India is having a moment. A moment on privacy. Reports on Cambridge Analytica, Aadhaar data breaches and Paytm sharing user data with offices of the government have made digital rights capture public attention (read: fear).
Parliament has seen private member bills, discussions and occasional uproars over Aadhaar and privacy. The case of Justice KS Puttaswamy vs Union of India reaffirmed the status of privacy as a fundamental right. It was a big win with many battles still being fought. Last week, a committee of experts led by Justice Srikrishna submitted a report and a draft bill for establishing a regulatory framework for data protection and privacy.
Two important principles for an effective privacy regulation are, however, being crippled in this process. The main culprits: (i) a bureaucratic approach to policy-making—non-inclusive and laggard and (ii) The user not being put at the centre of conversations on privacy, by creating illusory false dichotomies—a chutzpah championed by the tobacco lobby.
The ways of Sir Humphrey
The government of India, for its part, had tasked a committee of experts led by former Supreme Court Justice Shri BN Srikrishna to formulate data protection law in India. This law is supposed to tackle the questions on Aadhaar, privacy, and more. The committee recently published a report and a draft law for the consideration of the Union executive—after a long wait. The timing of the release of the report has been a matter of gossip in policy circles, and the submission of the report is a great relief—at least the process can now move forward.
The previous government had also established a committee of experts chaired by former Delhi High Court Chief Justice AP Shah which published a 9-point focused report. This report was never taken to its logical end with a parliamentary enactment, despite the Government of India actually drafting a full bill and discussing it in private meetings.
A certain sense of weariness plagues subsequent government efforts which are also criticised for being exclusionary for not including citizen voices and having a pro-Aadhaar bias among the members.
All this is symptomatic of a lack of transparency—called out by many in the past. Such reluctance should not distract us from the central need of a privacy law in India.
But are people asking for too much?
History doesn’t repeat itself, it rhymes
On the substantive aspects of a policy framework, there is a common theme which has over time come out from certain quarters in conversations related to privacy. An aversion for effective regulation. Or as a harsher person would say, a refusal to see the people behind the data.
There is a false dichotomy created between privacy and innovation. While one wouldn’t want stringent regulations to cripple huge business possibilities, an eerie sense of realisation sets in—one has heard these arguments before by the tobacco lobby.
Innovation is presented as a panacea which seems to justify the ask for no regulation. It almost seems that at the altar of innovation, privacy is nothing more than collateral damage.
For tobacco, the word was freedom. Time and again, arguments were presented where evidence against tobacco was refuted by arguing for freedom. Freedom was the panacea which justified the ill-effects of tobacco. The irony of tobacco being addictive in nature, is a whole different story.
In this endeavour, tobacco even changed advertising forever—The Marlboro Man. Considered the most powerful brand image of the century, the Marlboro Man stood as the ultimate masculine trademark. Such was the appeal of the Marlboro Man, the consumer forgot the health arguments and cigarette sales skyrocketed. People just wanted to exercise freedom.
Aspirational concepts such as freedom and innovation make great buzzwords, but for them to be substantive, the user needs to be protected and empowered.
Listen in some more, and you hear proposals of self-regulation—arguments are provided for the industry regulating privacy, as it is most empathetic to the user. The industry claims that it is dependent on the users, so can be trusted with safeguarding the rights of the users. The tobacco industry used to make similar claims about how they should be the ones to lead the campaigns against teenage smoking—campaigns that coincidentally ended up failing miserably. After all, these were the people who had to become the next generation of customers they depended on, could we expect anything different? The wolf always wants to guard the sheep.
In most big data industry business models, the users aren’t even the customer. They are the product—sold to advertisers, profiled for marketing, a goldmine of usable information. A user is cut up into data points and sold for parts. Let that sink in and the irony hits you harder. The butcher wants to guard the sheep.
It would be remiss of the author to not mention the huge contribution of the technology industry and their willingness to engage in figuring out the policy challenges technology poses. One must provide the disclaimer—the comparison to big tobacco is only to the extent of the arguments for lack of regulation, and not the utility of the industry. One only seeks to highlight the path which the arguments seem to be treading. After all, forewarned is forearmed.
It isn’t all so dark
Arguments of self-regulation, are perhaps past us now. The committee has recommended an independent regulator. However, there are many issues and gaps which must be filled in the recommendations of the committee—for India to get a comprehensive user-centric privacy regulation.
It’s time to take matters into our own hands and engage with the government in passing a law India can be proud of. It is essential that citizens build consensus on core ideas and nudge the government and parliament to take urgent action.
Privacy is a complex terrain with many unanswered questions, many answers will come as we walk along. Despite the difficulty of this exercise the benefits promise to be long-lasting and greatly beneficial for more than billion people.
Like the second-hand smoker realised years later, inaction is not an option. Get involved now.
The author is Asia Policy Associate at Access Now and a volunteer with SaveOurPrivacy.in