AUTHOR: SHRADHA SINGH - OCTOBER 2, 2015
India is witnessing the fastest, deepest and the most significant structural change in the economy post the Industrial Revolution. Digital India is a great vision, which sits at the intersection of government reform and technology enabling transparency and efficient governance.
However, the inadequate understanding of privacy in the online world coupled with the absence of a policy on the same leads to the question on rights of the digital citizen.
Setting the tone of a discourse on the rights of the digital Indian, entrepreneur and Rajya Sabha member Rajeev Chandrasekhar representing Karnataka State and Urban Bengaluru in the Parliament argued that when privacy is taken to the digital space its definition, permissibility and illegality aspects change.
Addressing the audience at a Q & A session on data security and right to privacy organised by Youth Forum on Foreign Policy at Christ College Bangalore, Rajeev spoke on the legal aspects of data protection, privacy and issues pertaining to the choice of data distribution.
The contours of the debate included the legal responsibility of data voluntarily given and that which is involuntarily tracked. Who is responsible for the misuse of the data and what legal framework is present to protect the citizens from its misuse.
Below are some of the questions Rajeev Chandrasekhar addressed:
On the need for a legislation:
There is a need for a debate, for a legislation that effectively casts responsibility on the holder of the data, and gives reciprocal rights to the giver of the data. The big-brother Orwellian scenario of a government-corporate nexus should never develop. Referring to the disclosures by Snowden, the NSA leaks in the US where AT&T was co-operating with NSA and with Google in an unchallenged manner. Rajeev argued that if that kind of power is given to the government, it will almost certainly be misused.
In the digital world there are terabytes and gigabytes of data floating around and hence there is a need for an explicit set of rules and guidelines for people holding that kind of information.
On the lack of legislations for initiatives like Aadhaar, where no one is held accountable if data is misused?
Giving the example of the Aadhaar case in the SC to which he is also a petitioner, Rajeev said that there are two components to the issue.
One is whether to avail public services, you can take Aadhaar and make it a mandatory precondition to the services that you are entitled to avail as a citizen of India. Identity verification is a condition to avail services and the Supreme Court will agree to it. What has been challenged in court is Aadhaar having collected the data and architected in the manner it was done, places no responsibility or onus on anybody in the government to maintain the integrity, privacy and confidentiality of the data in that database. The fundamental right to privacy, whether fundamental or not cast and must cast an obligation on Aadhaar that if the data is misused, then the citizens have the right to challenge Aadhaar.
Is it possible to keep the private information of people in nobody’s hands, you keep it in a server not regulated by any human being, in a place regulated by computers only?
This is an issue of the rights of an individual. You can’t give a right to a citizen and say nobody is a counterparty to the right. Somebody has to be responsible for that right. The issue is not about a technology solution, but a legal solution. If the right is breached, the citizen must have the right to approach an adjudication platform for curing that breach. How to manage the data without human intervention is a good solution, but it’s more of a utopian idea- of not having any human intervention to a database.
Do you think it will be too utopian to incorporate such technologies in Digital India?
Minimising human intervention and human access to databases that are confidential is not a new concept. It has been done elsewhere, by private companies that manage terabytes of information, precisely because they are worried about the legal liabilities that arise out of a right to privacy that is enshrined in their local laws. The end in our case is making sure legally individuals have the right to ensure that their information is maintained privately. It is important not to get distracted by people who say that there are solutions so one don’t need rights.
On the challenge of implementing Digital India:
As things become easier for the good guys they become easier for the bad guys. For every Flipkart for every technology entrepreneur online there is an ISIS, there are propaganda, there is recruitment happening online. Therefore there is always going to be this security argument that is used to trample on, to fetter, and to dilute the fundamental rights that we are taking from the real world to the online world. The privacy debate is at its early stages, people should start talking about what they want in terms of rights. There will be a push back, an alternative narrative as well and the two will come to a compromise at some point.
On right to privacy vis-à-vis the national security and sovereignty of the nation:
Arguing that the law and order machinery has not been pressured enough to be more nuanced about its interventions online that the whole take down of the internet occurs in disturbed regions in the country. Security has to be balanced with liberty, with freedom of expression and has to coincide and ride along with individual rights.
I don’t think there will be situation where the rights of the individual will be superior to the rights of the nation. But that does not transfer the right of incompetence and not being sophisticated to the law enforcement and security agencies. There need not be a compromise on your freedom of expression and liberty and privacy in the name of national security. These two are complimentary and co-exist.
On the DNA-nuclear profiling Bill that is expected to be passed in the Winter Session of Parliament:
DNA profiling is fine for law and order, like NATGRID – will effectively improve our ability to prosecute crime effectively. But in the absence of a safe guard that the DNA information will not be misused it will be misused and that is why you can have all these laws and legislations but without the protection of a clarified Article 21 by the Supreme Court or a new legislation will not pass.
On the distinction of individual rights and rights on macro level–collective data protection:
Most of what happens in our country today is that individual right is effectively trampled upon. The right to privacy has to be absolute on the individual level it has to be safeguarded in law, whether it’s a constitutional right or a legislative right. Whether a community like a gram panchayat, or a city, or a group of people have the right to consent or waive is a debate worth having. Currently the focus is on individual rights as that’s how our Constitution is written- it’s about individual rights and liberty.
On the steps that he would take if he was the Communication and Information Technology Minister:
To make Digital India successful I would create a basket or a policy enabling framework for the Digital Indian. We must move from a mind-set of building infrastructure to building an ecosystem for the people. For too long the debate has been about how many towers, networks, as opposed to how many Indians with well-preserved rights to speak to express, without the fear or favour. The digital Indian would become my target rather than digital India.