Weak privacy policies in India
Are privacy and choice rights that Indian citizens can claim? The Supreme Court, in 2017, had upheld privacy to be a fundamental right. Yet, the domain of privacy remains besieged, and this macabre theatre of the lack of privacy and the alleged whittling down of consumer choice is unfolding, most noticeably, in the digital domain. WhatsApp, for example, announced and then deferred new service rules pertaining to data harvesting and users’ privacy. The growing concerns with the proposed changes are manifest in two institutional responses. The Delhi High Court has said that the use of the app is “voluntary” and asked citizens to exit the platform if they are worried about the new terms and conditions; the Centre, meanwhile, has asked WhatsApp to withdraw its privacy update in deference to data security. It has also asked why the platform has a lenient policy update for European countries, raising, once again, suspicions of differential treatment.
The Delhi High Court may have upheld the sanctity of the principle of choice by pointing out to citizens that they have the option to use other apps. However, certain conditions make this ‘switch’ difficult for consumers. For one, WhatsApp has a dedicated subscriber base — over 400 million people use its services in India. The popularity of this particular platform — it is famed for its user-friendliness — combined with enhanced reliance on digital communication on account of a raging pandemic implies that WhatsApp is unlikely to witness a loss in public patronage. The Centre’s concern with data privacy is welcome: but the onus of protecting the privacy or data of users cannot be put on social media companies alone. In an age where data, metaphorically speaking, is the new oil, India is yet to design a comprehensive data privacy law. Worse, there are worries about the efficacy of the personal data protection bill — it is still being debated in Parliament — with its critics raising concerns over such provisions as the exemptions given to the State to access personal data, segmentation of data into specific categories, the need for consent for age-specific users to use internet-enabled services that may lead to disenfranchisement as well as the questionable skills of India’s Data Protection Authority personnel. The Centre’s advocacy on citizens’ data privacy will ring hollow unless it takes steps to iron out these creases in India’s yet-to-be-rolled-out data protection framework.