On July 22, 2015, the then Attorney General of India asked the Supreme Court, “Is right to privacy a fundamental right?” On August 24, 2017, the Supreme Court delivered a resounding response. In a unanimous judgment, a nine-judge bench held that the right to privacy is ‘intrinsic to life and liberty’.
The judgment has righted a series of wrongs—most importantly, it has trashed the ADM Jabalpur ruling of the Emergency Era. The judgment made the right to privacy explicit, underlined personal liberties—food and sexual preferences, right to abort and to end life, right to dissent, dissemination of personable information and established that the miniscule minority matter. Unmistakably, legislation and rules hereon will regularly face the challenge of the privacy factor.
The focus of agitation, litigation and the discourse thus far, has been triggered by Aadhaar—its deployment and linkage. Challenges will be circumscribed by the caveat of reasonable restraint and arguments will need to factor the observations and rulings of the Supreme Court. This would include the August 2015 ruling on use of Aadhaar for programmes, the passage of the Aadhaar Act, 2016, in Parliament, the June 2017 ruling on the linkage of Aadhaar with PAN card, on the competence of Parliament to enact, that it didn’t not find “any conflict between provisions of Aadhaar Act and Section 139AA”, and Justice D Y Chandrachud’s observation on the vital role of the state in ensuring “scarce public resources are not dissipated.”
The discourse on privacy is at an inflexion point—in India and across the globe. The right to privacy has been enshrined. The issues of legitimacy, linkage, expansion and collection will be argued and heard in the court. The protocols and controls on collection and use of data will follow the judgment—the committee, headed by Justice B N Srikrishna, has been mandated with the task of detailing systemic steps for data protection.
The quest to ensure privacy though requires more than just oversight on enrollment and collection of data. The discourse must evolve and shift orbit in consonance with needs of the interconnected world we live in—remember, data isn’t static and moves seamlessly across state and private platforms. It is critical to enlarge the discussion from collection to deployment and dissemination, to expand the scope to cover the actions of not just the state, which has coercive powers, but also the private corporations who seek to build monopolies for coercive commercial control.
Do we know enough about who is collecting what, when, where, and how much? Do we know who is sharing what, with whom, and for what?Imagine this. You get into a fit to get fit. You shop online for a wearable device to monitor your status and progress from sedentary to being active. You log on to an online site to buy one. You choose the device and pay online with your credit card. Once the wearable arrives, you login and register on the app, sync it with your phone and laptop. Typically through the day the wearable is enabled to track your activities, including details of what you eat, where you eat or drink.
Like others, you share progress on social media sites—in pictures, words or characters. You ‘forward’ it to friends, post on picture sites. You were already emitting data, now you are emitting every step. Data from public and private monitoring systems—cameras and face recognition systems. Nobody quite knows how much data is being emitted—it is estimated that by 2025 digital data universe will be 180 zettabytes—said to be equivalent to around 250 billion DVDS. The larger question though is what happens to all that data in this one stream of activity?
Retrace the steps to the fine print called privacy terms of the devices and services in use. The internet service provider funnels information into silos, uses and shares information with third parties, and can even transfer information outside India. The device is pinging data to towers. The ecommerce site uses information to process orders, for delivery and mines preferences to recommend merchandise and shares it with third party contractors. The credit card company and the bank store, use and share data for cross-selling, for providing services/products. And there is more.
This is where discourse must be anchored. The question to ask: What about privacy of thought, action, transactions? The expanding use of artificial intelligence makes profiling of users easy through use of algorithms to derive cognitive features, draw inferences, for furtherance of material interests that may or may not be inimical to individual interest. The assurance of anonymisation is challenged by technology that enables re-identification. How vulnerable is the person and personhood and what can be done to empower the person.
This is not just an Indian situation. This is a global issue. The issue of data management needs to be spliced into operative parts. First and foremost, rid the obfuscation in consent—a caller identity platform, for instance, claims to protect privacy even as it gets virtual access to the device. Apps regularly get access to info on location, IP, device ID, SIM usage, apps on board, OS, browsers, usage, address book and Metadata on calls and messages.
The next critical step is to empower users with a protocol for control over data—Davids must have the right to reclaim digital footprint from data Goliaths. Internet inventor Tim Berners-Lee believes since data is held in proprietary silos, users ‘lose our on benefits’ they would have if they had direct control over data and were able to choose when and with whom to share it with. Earlier this month, the UK government proposed a new data protection bill that proposes greater control over their data—even erase personal data off the web. In India, the Telecom Regulatory Authority of India has put out a consultation paper that seeks views on possibilities.
The question beyond the facility of control is what’s in it for the user. Sure there is the free service, but providers are raking in revenues advertising and otherwise—and in many cases, data is dredged out of paid for services. Arguably control and ownership of data can leveraged for better services—say health, credit or conveniences. It is also worth examining if a share of revenues be corralled for funding public goods—internet connectivity, for instance, to bridge the digital divide?
The cumulative market value of the shares of Apple, Alphabet, Amazon, Facebook and Microsoft is in excess of $2.9 trillion. There is a need for a rethink on how society can balance need for innovation with imperative for privacy and accountability, and how data can be used to try and even out asymmetry of access, opportunity and even incomes.
Can data be leveraged to for greater common good?