After five years of talks with the government, tech firms and civil society activists, India sent its privacy debate back to the drawing board. The government has scrapped the Personal Data Protection Bill and decided to replace it with “a comprehensive legal framework”. ,
Back in 2017, India’s liberals were hopeful. That July, New Delhi set up a panel under retired Justice BN Srikrishna to formulate data protection norms. The very next month, the top court recognized privacy as a part of the constitutional right to life and liberty. But the optimism faded. The law, introduced in Parliament in 2019, gave the government access to personal data in the name of sovereignty and public order – a move that would “turn India into an Orwellian state,” cautioned Srikrishna.
Those fears are coming true even without privacy laws. Payment gateway, RazorPay was recently forced by the police to supply data on donors to fact-checker AltNews. Although the records were obtained legally, there was no protection against their misuse.
The background of the debate has changed. Six years ago, most people had feature phones, but by 2026, India will have 1 billion smartphone users and the consumer digital economy will grow 10 times in this decade to $800 billion. To get loans from the private sector or subsidies from the state, citizens need to part with a lot of personal data: dodgy lending apps ask for access to contact lists. The Narendra Modi government manages the world’s largest repository of biometric data and has used it to distribute $300 billion in benefits directly to voters. Rapid digitization without a robust data protection framework is leaving the public vulnerable to exploitation.
Europe’s General Data Protection Regulation is not perfect. But at least it holds natural persons to own their names, email addresses, locations, ethnicities, genders, religious beliefs, biometric markers and political opinions. Instead of following that approach, India sought to give the state the upper hand against both individuals and private sector data collectors. Big global tech firms were concerned about the bill’s insistence on storing “critical” personal data only in India for national security reasons. Localization comes in the way of efficient cross-border data storage and processing.
Still, the repeal of India’s bill will bring little cheer to Big Tech if its replacement turns out to be even more drastic. Twitter and WhatsApp have both launched legal proceedings against the government—the former against “arbitrary” instructions to block handles or remove content, and the latter against demands to make encrypted messages traceable.
For individuals, the risk is an authoritarian leaning in India’s politics. Modified framework may provide even less protection to citizens [potential] A mix of surveillance state and surveillance capitalism compared to abandoned law. According to the government, the 81 amendments sought by the joint parliamentary panel made the current bill unstable. One such demand was that any government department be exempted from secrecy rules as long as New Delhi is satisfied and state agencies follow equitable, fair, fair and proportionate procedures. It’s too carte blanche. To prove overreach, for example, in the case of AltNews donors, citizens would have to fight a costly legal battle.
Minority groups have the highest share in India. SQ Masood, an activist in Hyderabad sues Telangana state after police stopped him on the road during the COVID lockdown, asking him to remove his mask and take a picture. “Having been a Muslim and working with minority groups, which are often targeted by the police, I am concerned that my picture may be mismatched and I may be harassed,” Masood said. The enthusiasm with which officials are adopting technologies to profile individuals by pulling information scattered across databases suggests a craving for command and control.
The abandoned data protection law also wanted to allow voluntary verification of social-media users, ostensibly to check fake news. But as researchers at the Internet Freedom Foundation have pointed out, the collection of identity documents by platforms such as Facebook will leave users vulnerable to more sophisticated surveillance and commercial exploitation. Worse, what starts out as voluntary could become mandatory if platforms start denying certain services without identity checks, denying whistle-blowers and political dissidents the right to anonymity. Since this was not actually a bug in the disallowed law, expect it to be a feature of India’s upcoming privacy regime as well.
Andy Mukherjee is a Bloomberg Opinion columnist covering industrial companies and financial services in Asia.
catch all business News, market news, today’s fresh news events and breaking news Updates on Live Mint. download mint news app To get daily market updates.