Although the supreme court has made ‘Right to Privacy’ a fundamental right off late but there appears to be no perceptible change after it’s promulgation as life for most people continues unchanged and unaffected in any way. It is ‘business as usual’ for many as they are not aware of its meaning, intent and repercussions since they fail to understand what privileges the new right confers upon them.
In a country of 1.25 billion, only a handful can decipher its nuances. I for one, had some tough time to understand its full impact and at the same time deeply empathise with many who are less initiated and feel challenged to delineate the finer points. It’s a pity that several times a day the right is shred to pieces in full public view at large and still no one takes offence and silently bears its brunt. Privacy still remains a favourite subject matter of hot debates and discussions of an intellectual talk confined to news channels in which members of top echelons of society babble ad nauseum till it is time to pack up. The fact is that the talk around privacy has gathered enough traction only now when we are moving closer to online or digital economy.
We have been used to a lot more frequent disturbing trends in the form of violations of some kind, day in and day out. It is because most of us do not find anything uncommon or rare and therefore offensive if someone gives a pesky call selling dubious items or lures into buying fake schemes on phone calls. On the contrary we get all too excited to claim lotteries and part with our CVV number and passwords eagerly on phone. Not only that, we merrily part with our personal information like date of birth and anniversary only too gladly in expectation of a gift in return. It is damn right annoying or upsetting if later we find ourselves duped and cheated of our hard-earned money due to our own naivety or technological illiteracy. Is it not a violation of our privacy and a breach of trust? This is in fact an invasion on both, our privacy as well as our trust.
We as a society have never understood the far-reaching implications of seemingly benign rights guaranteed by our constitution and thus get beguiled at the hands of unscrupulous people. We have to realise that it is we who have to stand up to claim our right what the constitution bestows upon every citizen. There will always be people who will misuse anything and everything, including sensitive information, that they can lay their hands upon and take advantage of in order to make petty pecuniary personal gains.Take for example the Aadhaar database comprising sensitive personal information pertaining to millions of citizens. The information is not just personal but sensitive too that includes biometric details like finger prints and retina structure. These pieces of information make the aadhaar data very sensitive if breach should occur. We have heard of a few incidents of breach, where some unscrupulous persons had bartered personal data and compromised safety and security for petty sums of money. The leaked data comprises personal details but not the biometric data that apparently found its way to public domain over the internet. It seems there is a vested attempt to discredit and dethrone the entire aadhaar infrastructure by way of an agenda based leakage of data and its exhibition by the national media only to take political advantage. On the contrary, using the aadhaar verified biometric data to distribute subsidies to the entitled persons has already saved Rs 49,000 crores for the government which can be utilized for further development. Does provision of aadhaar not help governance? The incidents of breach only reinforces the fact that the government should build a robust safety and security firewall to make aadhaar database impregnable and therefore beyond the reach of unscrupulous persons. This should address the concerns around privacy breach.
The problem arises when the data collected for an intended benefit or cause is used for a different and unstated purpose. It is generally understood that a user parts with his personal information only with the knowledge of a stated purpose and not otherwise. In legal parlance this is called as ‘purpose limitation’. If this principle is adopted while framing a robust legal framework around data protection law, in my view, it would surely wipe off or considerably limit the extent of potential damage it might cause in future. Most technology companies and app owners want the user to register his personal data before installation and sign up. When you downloaded an app, did you ever think what could be the reason why it is being given for free? Though it serves a useful purpose at hand but the data so captured is shared with third parties that might make unsolicited attempts at selling their services with the result that your privacy goes for a toss. In case of any clash at the court level, the business entity might claim leniency under the garb of ‘legitimate interest’ for earning a business return to offer their service for free.
Most of the social media companies have a ‘consent’ or ‘opt-in’ default setting which means that a user automatically gives his consent to the company to use his personal details. Therefore, it becomes a matter of utmost importance as these companies handle vast amount of personal data of its subscribers and moreover there is always a fiduciary relationship between them. Agreed, that the company would collect user personal data before offering its services to people as required by KYC norms. Does this give the company the right to misuse the data so collected? The data should safely reside at the back end and should never be allowed to flow out of the company servers or to another company or individual. If the user is knowledgeable enough, he might opt out of such consent by sticking to non-discloser. Does the user have this right presently?
Another aspect of data collection, possession and storage is the risk of surveillance for the user that it might lead to. With all the user history captured at the back end, one can extrapolate using artificial intelligence all the actions as well as decisions that the users might take. Where does the user go to every day? What does he prefer? Which party or candidate he supports? Do you have any idea about how awfully sinister this might be? Ultimately, those in possession of the data should be held responsible for any breaches and unauthorized sharing and the law should come down heavily on them.