Digit Geek
Digital Privacy
Digit Geek > Recent Articles > Technology > With the Privacy verdict, personal data in India might finally get the status it deserves

With the Privacy verdict, personal data in India might finally get the status it deserves

The country desperately needs data security norms, guidelines and best practices (which are enforceable) for both the private sector and government entities

At around the same time that we were shipping off the magazine to print, courts in India were pretty much on a roll, dashing out one blockbuster verdict after another. The one that really interests me, because I believe it would have the biggest impact on the tech sector, is the one declaring privacy as a fundamental right.
Privacy is not only a contentious topic in a society like India, I would argue that it’s an alien concept. I mean come on, privacy, in India, it’s almost oxymoron-ish. Not only are we over-sharers, we do not really understand the concept of space. Most of us wouldn’t peg enquiries into our lives by random acquaintances as intrusive, nor would we notice when we intrude.

While “mind your own business” is a favourite Indian phrase (usually in our movies and TV serials) it just isn’t something that we really do. Anyone who’s ever travelled in a local train and had some random uncle or aunty stare unselfconsciously into their phone would know what I’m talking about.

When this whole privacy debate started, I’d read an interesting article about how a school kid was forced to surrender his Facebook account because someone suspected he was being over friendly with the principal’s daughter. The kind of responses that the article got, renewed my faith in our society’s ability to change (most comments were largely sympathetic). There are of course some people who would still dismiss privacy as a rich people’s problem. But that is not true at all.

As our lives become increasingly digital, privacy is now everyone’s problem.

“What if terrorists misuse this new found right?”

As with any constitutional freedom, the question of misuse is ever present. However, this right is not an absolute one, it comes with reasonable restrictions. This should pacify detractors somewhat.

Internet privacy

Hopefully, electronic/digital data will be considered sacrosanct going forward and thanks to this verdict, we will have data security norms, guidelines, and best practices formulated soon, which will be enforceable both on the private sector and government entities. Despite my misgivings about misuse, I’ve consistently always held that Aadhaar has its uses, especially when cross-referenced with other databases to bring in accountability and unearthing frauds. However, the lax attitude displayed by secondary users of the Aadhaar API leaves a lot to be desired. Similar cases keep happening in the west as well. If I remember correctly, a while ago England’s NHS (National Health Service) decided to implement norms for how medical data acquired by the government body will be used by various partners within the system. At least on paper, they state that anyone using data for secondary purposes must only use data that doesn’t have personally identifiable information, i.e., anonymised data.

Aadhaar needs similar access control and so does the private sector. Currently, most privacy breaches are unearthed by privacy advocates and watchdogs, resulting in a media spectacle followed by corrective measures, but little in terms of legal penalties. Sure, you’ll have the CEO of the blundering startup issue a heartfelt apology letter and a 5-point programme on how they will avoid such breaches and leaks in the future, but the fact remains that if punitive damages were involved, they’d have been much more serious about the privacy of their user-base from the get go.

While it may be argued that the current IT Act already has provisions for security and privacy of data, most experts believe that the recourses and guidelines available are inadequate. In fact, in response to a question raised in the Rajya Sabha last year, Telecom Minister Manoj Sinha said that private companies collecting user data are “required to implement reasonable security practices and procedures to protect the information”. That’s hardly reassuring.

Coming back to Aadhaar, yes, this privacy verdict comes as a result of petitions related to Aadhaar, but it only serves to define the legal status of privacy as a fundamental right. It does not immediately invalidate Aadhaar nor does it result in its scrapping (obviously). Reports suggest that a new bench will decide its fate.

At a broad level, I think Aadhaar isn’t as draconian as some people make it out to be. At the same time, I think a surveillance society is against the principles of freedom and liberty. Certain checks and balances have to be maintained so misuse is nipped before it begins. What was that quote again about power and responsibility?

Write into me at the email address given alongside or on social media and tell me your thoughts on privacy.

This article was first published in the September 2017 issue of Digit magazine. To read Digit’s articles first, subscribe here or download the Digit app for Android and iOS. You could also buy Digit’s previous issues here.

Siddharth Parwatay

Siddharth Parwatay

Vertically challenged geek. Interested in things like evolution, psychology, pc gaming, history, web culture... amongst other things.