‘Privacy is dead. Social Media holds the smoking gun’ – quoted by Pete Cashmore & ‘Privacy is not something I'm merely entitled to, but it's an absolute pre-requisite’ - quoted by Marlon Brando.
This paper aims to engage in the recent WhatsApp policy development while contrasting it to the current data protection scenario of our country, along with more significant precedence on various social media scandals, thereby discussing the present placing of the Personal Data Protection Draft Bill, 2019, with an objective to land to a suitable conclusion with respect to the ongoing privacy issues in the country.
WHAT IS THE NEW POLICY ALL ABOUT?
ISSUES OF THIS POLICY
THIRD-PARTY SERVICE PROVIDERS
Another realm of concern is the issue of providers of third-party services. Facebook is the single stakeholder with WhatsApp with respect to this new policy, which means that the Information sharing is not confined to Facebook. Instead, it can also be shared with other third-party service providers, along with the parent stakeholder, i.e., Facebook. As discussed earlier through these policies, the data which is thus surfaced is the one that is essential and is recommended to be kept personal. As per section 17 (3) and section 7(1) of the current bill underway, every citizen has the right to be informed about their data and, most crucially, be notified through their consent. These citizens are also the data principals. As per these provisions, all information, including the people to whom the data are being made accessible, should be brought into the knowledge of the data principles. Ironically, today we have the only ability with respect to these issues. This brings us to the next possible case, which showcased the differential treatment on a global basis with regards to data protection is the different policy approaches in terms of function-ability.
DIFFERENT POLICIES FOR DIFFERENT COUNTRY(?)
To counter the same, the Competition Commission of India revealed that through this policy, the information gathered would include the user's address, the type of equipment they're using, their provider of internet and broadband services, and who they're talking to, thereby putting lots of people's privacy at stake. This sparks fear of stalking or customer profiling and etc. Furthermore, it was also found that the whole ‘opt-out’ policy that was initially available was also removed. The Supreme Court rebutted this approach of the ‘take it or leave approach’ since, according to the apex authority of India, people and their privacy matters more than money or profit from a particular electronic business adventure.
IS ‘SIGNAL’ A BETTER ALTERNATIVE?
Like WhatsApp or Instagram, Signal is the new application that emerged in 2021, featuring instant texting voice and video calling just like any other social networking sites. Since the WhatsApp policy dispute and Signal's inception, the latter had witnessed total downloads of over 11 million, making it the topmost application on both Play Store and App Store. People can post end-to-end encrypted chat, message, image, audio, and videos with the help of Signal. Before you compose a message for someone, Signal asks for permission to access your contacts. Select Okay or Allow. You'll have to manually enter your contacts if you don't give Signal permission to access your contacts. The fascinating part about this application is that even if the user opts to use Signal instead of WhatsApp, all the information in the forms of clips, texts and media will be transferred to Signal with the help of the link-sharing feature, although one cannot confuse it with account transfer since it does not have such features and is not supported over Signal.
TELEGRAM – An upscale competitor(?)
CAMBRIDGE ANALYTICA SCAM
PERSONAL DATA PROTECTION BILL- Time for Data Protection Law in India & ANALYSIS
The Personal Data Protection Bill OR PDP was drafted after much debate and deliberation at the Srikrishna Committee in the year 2008, inspired by the renowned GDPR. Recent circumstances have put a scale on our shoulder and have shown us why legislation is mandatory for a country that can at any moment swing towards an arbitrary position with respect to a highly debated issue in the country. This is the time we realize why having impactful legislation will serve as the primary protection in both the real and the virtual world. While online or virtual workings have started long back, the ongoing global pandemic has instead forced us to be 24X7 virtual. It can be Virtual meetings, Virtual parties, Virtual traineeship and various other new virtual things that have been invented to cope with the new normal lifestyle pattern. It is now that we realized how strong advocacy for online privacy needs a push for proper and efficient implementation. A 'basic' privacy right does not define entitlements that must arise until the same is decided, and the absence of proper data protection makes us aware of it day by day. The mere absence of such legislation is creating a difficulty to understand our standing regarding online data privacy and data mining with respect to both us and the foreign countries. Even though one might argue that in the context of the private data online, multiple instances have been recorded wherein anyone and everyone is also claiming the protection of body corporates enshrined under the Privacy rules, even though an adjudicating structure with regards to this issue has been put down under section 43 & 46 of the Information Technology Act. Although this might be highly true, the bill definitely has some shortcomings of its own too. While few are of the opinion to bring in legislation, it is also necessary to mandate an effective one as well. Recent critics are of the view that the Personal Data Protection Bill might not be enough to fight the long battle of social media and online data privacy scandals. Many vital safeguards to protect the right to privacy are missing from the bill, thereby significantly impairing the very notion of the right to privacy. This then on results in more and more government surveillance which dilutes the whole purpose of such legislation. If kept up with this, soon right to privacy will become one of the bottom-chain of the topics to be deliberated upon. There is a strong need for the law and policymakers to endorse a vital vision clarity and move towards formulating a more tactful measure to ensure the ability of every resident of the country to exercise their privacy rights and protection along with public data, which is to be implemented to maintain creativity and innovations.
CRITICISM OF THE PDP BILL, 2019
It has been around two years now that the bill has been kept drafted. Many views that the reason for the same might be due to the criticism that it has received over a couple of years. The main issue is that a bill based on safeguarding the fundamental rights bestowed upon the Indian citizen was indirectly the one jeopardizing those fundamental rights. Since there is no proper and actual law protecting the same, it means the government also has the leeway of exercising power over the state or the country. Lacking appropriate legislation also makes way for the government to exercise absolute and unnecessary control over people's data and manipulate the same, thereby controlling personal & private data online. Whenever any emergency circumstance takes place, due to the lack of any stringent law dealing with the privacy rights of an individual in India, the government would work out a plan which even require the citizen of the country to allow access to their personal details online. This sounds very familiar to us, and that too in this very pandemic. An unmistakable resemblance can be drawn from the application known as Aarogya Setu, which initially aimed for alerting covid positive patients. Since there is no such upper hand authority in policy or hardy legislation, the government fills up the role, who can even pester for more and more personal data in certain situations. However, there is still a grey area with respect to the actual functionality of this application as well.
RECENT DEVELOPMENTS- Lawsuit & Traceability
With respect to the ongoing tussle over the hindering of personal data privacy, after a much-heated brawl, WhatsApp decided to sue the Indian government by filing a lawsuit in the Delhi High Court challenging the new additions to the IT Rules in India. Right to privacy takes us back to the leading originator of these fundamental rights, i.e., the case of K Puttaswamy v. Union of India, which advocated privacy as a fundamental right according to whom, the same was originated from article 21 of the Indian Constitution. The same case which backs the present lawsuit. If there's any hope to revitalize the picture of the right to privacy in India, it is only possible with the help of more rigorous and practical data protection legislation. According to WhatsApp, the primary purpose behind this lawsuit is to prevent the finalizing of any new regulation policy that many viewed, which might compel the Facebook-owned messaging app to break privacy protections. Second of all, the suit asks the court to analyze and direct that one of a new law incorporated under the Information Technology Act,1999 is violative of the right to privacy when it asks WhatsApp to contribute to finding the originator of a particular post. This statement can definitely contribute to a mixed reaction since the sole intention behind finding the originator was to prevent illicit and terror activities, which unfortunately takes place online on a large scale while, on the other hand, it increases the privacy concerns, which is already at stake. According to the new judicial order under section 69 of the Information Technology Act, 1999, it lays down that if the first creator of any information is housed outside of India's territory, the one based in India who is the creator of such news will be considered as the first originator in this case. However, the government is of the view that even if the encryption facility provides the assurance of data privacy, it can also be undertaken to instigate criminal activities such as hate crime, online cyber blackmailing, terrorist activities and whatnot. But WhatsApp had countered this with the fact that asking for the traceability option is the same as denying someone's right to privacy. 'Traceability' is one of the several problems that need to be sorted out to protect the people online.
Apart from the WhatsApp officials, even a few technology experts are of the say that taking down encryption feature is the stepping stone towards promoting absolute government control through online surveillance by the government officials. Practically, they are not alone in this fight for encryption, as even lawyers and other legal professionals also claim the traceability option of the government is totally unconstitutional, thereby breaching the citizen's right to privacy. What is even more shocking than this is that social media platforms such as Twitter even reported that the government is seeking to take down negative news. It is also urging for the same with respect to posts such as politics and governmental criticism. This also leaves no scope for us to even pick a side since the possibility of misuse of one's own privacy has a possibility of being handled with fraudulent governance at this juncture. Moreover, traceability is not the ideal option since message forwarding can also lead to the turning over of names which essentially means that even if the sender of the forwarded message is one person, he might not be the creator of the same as well. If this was not all, specific social media have also put up their concerns with respect to its full proof-ability. This is the main reason why WhatsApp is claiming the new IT rule, 2021 (such as the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) to be against the very notion of respecting data privacy in India. Thus, it can be hence interpreted as to why sudden stalling of "not limiting WhatsApp features" has been put forward wherein it waits for better privacy regulation to be brought in the country. Fortunately, recent communications reveal that WhatsApp has retracted back with the say that they would not limit any features as of now, but they will still be allowing regular reminder pop-ups for accepting the policy.
INDIA REQUIRES STRONGER DATA PROTECTION LAWS
ABOUT THE AUTHOR
Hritwik Barua is a third-year law student at The West Bengal National University of Juridical Sciences, Kolkata.