DNA: Column: Sunday, September 24, 2017.
The historic
judgement of the Supreme Court on right to privacy will change the dynamics of
Digital India. It should compel the Government to ensure robust data protection
law so that personal data of 1.3 billion Indians isn’t sold out in the open
market. At the same time, the Government will have to protect its own data and
take effective measures to tax foreign internet companies, which neither have
their servers nor any office in India. These neocolonialists spread all across
the globe are the new age East India Companies and the Apex Court has paved the
way for India being the leading nation to tackle an issue so big.
The enormity
of the challenge before the SC is clear from its second para wherein J
Chandrachud writes, “In an age where information technology governs virtually
every aspect of our lives, the task before the Court is to impart constitutional
meaning to individual liberty in an interconnected world.” However, the SC took
a distant stand regarding ensuring any direct protection through judgment and
put the responsibility on the Government by saying, “Formulation of a regime
for data protection is a complex exercise which needs to be undertaken by the
State.”
After the
verdict, Union Law Minister Ravi Shankar Prasad blamed the UPA government for
the present fiasco and stated that the Modi government enacted the Aadhaar Act
to ensure data protection. However, he failed to disclose that UIDAI illegally
collected data for 7 years in both UPA and NDA regimes. In spite of different
provisions of data protection in the IT Act itself, there are different
leakages of data by various government departments and private agencies but no
penal action has been taken against such body corporate as per IT Act and
various rules. In fact, if Aadhaar is so comprehensive, then why did the Centre
form the Srikrishna Committee or why has TRAI floated its own consultation
paper for data protection? Data once gone, is gone and putting the horse in
front of the cart is not going to do any help.
In 2012, KN
Govindacharya had petitioned the Delhi High Court detailing many of the dangers
which find a mention in the mammoth 547 page SC judgement. Despite knowing
about it at least for 5 years, it was only in February 2015 that the Government
notified its Social Media Policy. After strong comments from Delhi High Court,
Maneka Gandhi’s WCD ministry tender for appointment of Social Media agency was
cancelled in 2014. Instead of following the law, usage of social media took a
leap under Modi government, and ministries have now hired professional agencies
for as much as Rs 2 crore per year to manage their PR. Even otherwise, a government
handle posts a lot of information that has its own content value which is
directly pocketed by social media companies, as per their terms of usage. Posts
on social media are public record as per the Public Records Act, 1993, and are
available under RTI to every citizen. Yet rules are being flouted as government
organizations delete tweets, negating the fundamental right to “know” available
to every citizen. The Delhi HC also took note of minors accessing the Internet
and directed for appointment of grievance officers, which is yet to be
implemented by all Internet and social media companies. In spite of the Delhi
HC order that children below 13 cannot join social media, as per reports,
children as young as three years are on social media. In the SC judgment
Justice SK Kaul has observed, “They should not be subjected to the consequences
of their childish mistakes and naivety, their entire life. Privacy of children
will require special protection not just in the context of the virtual world,
but also the real world.”
Data is the
new oil for which SC noted, “One of the chief concerns which the formulation of
a data protection regime has to take into account is that while the web is a
source of lawful activity...web can be exploited by terrorists to wreak havoc
and destruction on civilised societies.” The same carries immense security
ramifications as was made clear by Edward Snowden and his PRISM disclosures.
Public Records Act, 1993, mandates jail term up to five years for a person
taking out a public record, which includes email, out of India. The Government
in Parliament has admitted to formulating an Email Policy in 2015 and aims to
provide official email IDs to around 50 lakh central government officials but
the same is yet to fructify. Interestingly, the Government does not know how
many of its employees use private emails, and what is being communicated
through them.
The
neocolonialists have details of every imaginable type of personal data. Justice
SK Kaul in para 17 writes, ‘Uber’, the world’s largest taxi company, owns no
vehicles. ‘Facebook’, the world’s most popular media owner, creates no content.
‘Alibaba’, the most valuable retailer, has no inventory. And ‘Airbnb’, the
world’s largest accommodation provider, owns no real estate. Something interesting
is happening.” Global conglomerates have designed their corporate structures in
such a manner that they barely pay any taxes in India, despite monetising the
data worth billions. Aadhaar, and India becoming a surveillance State may be
another debate, but the real dangers come from these non-State actors who hold
no accountability. The Government has proved itself to be completely inept at
handling crucial technological-legal issues and has worked only in a piece-meal
fashion. The Srikrishna Committee on data protection has no deadline to meet,
yet Law minister Prasad is optimistic about bringing the Data Bill by December.
Even as the law is in the pipeline, the minister has appreciated data mining
which otherwise is illegal as per IT Act and Rules. It seems that right to
privacy may have little meaning in the digital world.
The author is
a Supreme Court lawyer and an expert in Constitutional affairs. Views expressed
are personal