Privacy is all the rage now, and it struck me just recently that privacy protection has, in fact, changed worryingly without being noticed.
Recently RBI insisted that all copies of all financial transaction data be stored inside the country, for reasons of "unfettered supervisory access". Part of the justification for this extra-draconian measure is to protect the privacy of Indians, ensuring that no foreign power can snoop into such data. Many other data directives followed, all in the name of protecting data privacy.
Today all of us are heated up about how Facebook and Google are compromising our privacy by knowing where we are and what we do. We insist on the right to be forgotten by these and other entities, convinced that they are stealing what really belongs to us. We insist that if they use information they learn about our habits, they should compensate us from their profits and not just by providing free services such as door-to-door directions and free email. So much noise about it all these days, one can hardly focus on clicking a decent selfie.
At the same time, the government seems very keen to ensure that every action of its citizens, especially financial actions, are tracked with identities. Anonymous transactions are basically forbidden, and WhatsApp is being asked to bend to the same pressures that Blackberry once submitted to. Money cannot be laundered, terrorists cannot be financed, and if that means checking everyone's everything all the time with "unfettered" supervisory access, so be it. I ordered a bicycle seat online from Spain the other day; even that required me to put KYC information. Demands like this are steadily increasing.
Here's what struck me. Generally, the key privacy concern that people have always had is with governments misusing privacy rights- traditionally called "search and seizure". When USA passed its constitutional strictures against "unreasonable search and seizure" it was explicitly government misconduct that they had in mind. When debating laws to prevent intercepting phones without a court order, it is the authorities and not Airtel that we are trying to check.
Privacy precedents in India has indeed historically been used to prevent anyone, but especially the state from snooping into an individual. Indeed, the Indian supreme court has always considered privacy as a key part of the right to "personal liberty" (Article 21 of the constitution), and the government of the day has often argued against the right. We the citizens should have freedom of personal action, not needing to explain to anyone or ask permission for conducting our lives - basically the right to tell anyone including the government of the day - "meri marzi, tere baap ko kya jaata hai?". Historically, the sarkars of the day have been unhappy at that but Indian jurisprudence has since evolved significantly more towards the individual in recent times.
This check on state power is required largely because private companies have very limited ability to misuse. Sure, they can fool you into buying the huge TV you did not need, but there are strong limits to what they can really do. Governments, on the other hand, can do (and have historically done) great harm with unfettered access to a person's information. While we worry about the 87 million people analysed by Cambridge Analytica, incumbent political parties all over the world - from Obama to Prashant Kishor - use substantial access to data to target, influence, gerrymander or distort elections involving significantly greater numbers of people.
The new Privacy Bill under consideration apparently gives citizens four key rights:
I've suddenly realised that this is the elephant in the room, with real data about things that matter - and more worryingly real power to act - and this elephant is proving to be increasingly unchecked.
Recently RBI insisted that all copies of all financial transaction data be stored inside the country, for reasons of "unfettered supervisory access". Part of the justification for this extra-draconian measure is to protect the privacy of Indians, ensuring that no foreign power can snoop into such data. Many other data directives followed, all in the name of protecting data privacy.
Today all of us are heated up about how Facebook and Google are compromising our privacy by knowing where we are and what we do. We insist on the right to be forgotten by these and other entities, convinced that they are stealing what really belongs to us. We insist that if they use information they learn about our habits, they should compensate us from their profits and not just by providing free services such as door-to-door directions and free email. So much noise about it all these days, one can hardly focus on clicking a decent selfie.
At the same time, the government seems very keen to ensure that every action of its citizens, especially financial actions, are tracked with identities. Anonymous transactions are basically forbidden, and WhatsApp is being asked to bend to the same pressures that Blackberry once submitted to. Money cannot be laundered, terrorists cannot be financed, and if that means checking everyone's everything all the time with "unfettered" supervisory access, so be it. I ordered a bicycle seat online from Spain the other day; even that required me to put KYC information. Demands like this are steadily increasing.
Here's what struck me. Generally, the key privacy concern that people have always had is with governments misusing privacy rights- traditionally called "search and seizure". When USA passed its constitutional strictures against "unreasonable search and seizure" it was explicitly government misconduct that they had in mind. When debating laws to prevent intercepting phones without a court order, it is the authorities and not Airtel that we are trying to check.
Privacy precedents in India has indeed historically been used to prevent anyone, but especially the state from snooping into an individual. Indeed, the Indian supreme court has always considered privacy as a key part of the right to "personal liberty" (Article 21 of the constitution), and the government of the day has often argued against the right. We the citizens should have freedom of personal action, not needing to explain to anyone or ask permission for conducting our lives - basically the right to tell anyone including the government of the day - "meri marzi, tere baap ko kya jaata hai?". Historically, the sarkars of the day have been unhappy at that but Indian jurisprudence has since evolved significantly more towards the individual in recent times.
This check on state power is required largely because private companies have very limited ability to misuse. Sure, they can fool you into buying the huge TV you did not need, but there are strong limits to what they can really do. Governments, on the other hand, can do (and have historically done) great harm with unfettered access to a person's information. While we worry about the 87 million people analysed by Cambridge Analytica, incumbent political parties all over the world - from Obama to Prashant Kishor - use substantial access to data to target, influence, gerrymander or distort elections involving significantly greater numbers of people.
The new Privacy Bill under consideration apparently gives citizens four key rights:
- The right to confirm whether and how their data is being used;
- The ability to correct misleading or false data;
- Data portability rights
- A "right to be forgotten," or the authority to restrict companies from using data they previously shared.
Apparently these data fiduciary responsibilities extend to the government as well. The problem is, skeptical as I am that private companies will always follow the rules, I am much more skeptical that babudom will be honest, incorruptible and by-the-book. Examples abound of the Indian state having trampled over other rights, why should those about personal information be any different. The concern is not so much that the government itself is malicious in the way that, say, Soviet Russia was; the worry is that there are enough bad actors in positions of power who, with all this data added to the power of their posts, can misuse it for personal benefit to the detriment of us normal people.
I keep hearing - why worry if I have nothing to hide? That's being unable to distinguish between privacy and secrecy. I'm sure Madhuri Dixit didn't have anything to hide under that famous choli of hers, but I don't think she would agree to walk around in public without it.
While I worry at Facebook and how much it knows about where we are or what we ate for dinner, India is quickly becoming a state that gathers unprecedented data about its citizens. More worryingly, unlike Facebook it is gathering mandatory traceable individual transaction data - not voluntary metadata meant for statistical predictions. Facebook can only guess if your daughter is pregnant; the Indian government may actually know. In all the noise about "foreign" social media grabbing and using our data, the bigger dangers are being silently forgotten. Aadhar data may be leaked to private operators in all sorts of corrupt ways, but think of the power we have given unnamed bureaucrats who can legitimately access the data.
While I worry at Facebook and how much it knows about where we are or what we ate for dinner, India is quickly becoming a state that gathers unprecedented data about its citizens. More worryingly, unlike Facebook it is gathering mandatory traceable individual transaction data - not voluntary metadata meant for statistical predictions. Facebook can only guess if your daughter is pregnant; the Indian government may actually know. In all the noise about "foreign" social media grabbing and using our data, the bigger dangers are being silently forgotten. Aadhar data may be leaked to private operators in all sorts of corrupt ways, but think of the power we have given unnamed bureaucrats who can legitimately access the data.
I've suddenly realised that this is the elephant in the room, with real data about things that matter - and more worryingly real power to act - and this elephant is proving to be increasingly unchecked.
Comments
Post a Comment