Now that privacy is a fundamental right, Parliament must define contours of SC ruling
How do we resolve the competing imperatives of privacy and national security, privacy and scientific innovation, etc? First by converting some of these tensions from zero-sum games to optimisation problemsUpdated: Aug 25, 2017 11:40 IST
The privacy debate has been framed by some as a zero-sum game between State interest and individual interest. Sections of the private sector worry that privacy as a fundamental right will have a dampening effect on scientific research and technological innovation. But this is not the whole truth. The armed forces and intelligence agencies depend on military secrecy. Democracy is a consequence of the secret ballot. The bureaucracy cannot function without official secrets. Science cannot progress without double blind peer reviews and anonymised data sets. Innovators and creators need to protect their trade secrets, patents [before registration] and copyright [before publication]. Competing firms in a free market need to protect their competitive edge and client confidentiality. E-commerce and banking require passwords and authentication factors to be kept confidential. The free press depends on anonymous sources. The list goes on! All of this is predicated on the individual right to privacy. It is, therefore, not a refuge for scoundrels who have “something to hide” but the foundation of an open society and the free market.
How do we then address the tension between privacy and other fundamental rights like the right to free speech and derivative rights like the right to information? The RTI Act already has privacy as one of the 10 exceptions – with public interest as the exception to the exception. But a comprehensive fix would be for Parliament to enact an omnibus privacy law that does four main things: One, establishes the contours of this right including exceptions, two, articulates national privacy principles, three, establishes the officer of the privacy commissioner and four, enables a co-regulatory regime that allows bottom-up data protection standards from each industry sector to be blessed by the regulator. How do we resolve the competing imperatives of privacy and national security, privacy and scientific innovation, etc? First by converting some of these tensions from zero-sum games to optimisation problems ie. trying to maximise both privacy and the competing imperative through innovative law and technology. Second, by updating 50 odd sectoral laws and regulations that impact the individual right to privacy in various domains.
How do we prevent the incumbent Internet giants from using their large legal teams to make a mockery of our privacy and data protection laws while at the same time protect emerging firms from over-regulation? Unlike the European GDPR, which has 37 years of historical baggage starting with the OECD Guidelines from 1980, India has the advantage of starting with a tabula rasa. If our law makers are bold and innovative – we can leapfrog straight into the age of big data, machine learning and AI by reinventing principles such as consent, notice, accountability etc. Rahul Matthan from Trilegal is leading some of the most innovative thinking here. Only through such regulatory innovation can we prevent both the “administrative paralysis” that might emerge from excessive litigation or the dampening effect on innovation from inappropriate regulation.
Sunil Abraham is executive director, Centre for Internet and Society
The views expressed are personal