India has 401.74 million smartphone users and 601 million internet users whose days starts and ends with smartphone and internet. Technology has permeated into every aspect of the day to day life of an average Indian. As the Personal Data Protection (PDP) Bill 2019 is being reviewed by the Joint Parliamentary Committee, it appears that the full force of all the billion smartphone and internet users have not called out on the grave shortcomings of the bill that can severely compromise their privacy and protection; the discussions and debates about the bill seem to have limited to the upper echelons of the technology and legal experts. Even the “otherwise noisy” spaces of social media where anyone and everyone shares their opinion seem to have not made enough noise about the ongoing discussions of the Personal Data Protection (PDP) Bill 2019. For some reason, matters about the bill have ended up becoming matters of the experts.
Imagine this: you are in your house, sitting in your living room, reading your newspaper and having a hot cup of tea. A stranger walks in through your front door without your permission. He then walks into your office space and starts putting all your personal documents in his bag. He proceeds to your bedroom and bathroom, opens all the cupboards and shelves there, meticulously goes through every personal item of yours. Just by spending a few hours in your house and going through all your personal items, he now knows things about you, not even your alter ego knows! All the while, you are just sitting and reading your newspaper, and of course, sipping your cup of tea. He soon leaves the house with a triumphant look. And you just sit passively and see him walk away with copies of your personal documents and his notes on every aspect of your life. Shouldn’t you feel violated? Shouldn’t you feel outraged? Shouldn’t you do something to stop him from entering, looking through your things?
The elaborate world of internet and data works just the same way and we still continue to drink our cups of tea while websites, apps and social media all have our data and “strangers” walk in and walk out with any data they want, while we are oblivious to their presence. Even though the above analogy seems a tad too exaggerated and highly simplified, this is the only way to send out the SOS message on the importance of data protection. You surely will not want information about you – personal or non-personal- being preyed on by government and companies or by hackers and being passed on to different groups whom all can use/misuse your data according to their ideas of profits, loss, control, manipulation and harm.
Data and SRHR:
We all have had that local gossipmonger in our lives (or we ourselves are still one!) who takes immense delight in narrating and spreading juicy stories about other people’s lives. Having a safe and legal abortion, being a proud member of LGBTQIA+ community, being happily pregnant are all still “juicy stories” for many. Now if you are to avail any sexual and reproductive health service, you also expect that there will be a right to confidentiality for you, just like any other medical service. But what if the data you trusted the organization with, can pass through an ecosystem of data fiduciaries without your consent, and rather than the “optimal advertising” experience the data fiduciaries want you to have, you end up getting profiled, discriminated and targeted? Looks like gossip mongers of the data world did their job well!
As many of us succumb to the ease and convenience of apps that help us track our menstrual cycle, what we don’t realize is that we are giving numerous companies unprecedented access to the most intimate details of our lives: what contraception we use, how often we have sex, how our moods alter in a course of a cycle, what is the nature of our vaginal discharge, when we are ovulating, what we do for menstrual cramps, whether we plan to have babies. And on top of that, these apps demand superfluous data about our height, weight etc. All of these are goldmine data for the advertising world which can study and understand consumer behaviours through these data. It is as good as living in a fishbowl owned by these commercial enterprises where they get to see and know everything they want from you!
If you are to read that the average person’s marketing data is worth 10 cents but a pregnant woman’s data skyrockets to $1.50, will you dismiss it as rubbish? Well, Janet Vertesi, a Sociologist opined so. She went to great extremes to hide her pregnancy from the data world, to avoid being collected, being tracked and being placed into databases. She later shared her story to shed light on the overall political and social implications of data collecting bots and cookies.
In India, the UIDAI is the largest collector of personal data and many health services have made it mandatory to submit Aadhaar card to avail services. Some states have started Aadhaar card linked ID to track pregnancy of citizens. Also, there are numerous “Aadhaar related problems” that prevent women from accessing their maternity benefits. Hidden Pockets has written extensively about the conundrum of UIDAI and Sexual and Reproductive Health and Rights.
Personal Data Protection Bill 2019 to the rescue?
India is on the brink of having the first-ever law that promises data protection, privacy and digital empowerment of citizens. It aims to regulate the collection, storage and sharing of citizen’s personal data by government, companies incorporated in India and foreign companies which deal with personal data of customers in India.
As the Personal Data Protection (PDP) Bill 2019 is being analyzed by a Joint Parliamentary Committee in consultation with various groups, there is much concern that the bill, in its current form, does little to safeguard the citizen’s privacy. If this bill goes onto become a law, it can do serious damage to individual privacy.
The retired Supreme Court Judge B.N.Srikrishnan who was behind the first draft of the PDP Bill of 2018 has called out on the serious flaws in the current bill and how it is a far cry from the draft submitted by his committee in 2018.
Those with hyper national interests may justify the perceived serious flaws as the necessity to balance safety and privacy in the best interest of the nation. The risk of surveillance, validated through the exemptions in the bill, might, in fact, be welcomed by them. The fact that the Data Protection Authority of India (DPA) will not be an independent body but an extension of government may not ring alarm bells for many. The PDP bill 2019 that is supposed to safeguard the privacy and protect the data of the citizens is ironical now, as it is obvious that the bill is by the government, for the government and frighteningly of the government! And if and when you have a government which is not by the people, for the people and of the people; and this bill becomes a law, then surely it will be very dangerous for all.