Data protection and privacy laws needed on the lines of EU
Despite the landmark Supreme Court judgment, India still requires strong data protection and privacy laws to control who we want to share our data with
The declaration by a rare nine-member Supreme Court bench that privacy is a fundamental right guaranteed by the constitution is a body blow to the Government initiative of mandatorily linking the biometric identity program, Aadhaar to our national databases, financial transactions, essential services and welfare schemes.
Notwithstanding the jubilation among the rights petitioners, this landmark ruling is just another step in the right direction, with several more required to ascertain citizens’ privacy in the ongoing digital era. Not to be overlooked, India, one of the nations with the highest terror and cyber threat perception, should look into any major legislative drafting from a national security perspective.
In our data driven digital age, our every action, our every smart device including mobile phones and personal computers, and our every application including social media platforms and web browsers, generate humongous volume of information - ranging from our personal likes and dislikes, to our personal connections, to our financial transaction records, to our shopping, travel and hospital records - with or without our knowledge.
Complex algorithms could easily bring together seemingly innocuous impersonal information to create unique personal profiles of any individual. Strong data protection and privacy laws, similar to the General Data Protection Regulation (GDPR), set to be introduced in the European Union from May, 2018 are imperative to ensure that we have control over our own data, and for us to decide with whom we share our own personal information.
That being said, we should not forget that our current times are seeing an exponential increase in cyber-crimes with the internet used as a primary tool for several antisocial activities ranging from smuggling, trafficking and money laundering to recruitment into terror outfits.
Terrorist organisations including the IS have started using digital cryptocurrencies such as Bitcoins as the preferred funding mechanism to covertly expand their operations. Data breaches and identity thefts allow a perpetrator to execute any of the above-mentioned activities, with the onus on victims to prove their innocence.
Privacy concerns weakening the ability of our counter terrorism and intelligence units to stay a step ahead in the darkening digital world would have grave, long term consequences.
Furthermore, measures taken to curb the efforts of the Government to collect and analyse data, the primary raw material of our digital economy, while a handful of private corporations colonise bulk of the planet’s generated data, would undermine the state’s ability to provide quality citizen services, which in turn could create turbulent social and economic disruptions.
However, unchecked and unaccounted data collection and examination, especially by Government entities would lay the foundations of a dreaded police and surveillance state, the primary fear of the rights petitioners who have challenged the mandatory Aadhar push.
Creation of independent watchdog institutions akin to the election commission, preferably answerable to a parliamentary committee, with ample constitutional authority to oversee and ensure that any public or private organisation working with data comply with stringent data privacy, protection and security regulations, would be ideal steps to ensure that our citizens effectively preserve their privacy in the digital age.
(The author is the Executive Director of Cyber India and Vice President of Navoothan Foundation. Tweets @anilkantony)