The Data Protection Bill, introduced in Parliament last week, says the government will only ask for non-personal, anonymised data, but come on. We know where this is headed down. Its no secret that the people in power the world over are happy to have a little more information on their citizens.
Fun fact: India is the third-most surveilled country in the world. You probably guessed that Russia and China were right up there, but youll be thrilled to know that we now have the bronze medal. Huzzah! Earlier this year, a technology research firm ranked India third in a dubious list of Non-European countries with lowest privacy protection. This, despite the Supreme Court recognising privacy as a fundamental right in 2017.
And heres the kicker: Its going to get worse (watch out, Russia, were coming for second place!).
You see, one of the many reasons for the low ranking was the lack of a Data Protection Bill. It is yet to take effect and there isnt a data protection authority in place, meaning privacy protections are weak at present, said Compritech, the technology company who will no doubt get their app down-ranked by righteous internet warriors. So one might be tempted to think that the recent Personal Data Protection Bill would actually go one step in fixing that.
But there are some small differences between this bill that IT Minister Ravi Shankar introduced in Parliament on December 11, and other bills such as the European Unions General Data Protection Regulation, often considered the gold standard of data privacy bills. One such difference is a woozy the government can get access to citizens non-personal data at any time it chooses, for whatever purpose, without explanation (the official wording, as you can expect, is less direct or pithy).
At first reading, this might seem innocuous: The Bill says the government will only ask for non-personal, anonymised data that will help it to better drive policy decisions, not unlike how Uber might use aggregated data to better predict supply and demand of its vehicles. But there is reason to be sceptical, and even scared, especially if you engage in anti-national activities like, you know, criticising the government.
The current Bill promises the government will only access non-personal data, but come on, we know where this is headed down.
Its no secret that the people in power the world over are happy to have a little more data on their citizens. The current Bill promises the government will only access non-personal data, but come on, we know where this is headed down. Itll be like that one annoying colleague who says hes not eating anything at a team dinner, says hes taking a couple of fries from you, and before you know it, wolfs down half your pizza, downs three beers that you ordered, and leaves without picking up his tab.
Earlier this year, the government opened tenders for a nation-wide facial recognition programme. Theyve also tried to push for Aadhaar to be linked to social media accounts (and everything else). The motivations are clear: Theyd like to keep a tab on everyone. Even at its current anonymised level, the data can be quite dangerous in the hands of a government whose discriminatory instincts are becoming increasingly clear by the day. Imagine what it would be capable of when they have access to individual data. Already this year, weve seen an egregious attempt in this direction, by using a surveillance tool called Pegasus to spy on the private, encrypted conversations of journalists and human rights activists.
Making things worse, exactly what data is collected is vague: critical personal data is an open-ended category in which the government can define from time to time, the Indian Express reports. As weve seen with the GST implementation, the governments classification of things is based largely on political motives and convenience rather than logic and citizen welfare. Just imagine if this law were in place now: Following the CAB-related brouhaha, the government could easily categorise your social media accounts as critical personal data under the guise of weeding out fake news. Before you know it, your woke support of minorities could land you in the slammer.
If you think Im being pessimistic about this, consider that the government hardly has the machinery in place to enforce the basic rules of the Personal Data Protection Bill already, the technology industry is worried about how this will dissuade IT-based start-ups. So clearly, the rush to get this bill through bypassing a Standing Committee headed by Shashi Tharoor and doing so at a time when the entire country is subsumed by CAB points to motivations other than trying to catch up with GDPR.
Following the CAB-related brouhaha, the government could easily categorise your social media accounts as critical personal data under the guise of weeding out fake news.
Now, you might consider me an alarmist if I say that this is going to turn India into a China-like surveillance state, so I wont say it. Instead, Ill quote the original architect of the Bill himself, Justice BN Srikrishna: The PDP Bill can turn India into an Orwellian State. His bill, in its original form, was meant to protect the data of the people, and before it could be debated in Parliament, the government had a look at it, helpfully adding the paragraph about allowing itself unrestricted, unquestioned access to the Bill. This way, the Bill actually took two steps backwards: We are indeed living through a time when our own changing laws pose a bigger threat to us than nasty foreign forces (if you doubt that, please look at the North-East and Kashmir). Heck, the government has probably sought inspiration from China, who also uses technology in innovative ways to harass its minority. Given Section 370 and now CAB, I shudder to think what next.
The oft-given argument for surveillance is if you have done nothing wrong, there is no reason to worry and this is reflected by right-wing brainwashed keyboard maniacs in comments sections about this news. Oh, but there is plenty of reason to worry. Even if you take us librandus out of the equation, this will lead to a stutter in investment in India by foreign companies. India does not have the manufacturing wherewithal or the indigenous internet that China has. Given the ruling partys propensity to rush things through to implementation without worrying about annoying things like consequences, chances are large parts of our economy will not be given the time to adjust themselves to the new data regime. Essential services could be hit a hospital might spend more time trying to fix this (to avoid harassment from officials) than treat patients. This affects everyone, eventually, and not in a good way.
I wish it werent like this. Theres actually plenty to like about the idea behind the PDP after all, the lack of one is why India had a bad privacy ranking in the first place. Reigning in tech companies unbridled access to our data is a progressive step and holds them accountable (just like the GDPR has in Europe). Citizens especially those who are accessing the internet for the first time will get educated on the value of their data and consent. If implemented properly, the bill will ensure privacy for personal data.
However, the moment it becomes seen as a political weapon rather than something to protect citizens with, you know were headed down a dark, surveilled future.
Watch out, China, we just might dethrone you in the next round of rankings.
This article was originally published on Arre