ment’s ac­tions. Cu­ri­ously, the com­mit­tee does ac­knowl­edge the lack of ef­fec­tive checks (such as prior ju­di­cial sanc­tion for in­ter­cep­tion of com­mu­ni­ca­tion) in In­dia’s surveil­lance regime, but nev­er­the­less dis­misses these con­cerns while ad­vo­cat­ing lo­cal­i­sa­tion of data.

Given that we cur­rently have lit­tle choice in giv­ing up per­sonal in­for­ma­tion in in­ter­ac­tions with the state and cor­po­ra­tions, the com­mit­tee would have done well to pri­ori­tise in­di­vid­ual rights over vague no­tions of in­no­va­tion. Let’s hope the gov­ern­ment will re­visit these gaps and pass a bill that ac­tu­ally bol­sters fun­da­men­tal rights.

The Srikr­ishna panel re­port makes no real at­tempt to jus­tify its de­par­ture from a (fun­da­men­tal) rights-based ap­proach to data pro­tec­tion

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.