What is Data
Privacy?
Data privacy is suitably defined as the appropriate use of
data. When companies and merchants use data or information that is provided or
entrusted to them, the data should be used according to the agreed purposes.[1]
The necessity of maintaining strict data privacy is applicable most stringently
to collected personal information, such as medical records, financial data,
criminal records, political records, business related information or website
data, but in an age when most personal information is voluntarily shared and
accessible over broad-based social media platforms, the stringency of data
privacy has become more relevant than ever in the context of shared personal data.
Why is Data Privacy
Important?
With systematized digitisation of data, and modes of
communications and transactions transitioning online, users are obliged to
divulge personal details at every step in order to avail essential services.
All of this information gets stored in huge databanks, reservoirs of the
world’s personal data, and the user can never be sure who has or does not have
access to these reservoirs of information. The only thing standing between a
user and the unscrupulous exploitation of her/his divulged personal details is
by governments, corporations or even criminal elements, is the nebulous world
of data protection law.
As early as the 1960’s and 70’s, governments,
government-affiliated, as well as private organizations had started tapping the
resource that was the personal information of a large majority of the
population of the world. This led to alarming questions about the collection
and storage of such great quantities of personal data- Who had access to it?
Was the information stored accurate? Was it being distributed without the
knowledge of the persons involved? Could it be used for discriminating against
them, or for abusing their rights?
From these concerns, data protection laws started getting
formulated in the developed nations. Data protection laws now exist, in some
form or other, in over 100 countries worldwide. But with the growing rise in
online threats, such as hacking, ransomware, identity theft, e-commerce fraud,
cyber-stalking, cyber-bullying, to name just a few, data privacy measures have
become a priority security concern for the international community.
Data Privacy and
Social Media
While the very idea of social media may seem like anathema to
data privacy- social media relies on motivating users to voluntarily divulge
and sharing personal information and media among diffuse groups of people- it
is for this very reason that the need for data protection and privacy is
becoming the greatest concern in this field.
Recently, widespread hacking and the compromising of user accounts
across social media platforms have raised fears that the largest internet
giants, prominently social networks, may be mining user information and selling
them to third party entities to generate revenue and to promulgate targeted
advertising.
Supreme Court’s
Notice to Major Social Media Players
In Special Leave Petition 804/2017, more popularly called “the WhatsApp Case”, two students have challenged
WhatsApp’s new privacy policy after it was acquired by Facebook. They claim
that WhatsApp divulged user data to Facebook which violates the fundamental
right to privacy, as recently pronounced by the nine-judge Constitution Bench
of the apex court in the August 24 judgement in Justice K.S. Puttaswamy (Retd.)
& Anr. vs. Union of India & Ors[2]. The
five-judge bench presiding over this case issued notices to Google and Twitter,
along with the Government of India, seeking their legal opinion on data sharing
with cross-border corporate entities, which is currently not governed by any
law in force in India. Facebook and WhatsApp, in the meantime, have been
ordered to file sworn affidavits, testifying to not sharing user information
with third parties. The two matters are to be heard in conjunction and have
been listed for November 20, 2017.
The impact of the Right to Privacy judgement was keenly felt
in the proceedings of the case which took place on September 6, with Ms.
Madhavi Divan and Addl. Solicitor-General Tushar Mehta referring to the
relevant paragraphs of the landmark judgement dealing specifically with
protection of user data privacy, and the constitution of an expert committee,
headed by former Supreme Court Justice, Shri B.N. Srikrishna, to deliberate
upon the position of data protection law in India and present its
recommendations. Senior counsel K.V. Vishwanath, appearing on behalf of one of
the impleaded parties in the case, also stressed on the necessity of the apex
court to create guidelines in the interim, before dedicated legislation is
passed on the issue of data protection.
By means of this petition, petitioner Advocate-on-Record
Pallav Mongia has challenged the constitutional validity of the Information
Technology (Reasonable Security Practices And Procedures And Sensitive Personal
Data Or Information) Rules, 2011 as well as the clarification in this regard as
issued by the Ministry of Communications and Information Technology on August
24, 2011.
The situation as it stands in India at present is that
existing Indian data privacy laws do not apply to entities situated outside the
country. This is worrisome as user data collected by major social media
platforms are stored on servers and databanks located outside India, and
therefore fall outside the purview of Indian jurisdiction. Moreover, the
content, website and data generated on websites such as Facebook.com,
Twitter.com or Google.com is controlled by the principal entities, Facebook
Inc., Twitter Inc. and Google Inc., which are body corporates instituted and
existing outside the reach of Indian law.
The user is caught in a trap, in such a situation. Privacy
policies formulated by websites tend to be “take it or leave it” affairs,
leaving the user facing the dilemma of completely surrendering her/his privacy,
or not being permitted to use social media at all. Thus, while technically such
user consent does constitute “informed consent”, it is extracted without
leaving the user much room in terms of choice.
Recently, the problem of data leakage to cross-border
international entities took on the scope of a national security concern when,
in the apprehension of a possible war with China, the Ministry of Electronics
and Information Technology doubled down on its scrutiny of Chinese smartphone
manufacturers such as Oppo, Vivo, Xiaomi, Lenovo, Gionee as well as global
players such as Apple and Samsung.
Conclusion
In conclusion, given that more than 2.5 quintillion bytes of
data are consumed every day, the risk of breaches in data privacy are higher
than ever before and just as significant. It is becoming more and more
imperative that the government treat this matter with as much seriousness as
the Supreme Court has done and take active legislative steps to protect the
data privacy of its citizens.
Additional References:
[1] https://blog.eiqnetworks.com/blog/bid/313892/the-difference-between-data-privacy-and-data-security,
as accessed on September 13, 2017.
[2] WP (Civil) No. 494 of
2012.
No comments:
Post a Comment