Hindustan Times: New Delhi: Saturday, August 26, 2017.
The privacy
debate has been framed by some as a zero-sum game between State interest and
individual interest. Sections of the private sector worry that privacy as a
fundamental right will have a dampening effect on scientific research and
technological innovation. But this is not the whole truth. The armed forces and
intelligence agencies depend on military secrecy. Democracy is a consequence of
the secret ballot. The bureaucracy cannot function without official secrets.
Science cannot progress without double blind peer reviews and anonymised data
sets. Innovators and creators need to protect their trade secrets, patents
[before registration] and copyright [before publication]. Competing firms in a
free market need to protect their competitive edge and client confidentiality.
E-commerce and banking require passwords and authentication factors to be kept
confidential. The free press depends on anonymous sources. The list goes on!
All of this is predicated on the individual right to privacy. It is, therefore,
not a refuge for scoundrels who have “something to hide” but the foundation of
an open society and the free market.
How do we
then address the tension between privacy and other fundamental rights like the
right to free speech and derivative rights like the right to information? The
RTI Act already has privacy as one of the 10 exceptions – with public interest
as the exception to the exception. But a comprehensive fix would be for
Parliament to enact an omnibus privacy law that does four main things: One,
establishes the contours of this right including exceptions, two, articulates
national privacy principles, three, establishes the officer of the privacy
commissioner and four, enables a co-regulatory regime that allows bottom-up
data protection standards from each industry sector to be blessed by the
regulator. How do we resolve the competing imperatives of privacy and national
security, privacy and scientific innovation, etc? First by converting some of
these tensions from zero-sum games to optimisation problems ie. trying to
maximise both privacy and the competing imperative through innovative law and
technology. Second, by updating 50 odd sectoral laws and regulations that
impact the individual right to privacy in various domains.
How do we
prevent the incumbent Internet giants from using their large legal teams to
make a mockery of our privacy and data protection laws while at the same time
protect emerging firms from over-regulation? Unlike the European GDPR, which
has 37 years of historical baggage starting with the OECD Guidelines from 1980,
India has the advantage of starting with a tabula rasa. If our law makers are
bold and innovative – we can leapfrog straight into the age of big data,
machine learning and AI by reinventing principles such as consent, notice,
accountability etc. Rahul Matthan from Trilegal is leading some of the most
innovative thinking here. Only through such regulatory innovation can we
prevent both the “administrative paralysis” that might emerge from excessive
litigation or the dampening effect on innovation from inappropriate regulation.
Sunil Abraham
is executive director, Centre for Internet and Society.
.JPG)
.JPG)
