By Sankalp Srivastava
Privacy, as an enforceable obligation for corporations and individuals, has received cognisance the world over. One need only look at their own email inbox to see how organisations have complied effectively with the EU’s General Data Protection Regulation. In contrast, the Indian government is currently coercing WhatsApp to comply with ambiguous directions, which vary from opening an office in India to curbing fake news. Facebook-owned WhatsApp has refused to comply with some of these directions, citing “potential for serious misuse”. Where does the potential arise from, one may ask? It relates to the prioritising of privacy protections provided in the form of end-to-end encryption by WhatsApp and other corporations to its users.
The data privacy minefield
In 2017, a five-judge bench of the Supreme Court unanimously held that the right to privacy is a fundamental right. Currently, the apex court is hearing a case that determines whether the Aadhaar Act violates this right. But the judiciary can only go so far in paving reform, and unless laws are enforced, they are as good as nonexistent.
The enforceability of law begins with public acceptance and awareness, and for us, the problem may well be how important we perceive privacy to be.
In March, security researcher Robert Baptiste, who used the pseudonym Elliot Alderson on Twitter, alleged that the official Narendra Modi app was collecting more information than it required from user’s devices and sending it to a third-party domain.
And in June, when yoga guru Baba Ramdev’s app went live, even app stores could not spot the lapses in security and privacy protection.
‘Ethical hackers’ on the internet have time and again shown that there are multiple ways to harm people who do not take privacy seriously. Take, for instance, the challenge posed by TRAI chief R.S. Sharma, who shared his Aadhaar number online and asked for “concrete examples” of “any harm”; his personal details soon made their way online.
Why does privacy matter?
What is clear from these instances of privacy breach is the ‘nothing-to-hide’ approach towards data protection amongst Indian citizens. But it is time people take an active interest in wanting to protect their privacy.
Privacy concerns have risen as our data is being used by corporations to form databases, often for legitimate uses, but sometimes even for illegitimate uses. After all, “if data is the new oil, then there is a gigantic oil spill all around you.”
Cybersecurity issues already place a burden on data privacy, and can range from the theft of protected personal data (passwords being compromised on popular services like Yahoo and Twitter) to electioneering scandals (Cambridge Analytica breach).
It is important for citizens to protect their data, no matter how insignificant they think it might be. And it is important to remember that merely regulating corporations does not ensure data privacy. The government must also comply with certain regulations on protecting citizens’ privacy. Even the Supreme Court stated in its right-to-privacy judgement that there must be legitimate grounds for the government to restrict an individual’s privacy.
Understanding the right to privacy
It is important that individuals take an active interest in their privacy and know what they are consenting to when signing up to use a product or service that will have access to their data. In fact, a study has shown that even illiterate people, when made aware of what they consent to, are interested in knowing more—how will their data be used, what is it worth, where is it stored and what happens to it?
There also needs to be some change in policy on data protection, and the India government has already made some headway on that front. The recently published Srikrishna Committee Report calls for a data protection law, which is now under consideration. The implementation and enforcement of the law will go a long way in making India a more data secure country and protecting the privacy of citizens and companies alike.
Besides, the government must bear in mind that if it continues to dither on taking concrete data protection measures, India will become a less safe place to do business as well.
Sankalp Srivastava is a writing analyst at Qrius.