Privacy is a cornerstone of any democracy. The constitutional sanctity accorded to a vote, the right to life with dignity and the right to liberty are all emblematic of this. But in India of 2015, privacy is being chiselled away bit by bit. If the government’s top judicial officer Mukul Rohtagi told the Supreme Court that the right to privacy is not a fundamental right, he was just stating what is happening in the country. Led by a retrograde judiciary, a shortsighted bureaucracy and politicians with an authoritarian streak, the last nail has been hit on the coffin of privacy. The views and opinions about Aadhaar that the government has shared with the SC are brazen symptoms of the deep rot.
The SC’s views are no different, as can be seen from its verdict on Section 377, where it held that even consensual gay sex is illegal. The apex court believes that it’s the government’s job to not only know what a person does for living but it also wants to know what he does in his bedroom. This erosion of privacy has become a malaise. At a time when the world is waking up to digital snooping by governments, thanks to Edward Snowden’s revelations, and searching for legal remedies and balancing legitimate tracking of criminals with that of privacy for its law-abiding citizens, India is hurtling in another direction. Another sinister step is the creation of Goods and Services Tax Network, a Section 25, not for profit private limited company, headed by a former IAS officer from Bihar. Among its shareholders are private sector banks like HDFC and ICICI Bank. Nothing wrong with that. But the story takes a scary turn when we realise that this private company, partly owned by banks, will soon have access to all the tax data held by the Central Board of Direct Taxes, both direct and indirect tax. No government has attempted something like this where tax compliance is at the mercy of a private data company. The GSTN calls itself a company set up primarily to provide IT infrastructure and services to the Central and state governments, tax payers and other stakeholders for implementation of the Goods and Services Tax.
At a time when Big Data and Data Mining have reached a stage where an algorithm can predict what day of the month and at what time a person will buy a book or a bottle of scotch, the GSTN information network is a sure recipe for a data disaster. The massive trove of data collected by CBDT and Central Board of Excise and Customs over the years is set to be handed over to the fledgling GSTN that has an authorised capital of `10 crores. The history of GSTN dates back to 2011 when an advisory group headed by Nandan Nilekani came up with five tech-driven initiatives for government financial projects: IT Department, National Pension Scheme, RBI, and for tracking government expenditure and GSTN for the GST. Now, with a clear timeline for rollout of GST, it is only days before all the tax data ranging from that big industrialist to neighbourhood shopowner to your own data will be in the hands of a private party.
This is not a reassuring thought considering even companies that are investing huge amounts of money on data security are reporting breaches. The latest to fall a victim to data breach is Ashley Madison, a website for married people who want to cheat. Thankfully, the hackers threatened not the individual cheaters but issued a diktat that the website be shut down. Even government databases are not safe. Only a few days ago, two hackers gained access to the Telangana Governments Mee Seva servers and siphoned of `13 lakh before being caught.
Part of the problem with Aadhaar stems from the fact that the personal biometric data has been collected by private parties without any guarantees about privacy. The data is being collected (last count 800 million people’s information) in the absence of any legal or constitutional framework or guidelines about its usage or storage. By the time the SC finishes gives its learned verdict on a batch of petitions challenging validity of Aadhaar, the government is likely to present it with a fait accompli. If the SC rules that Aadhaar is invalid, it will look ridiculous after so much money has been spent on it. If it rules Aadhaar data collection as legit, then the question of citizen privacy becomes null and void. The SC will have to draw a fine balance between privacy and use of Aadhaar data. In 2012, a Group of Experts headed by Justice (retd) A P Shah created a framework of guidelines for Privacy Act. It wanted the law to address concerns about data protection, safety, intrusion, surveillance and physical privacy. Forget about creation of such a law, we are in the midst of the biggest intrusive data collection by the government. In the current session of Parliament, PM Narendra Modi is piloting a Human DNA Profiling Bill. This overarching Bill must be the most intrusive piece of law that targets privacy anywhere in the world. Though it appears as if it is aimed at tracking criminals, solving rape cases and resolving cases of missing persons, the draft bill is an eye-opener. Besides the offender, even the DNA profiles of suspects and volunteers will be acquired to create a database. And this may be used not just in criminal cases but also in civil ones. While all this make it appear as if the Bill may be useful in solving cases, what it leaves out is the question of privacy.
The bill seeks creation of DNA Profiling Board, headquartered in Hyderabad, that will oversee creation of a DNA information bank. Once, a person’s DNA is added to the database it will remain there for perpetuity. The DNA is the very basis of our identity. Creating a databank is not wrong, but the question is that of its security. Without adequate data protection and robust privacy laws in place, these new sets of organisations with their dragnets of information with intrusive data collection methods would be a disaster. And a government that collects massive troves of data with untrammelled access to even physical and financial data can easily predict the behaviour of its citizens and in every five years its voters. Do we want a government that knows whom we are going to vote? Do we want a government to hand over the most private information about our financial well-being or the lack of it to a private party? Already, India is an abyss when it comes to digital privacy as smartphones, apps and data mining software create profiles of a billion citizens without their knowledge or explicit consent. It is one thing that a private company harvests data to peddle gizmos or fashion accessories and quite another thing when a government harvests personal and financial data and hands it over to private companies. This is ticking time bomb of privacy whose consequences can be disastrous for the individual and for the country’s democracy as we know it.