As We Outrage Over the Citizenship Act, a Contentious Data Protection Bill Was Tabled in Parliament

Technology

As We Outrage Over the Citizenship Act, a Contentious Data Protection Bill Was Tabled in Parliament

Illustration: Aishwarya Nayak

Fun fact: India is the third-most surveilled country in the world. You probably guessed that Russia and China were right up there, but you’ll be thrilled to know that we now have the bronze medal. Huzzah! Earlier this year, a technology research firm ranked India third in a dubious list of “Non-European countries with lowest privacy protection”. This, despite the Supreme Court recognising privacy as a fundamental right in 2017.

And here’s the kicker: It’s going to get worse (watch out, Russia, we’re coming for second place!).

You see, one of the many reasons for the low ranking was the lack of a Data Protection Bill. “It is yet to take effect and there isn’t a data protection authority in place, meaning privacy protections are weak at present,” said Compritech, the technology company who will no doubt get their app down-ranked by righteous internet warriors. So one might be tempted to think that the recent Personal Data Protection Bill would actually go one step in fixing that.

But there are some small differences between this bill that IT Minister Ravi Shankar introduced in Parliament on December 11, and other bills such as the European Union’s General Data Protection Regulation, often considered the gold standard of data privacy bills. One such difference is a woozy – the government can get access to citizens’ non-personal data at any time it chooses, for whatever purpose, without explanation (the official wording, as you can expect, is less direct or pithy).

At first reading, this might seem innocuous: The Bill says the government will only ask for non-personal, anonymised data that will help it to better drive policy decisions, not unlike how Uber might use aggregated data to better predict supply and demand of its vehicles. But there is reason to be sceptical, and even scared, especially if you engage in “anti-national activities” like, you know, criticising the government.

The current Bill promises the government will only access “non-personal data”, but come on, we know where this is headed down.

It’s no secret that the people in power the world over are happy to have a little more data on their citizens. The current Bill promises the government will only access “non-personal data”, but come on, we know where this is headed down. It’ll be like that one annoying colleague who says he’s not eating anything at a team dinner, says he’s taking a couple of fries from you, and before you know it, wolfs down half your pizza, downs three beers that you ordered, and leaves without picking up his tab. 

Earlier this year, the government opened tenders for a nation-wide facial recognition programme. They’ve also tried to push for Aadhaar to be linked to social media accounts (and everything else). The motivations are clear: They’d like to keep a tab on everyone. Even at its current anonymised level, the data can be quite dangerous in the hands of a government whose discriminatory instincts are becoming increasingly clear by the day. Imagine what it would be capable of when they have access to individual data. Already this year, we’ve seen an egregious attempt in this direction, by using a surveillance tool called Pegasus to spy on the private, encrypted conversations of journalists and human rights activists.

Making things worse, exactly what data is collected is vague: “critical personal data” is an “open-ended category in which the government can define from time to time”, the Indian Express reports. As we’ve seen with the GST implementation, the government’s classification of things is based largely on political motives and convenience rather than logic and citizen welfare. Just imagine if this law were in place now: Following the CAB-related brouhaha, the government could easily categorise your social media accounts as “critical personal data” under the guise of weeding out fake news. Before you know it, your woke support of minorities could land you in the slammer.

If you think I’m being pessimistic about this, consider that the government hardly has the machinery in place to enforce the basic rules of the Personal Data Protection Bill – already, the technology industry is worried about how this will dissuade IT-based start-ups. So clearly, the rush to get this bill through – bypassing a Standing Committee headed by Shashi Tharoor and doing so at a time when the entire country is subsumed by CAB – points to motivations other than trying to catch up with GDPR.

Following the CAB-related brouhaha, the government could easily categorise your social media accounts as “critical personal data” under the guise of weeding out fake news.

Now, you might consider me an alarmist if I say that this is going to turn India into a China-like surveillance state, so I won’t say it. Instead, I’ll quote the original architect of the Bill himself, Justice BN Srikrishna: “The PDP Bill can turn India into an Orwellian State”. His bill, in its original form, was meant to protect the data of the people, and before it could be debated in Parliament, the government had a look at it, helpfully adding the paragraph about allowing itself unrestricted, unquestioned access to the Bill. This way, the Bill actually took two steps backwards: We are indeed living through a time when our own changing laws pose a bigger threat to us than nasty foreign forces (if you doubt that, please look at the North-East and Kashmir). Heck, the government has probably sought inspiration from China, who also uses technology in innovative ways to harass its minority. Given Section 370 and now CAB, I shudder to think what next.

The oft-given argument for surveillance is “if you have done nothing wrong, there is no reason to worry” – and this is reflected by right-wing brainwashed keyboard maniacs in comments sections about this news. Oh, but there is plenty of reason to worry. Even if you take us “librandus” out of the equation, this will lead to a stutter in investment in India by foreign companies. India does not have the manufacturing wherewithal or the indigenous internet that China has. Given the ruling party’s propensity to rush things through to implementation without worrying about annoying things like consequences, chances are large parts of our economy will not be given the time to adjust themselves to the new data regime. Essential services could be hit – a hospital might spend more time trying to fix this (to avoid harassment from officials) than treat patients. This affects everyone, eventually, and not in a good way.

I wish it weren’t like this. There’s actually plenty to like about the idea behind the PDP – after all, the lack of one is why India had a bad privacy ranking in the first place. Reigning in tech companies’ unbridled access to our data is a progressive step and holds them accountable (just like the GDPR has in Europe). Citizens – especially those who are accessing the internet for the first time – will get educated on the value of their data and consent. If implemented properly, the bill will ensure privacy for “personal” data.

However, the moment it becomes seen as a political weapon rather than something to protect citizens with, you know we’re headed down a dark, surveilled future.

Watch out, China, we just might dethrone you in the next round of rankings.

Comments