The Digital India vision is alluring; it embeds technology into government and will get more and more people connected to the internet. But to be successful, it needs an enabling policy, regulatory and legal ecosystem. The sobering reality is India’s complete lack of preparedness on individual privacy. The right to privacy in India is significant, and as important as freedom of expression.
Digital freedom had a big win earlier this year, with the Supreme Court striking down the draconian and unconstitutional section 66A of the IT Act, in response to a PIL that I filed in January 2013. Currently, India does not have a specific legislation on privacy and data protection. The right to privacy is only recognised by Indian courts in bits and parts, as traditionally contained in common law and criminal law.
This right to privacy debate has got a new boost and was reignited by the hearing of a PIL about UID/Aadhaar in the Supreme Court. I had filed this PIL in 2014.
In fact, only last month, there was an uproar on social media when a Bengaluru-based programmer exposed an Israel-based firm connected to a leading telecom company. The firm allegedly inserted surreptitious codes into browsers that collated the personal and browsing data of users. This incident also exposed one of the IT Act’s failings: Under Section 79 of the Act, entities such as telcos escape liability for data and privacy violations because the provision includes criteria of “knowledge” and “best efforts” before determining the quantum of penalties. This means the network service provider or an outsourcing service provider would not be liable for the breach of any third-party data he proves that the offence or contravention was committed without his knowledge, or that he had exercised all due diligence to prevent the commission of such offence or contravention.
Fundamental right The Attorney General has argued that there is no need for a fundamental right to privacy. I strongly disagree. The lack of a guarantee of privacy to a citizen is a direct challenge to the fundamental right to liberty and privacy guaranteed under Article 21. In fact in 2012, the Justice AP Shah Committee report recommended that “a privacy legislation must statutorily establish a right to privacy to all individuals in India. It further recommended that the right be applicable to all situations and must not require that a “reasonable expectation to be present for the right to be invoked”.
The Human DNA Profiling Bill 2015, pending in Parliament, also raises issues of privacy. Its proposal to constitute a national DNA databank for forensic and non-forensic purposes, could be misused if not accompanied strong privacy laws. The need is here and now — for a robust privacy law as part of a statutory legal framework with a data-protection mechanism for citizens against misuse/abuse of government and private databases. Else we are unwittingly giving government agencies or individuals and the corporate sector the power of user data — which as I am sure you will all agree, is more Orwellian and not what is expected of a maturing, liberal democracy.
As Bill Gates said, “Historically, privacy was almost implicit, because it was hard to find and gather information. But in the digital world, whether it’s digital cameras or satellites or just what you click on, we need to have more explicit rules — not just for governments but for private companies.”
(The writer is a Rajya Sabha MP and technology entrepreneur)