We are the citizens of the biggest democracy in the world. Democracy, that provides us the freedom to do anything that we wish to- freedom to eat, drink, wear, talk, live the way we want. Heck, it even empowers us to speak against the government, without the fear of implications.
But all this could change soon.
Since the last few days, while most have been busy voicing out our opinions about the Citizenship Amendment Act in India, the Government has readied a plan to change how we communicate going forward.
First, let us understand why do we need guidelines for data privacy. Well since we live in a digital age, everything we do is somehow or the other is with the help of technology. Smartphones, apps, cloud, social media, computers, servers, etc define our everyday lifestyle. And since we are highly dependent on these technologies, they end up having far too much information about any individual.
Now if a company that stores all this data, can misuse this data by selling your personal information to advertisers or other companies or even worst snoop on you.
Similarly, even a local telecom company or a bank, which has access to a lot of critical information cannot be held responsible without proper data privacy policies in place.
And, due to the lack of proper policies, quite a few companies were found misusing private personal data. The BJP led NDA government started the work on forming guidelines in 2017 and a draft bill was prepared by a high-level committee headed by the former Supreme Court Judge B. N. Srikrishna. The draft was first put in public domain last year and on December 4th, the Union Cabinet approved the data protection bill 2019 in the parliament.
This bill puts forward the guidelines on the collection, storage, and processing of any individual’s data. It also talks about penalties and compensation for non-compliance of this policy. The new bill has a provision of a fine of Rs. 15 crores on companies that violate the law. This is to a certain extent even stricter than some international policies.
The bill states that any sensitive and personal data cannot be processed without the consent of the person. The bill also has a scope of setting up an appellate authority that will prevent misuse of personal data and take steps to protect the interests of individuals. The new privacy bill will also hold social media platforms with a sizeable user base accountable for actions that can impact electoral democracy or public order. It also talks about voluntary user verification mechanism for users in India, somewhat similar to the blue tick present on the profiles of celebrities on social media.
In a nutshell, this bill aims at giving more control of their data to the users. But if that is the case then does it mean that you should be relieved with better privacy and data security? No there are some glaring issues in this bill that need immediate attention. The bill allows any government to override all the above-mentioned citizen rights and under section 35 enables them with absolute power.
Agencies with the help of a written order from the central government specifying the reason of a breach or in a manner “as may be specified” in the future, can bypass all the privacy rights given to the citizens by the bill.
The bill, in the garb of interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order, gives the government unrestricted power to snoop on any citizen. The current bill is in stark contrast with the 2018 draft and does not talk about the need of the law to be framed to decide what is does breaching of privacy means.
Time and again multiple social media sites and companies like Google and Apple have been approached by the government to provide data of individuals for matters related to national security. The recent WhatsApp surveillance via Pegasus suggests that the government is involved in some way or the other to track and spy on independent voices.
Earlier in the month of November, the central government announced that the state and central governments, as per the 1885 Telegraph Act and the 2000 Information Technology Act, are not only allowed to intercept any communication but also decrypt any computer nationwide. The current bill is just an extension to that announcement and can give dictatorial access to the government.
Now if you’re able to read this, there is no need to explain how things may turn out if the government, regardless of the ruling party, gets the supreme control on our data. Crusaders and advocates of free speech and internet like the Mozilla organization have written to the Indian government highlighting the differences between the original draft and final law raising concerns over individual privacy. Even Justice Krishna mentioned that the final bill is different from the one he drafted in 2018. If this bill comes into force India could easily become the next China, where ever move of a citizen is closely monitored by the agencies and even a lame joke cracked shared within close group of friends or family members via messenger group chat can land you in jail.
While a joint select committee is examining the current law and is not going to be taken up by the government until 2020, we need to ensure that enough voice should be raised to save the democratic rights of every citizen of the country, before it is too late.