A student-run group at NALSAR University of Law
[Ed Note : In a slightly longer read, Pranay Bhattacharya, a second year student of Maharashtra National Law University (MNLU) Aurangabad talks about the origins and development of the “Right to be Forgotten,”, using this as a background to critically analyze this right as present in India’s Draft Personal Data Protection Bill 2018.]
“Blessed are the forgetful, for they get the better even of their blunders.”
[Ed Note : The following post is based on Dr. Ramanathan’s enlightening talk at the NALSAR University of Law, Hyderabad. It has been authored by Karthik Subramaniam and Yashasvi Raj, first year students of the aforementioned university, who, in a slightly longer but informative read aptly put forth Dr. Ramanathan’s views on the Aadhar issue and its judicial journey.
Dr. Usha Ramanathan, an internationally recognized legal expert, is currently research fellow at the Centre for the Study of Developing Societies and professor at the Indian Law Institute. Since 2009, she has consistently brought forth the loopholes in the Aadhar project, exposing its shoddy functioning.]
The Data Protection Bill under Section 41 mandates any data fiduciary to store personal data of all data principals in India. It also requires companies process and store all critical personal data only in servers or data centers located in India. This requirement is colloquially known as ‘Data Localisation.’ The report justifies data localisation on several grounds such as easy enforcement, increase in compliance, reduction of foreign surveillance, among others. The following paper will discuss briefly the reasons provided by the Report, it will then critically evaluate the claims, and arguments made by the Committee. It will conclude by arguing against a requirement for data localisation.
Why did the Committee choose mandatory data localisation?
This section will be providing, at the cost of reiteration, the arguments presented by the Report. The Committee initiates its argumentation for data localisation on the ground that law enforcement agencies (LEA) require access to information for the detection of crimes as well as gathering evidence for prosecution. The presence of local copy of the personal data, according to the report, would allow for quicker and more efficient enforcement of laws in India. Presently, eight out of ten of the most accessed websites in India are based in the United States. However, none of these companies have offices in India. Acquiring data from any of these companies is a long and onerous process. The availability of the information is based on the presence of a bi-lateral or a Multi-lateral Agreement Treaty in this specific regard. The requests are passed through several agencies such as the court to the ministry of external affairs to the courts in the foreign jurisdiction before reaching the company. The according to the report is a highly bureaucratic process to access the information, if at all the requests are fulfilled.
The Report also argues that the this would reduce dependency on the fibre-optic undersea cable network this reducing the chances of being vulnerable to attacks. Holding critical information related to the nation inside the borders of the country is necessary for the healthy functioning of the country’s economy among others. The AI ecosystem that the NITI Aayog wishes to develop will receive a massive boost through this move. The growth of AI is directly linked to amount of data available within the jurisdiction, which will be necessary for the development of a local infrastructure. The creation of a digital infrastructure requires this move according to the Report.
It also argues that the chances of foreign surveillance of Indians also reduce. Post the Snowden revelations, the lack of any safeguards for the data of foreigners became clear since the United States legislations do not protect data of foreigners with companies storing their data there.
The Report argues that the cost of storing data in India may not be high, if not for large service providers but for small and medium size service providers. It argues that the costs, firstly, will be worth the spend because of the size of the Indian market and secondly, the cloud storage options available to smaller companies would increase if all data was stored in India.
Lastly, the Report argues that the fears regarding online censorship and chilling effect on free speech are entirely misplaced. It argues that there are other methods of the restricting free speech such as internet shutdowns. That for such restrictions to be possible, it has to be placed in a context of a dysfunctional data law coupled with government intention to use the same. That the images of a completely walled internet similar to China is a caricatured version presented of a post-data localisation web. That the internet in countries has always been shaped by the local context of that country.
What are the problems with mandatory data localisation?
While the arguments in relation to enforceability are well-taken, there are several problems, as this section will argue with regards to mandatory data localisation. While better enforcement of internet related offences is certainly a benefit. The overall benefits of the move however, do not justify the introduction of this move to India.
The argument that India’s dependence on fibre-optic cables will be reduced and allow it to function in times crisis does not hold good. While it is not argued that critical information regarding people’s medical data, financial data and biometrics are not shared outside. This information is necessary for the better functioning of the country especially in times of crisis. However, forcing companies to store local copies of the personal data of individuals does not serve the purpose at any level. This would not reduce the dependency on the cables, since the critical infrastructure being used to process, and compute the data will be available only at the company’s headquarters.[1] The information stored in India will be completely futile.
The AI ecosystem is unlikely to be affected by a mandatory data localisation policy, if anything it could prevent newer companies from coming and testing their products in India. The data stored in India by companies will always be owned by them. The data stored by one company is not transferable to another merely by the virtue of the fact that the data is stored in India. The AI developed by any company will while collecting data be dependent on the proprietary software and hardware of that company or by getting into agreements with other companies to transfer the information to them. The AI will only learn on the basis of the data that is provided to them according to the economic capabilities and interests of the company.[2] If the company wishes to enter the Indian market it will do so by either gathering data by itself or by buying information from the companies that have data on Indians.[3] This transaction can be completed with or without a company necessarily having to store data about Indians in India.
Smaller firms will certainly have options of choosing many cloud storage services in India. However, this will be an additional cost on them regardless. The way smaller companies find foothold in market abroad is through organic marketing wherein they initially gain visibility in a market and then start developing a user-base. The company then chooses to develop or not develop products, if necessary for that market if it seems viable to operate in those markets.[4] This is a pragmatic schema that companies would follow to ensure that their services reach the largest number of people without any additional burden on their operations.[5] As an analogy, if a car manufacturer would have to set up an office in India if even one of its cars was being sold in India. They would simply avoid selling to Indians given cost incurred and the benefits incurred.[6] This is likely to prevent any company from wanting to operate in India.
The argument made about foreign surveillance is flawed since it only looks at one side of the Snowden revelations. The revelations certainly showed that data stored in United States could be accessed at any point. However, the data stored in foreign jurisdictions was equally vulnerable according to the revelations.[7] Lastly, the fears regarding the ability of the government in being able to censor content and the chilling speech are not misplaced.[8] There may be several tools in the governmental arsenal to use and restrict discourse on the internet.[9] However, this does not justify providing more tools to the government in restricting the speech. The enforcement of laws is going to be tougher through MLAT’s is likely to be tough, however, it is a short-sighted move. Especially, given the context in which the government has consistently and unreasonable used internet shutdowns, among other means to curb free speech.[10]
The Internet as it was originally envisaged was developed was to ensure that there is a free-flow of information.[11] This formed the basis of the entire architecture of the network in its initial days.[12] Surely, the manner in which these systems have developed have changed the negotiation and manner of functioning of the internet.[13] However, the primary infrastructure of connecting multiple people remains. This structure of the internet was such to ensure that it stays efficient even scaled and it was this that allowed the internet to grow to the extent that it has today. Forcing companies to store data in India is likely to disrupt this model and prevent any viable growth of the network organically.
Companies in western countries had a head start with regards to the usage of internet because it developed in those countries. Consequently, they were also able to develop better hardware and software to secure the data stored in their servers. This data simply cannot be transferred to any other place suddenly.[14] The transfer of technology with respect to these may take years, not only in terms of legal and economic barriers. There are logistical barriers in setting-up such infrastructure in India. The economic costs itself will disincentivise companies from investing money in India. The Indian market may be large, but this is not enough for anyone to invest in developing such infrastructure in India. Companies may especially be reticent in moving to if the electrical, and technological infrastructure is not well-developed.
[1] Thomas Schultz, ‘Carving up the Internet: Jurisdiction, Legal Orders, and the Private/Public International Law Interface’ (2008) 19 Europe. J. Int’l L. 779
[2] X. Wu, X. Zhu, G. Wu and W. Ding, “Data mining with big data,” in IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 1, pp. 97-107, Jan. 2014.
[3] A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” in IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, Secondquarter 2016.
[4] Delivering Digital Infrastructure – Advancing the Internet Economy Report, April 2014, World Economic Forum.
[5] Helena Ursic; Bart Custers, Legal Barriers and Enablers to Big Data Reuse, 2 Eur. Data Prot. L. Rev. 209 (2016).
[6] Kritika Bhardwaj, Data localisation must go, it damages the global internet, https://www.hindustantimes.com/analysis/data-localisation-must-go-it-damages-the-global-internet/story-Aah1052ExFq6Ylcb9BQ4jJ.html, Hindustan Times, August 03, 2018
[7] Reema Shah, “Law Enforcement and Data Privacy – A Forward-Looking Approach” (2015) 125:2 Yale LJ 543.
[8] Hogan, Mél, and Tamara Shepherd. “Information Ownership and Materiality in an Age of Big Data Surveillance.” Journal of Information Policy 5 (2015): 6-31.
[9] T. Maurer, I. Skierka, R. Morgus and M. Hohmann, “Technological sovereignty: Missing the point?,” 2015 7th International Conference on Cyber Conflict: Architectures in Cyberspace, Tallinn, 2015, pp. 53-68.
[10] Gautam Bhatia, Free Speech Watch, https://indconlawphil.wordpress.com/free-speech-watch/, Indian Constitutional Law and Philosophy; Alexander Plaum, ‘The Impact of Forced Data Localisation on Fundamental Rights’ (Access now 4 June 2014) <https://www.accessnow.org/the-impact-of-forced-data-localisation-on-fundamental-rights/> accessed 15 Feb 2018.
[11] Monroe Price and Stefaan Verhulst, ‘The concept of self-regulation and the internet’ in J. Waltermann & M. Machill (Eds.), Protecting our children on the internet: Towards a new culture of responsibility (Bertelsmann Foundation Publishers 2000) <https://repository.upenn.edu/asc_papers/142/> accessed 15 Feb 2018.
[12] Fraser, E. (2016). Data localisation and the balkanisation of the internet. SCRIPTed: Journal of Law, Technology and Society 13(3), 359-373.
[13] Cyber-Physical Systems <https://www.nist.gov/el/cyber-physical-systems> accessed 15 Feb 2018.
[14] Erica Fraser, Data Localisation and the Balkanisation of the Internet, (2016) 13:3 SCRIPTed 359 <https://script-ed.org/article/data-localisation-and-the-balkanisation-of-the-internet/> accessed 15 Feb 2018.
The first post in the series can be found here. Keep watching this space for more posts!]
Transparency and accountability in a government and its administration is an indispensable part of a participatory democracy. Information is the oxygen for the survival of a democracy. The Right to Information Act was passed in 2005 replacing the Freedom of Information Act, 2002 so that every citizen has the right to access information controlled by public authorities. RTI is intrinsic to good governance and a necessity for democratic functioning.
The Data Protection Bill and the Data Protection Report made by the B.N. Srikrishna Committee in 2018 has proposed amendments to the Right to Information Act. It proposes a change in section 8(1)(j) of the Act. The proposed amendment is –
“information which relates to personal data which is likely to cause harm to a data principal, where such harm outweighs the public interest in accessing such information having due regard to the common good of promoting transparency and accountability in the functioning of the public authority;
Provided, disclosure of information under this clause shall be notwithstanding anything contained in the Personal Data Protection Act, 2018; Provided further, that the information, which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.”
The reason behind such change as mentioned in the report is that the current version of section 8(1)(j) does not indicate what would constitute an unwarranted invasion of privacy and that the amendment would solve this problem. The report states that – “A lot of information sought from a public authority may contain personal data of some kind or another. Further a strict interpretation of purpose limitation may give rise to the inference that any disclosure other than for the purpose for which the personal data was submitted would lead to an unwarranted invasion of privacy.” According to the report, information should not be disclosed in ‘exceptional circumstances,’ where the likelihood of harm from the disclosure outweighs the common good of transparency and accountability in functioning of public authorities. The report mentions that by the proposed amendment a more precise balance would be created between Right to Information and Right to Privacy.
However, it is submitted that the amendment are problematic for a number of reasons which are enlisted below –
If these tests are satisfied then the information has to be disclosed. It is important to understand that the degree of right to privacy available to public officials when performing public duty is lower than the right to privacy available to a private person in general circumstances.[2] Therefore, right to information has to be more important in the specific context of public officials when doing public duty than right to privacy. However, when we read the amendments proposed, they clearly elevated the right to privacy to a higher pedestal over the right to information, which runs antecedent to the decision of the Supreme Court. Therefore, the amendments are not to be implemented. Apart from the fact, that the amendment does not adhere to constitutional principles as discussed above, this in itself is very problematic which is discussed below.
This section by its virtue has enough safeguards within itself to prevent any unnecessary information to be disclosed that could infringe upon the privacy of an individual and meet the standards of privacy that have recently developed, if used properly. However, this section has been misused and has been weaponised against the very idea of having the RTI act, which was to curb corruption and create transparency. This is said because of the Supreme Court judgement in Girish Ramachandra Deshpande vs CIC[3], wherein the court ignored this proviso and precedents and laid down that assets and details of the public servant constituted as personal information. This case has had a chilling effect on several cases like R.K Jain vs Union of India[4] and Canara Bank vs CS Shyam [5] to name a few. So, the RTI Act which was capable enough to balance public officials right to information and to right to privacy got distorted due to the Girish Ramchandra Deshpande case resulting into the dilution of the RTI Act and diminishing its purpose of creation.
Firstly, the phrase “relates to personal data” makes the ambit of information that can fall within this to be extremely wide and vague. The Draft Bill does not define ‘personal data,’As a result, anything and everything can be included as relating to personal data. The consequence of this will be that every time information is sought about a public official, this section will come into application and information could be withheld from disclosure. Without any violation of privacy, information would be withheld simply because the amendment uses as broad a phrase as ‘personal data’ without defining it. This non-disclosure of the information without any infringement of privacy will result into a violation of the right to know which is enshrined in Article 19(1)(a) of the Constitution.[6]
Secondly, the standard has been set to “likely to cause” which is an extremely low standard. The mere possibility that the disclosure of information may cause harm is too low a standard to follow. It will deter PIOs from disclosing any information because there might be a remote possibility of causing harm. They would be over cautious of disclosing information and will be reluctant to disclose any information. A standard so low cannot be followed for an act like RTI which is so fundamental to bringing transparency and accountability in the functioning of the government. Using of such a low standard will deny the right to information to citizens.
Thirdly, the word “harm” is very broadly defined by the draft bill in its section 3(21). It includes ‘bodily injury’, ‘mental injury’, ‘loss of reputation’ among other things. Inz practicality, information exposing corruption activities will definitely bring a loss of reputation to the concerned person. Making this as a ground to not expose the corrupt official makes no logical sense. Also, ‘mental injury’ cannot be a ground to not expose a corrupt official. These grounds have no rational basis. It is equivalent to saying that someone who commits a crime should not be punished because it would be affect him physically and mentally and lower his reputation in the society.
Hence, the amendment proposed should not be accepted as it would completely water down the RTI Act,2005 and render it ineffective.
4) On one hand, the proposed amendment sets the threshold of “likely to cause harm to a data principal, where such harm outweighs the public interest” which must be adhered to when determining whether there should be disclosure. However, the proposed amendment also retains the proviso to the old Section 8(1)(j) of the RTI Act which says that “information, which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.” Hence, while the first part of the proposed amendment proposes to set a different threshold as compared to the previous Section 8(1)(j), the “acid test” of the proviso retained is that of 8(1)(j) itself. Hence, the proposed amendment is contradictory in itself, there being two different thresholds present in it – one threshold is borrowed from the old Section 8(1)(j) and the other new threshold introduced.
Further, the PIOs under the RTI Act are not judicially trained and practically speaking, it is extremely difficult for a ground – level PIO to understand the complex concept of privacy and the jurisprudence associated with it. Keeping this in mind, the contradictory thresholds set by the proposed amendment further complicate the already – complex process of interpretation for the PIOs. This complication will lead to unintended consequences wherein a PIO may disclose information that was intended to be denied and deny information that was intended to be disclosed. Thus, it is proposed that the different thresholds will defeat the purpose of the amendment itself and the amendment must be corrected to that extent.
In keeping with this pro – disclosure jurisprudence is the recent case of Lok Prahari v. Union of India[9], wherein the court ruled in favour of asset – disclosure of election candidates saying that, “If assets of a Legislator or his/her associates increase without bearing any relationship to their known sources of income, the only logical inference that can be drawn is that there is some abuse of the Legislator’s Constitutional Office. Something which should be fundamentally unacceptable in any civilized society and antithetical to a constitutional Government. It is a phenomenon inconsistent with the principle of the Rule of Law and a universally accepted Code of Conduct expected of the holder of a public office in a Constitutional democracy.” (emphasis added)
It is thus seen that the court has consistently upheld the disclosure of assets of not only election candidates but also their associates. Obviously, if citizens have a right to know about the assets of those who want to become public servants, the threshold of their right to get information about those who are already public servants cannot be lesser. Keeping this is mind, the proposed amendment goes against the established threshold regarding asset disclosure and thus it is proposed that it must be modified to take into account firmly established jurisprudence.
One of the exceptions listed under Article 19(2) is “defamation”. “Defamation” includes certain defenses like truth, fair comment, privilege etc.
In this light, it is important to note that the definition of “harm” as per Section 3(21) of the Draft Bill (which is also to be used in the proposed amendment to the RTI Act) includes “loss of reputation” and not “defamation”. “Loss of reputation” is much broader than “defamation” simply because the defenses that apply to defamation do not apply to it. Thus, the exception of imposed by the proposed amendment is broader than the exception set out under Article 19(2) and is, to that extent, unconstitutional.
Hence, it is proposed that for the purposes of the RTI Act under which disclosure of information can be denied only under Article 19(2), the exception of “loss of reputation” under “harm” should be changed to “defamation” in line Article 19(2).
Therefore, for all the reasons mentioned above, which are that the Bill does not harmonize the two rights, problems with the words and phrases in the amendment, internal conflicts within the amendment, the proposed amendment being on a lower standard than set by the Supreme Court in right to information and public disclosure cases, and its scope wrongfully extending beyond the restrictions mentioned under article 19(2). It is proposed that the RTI Act should not be amended and Section 8(1)(j) should remain as it is presently.
However, it is important to mention on a broader note that contrary to the general perception, the Right to Privacy and the Right to Information are complementary and not contradictory to one another and must be presented as being so in the future in keeping with the Constitution and for the good of all the people in the country.
The next post can be found here.
[1] Thalapallam Ser. Coop. Bank Ltd. v. State of Kerala, (2013) 16 SCC 82
[2] Supreme Court of India vs Subhas Chandra Agarwal, (2011) 1 SCC 496.
[3]Girish Ramachandra Deshpande vs CIC, 2012 (119) AIC 105 (SC).
[4] R.K. Jain Vs. Union of India, 2013 (10) SC 430.
[5] Canara Bank vs CS Shyam, 2007 (58) AIC Ker 667.
[6] State of UP vs Raj Narain, 1975 AIR 865.
[7] Union of India v. Association for Democratic Reforms & Another, 2002 (5) SCC 294.
[8] People’s Union for Civil Liberties and Another vs Union of India and Another ,2003 (4) SCC 9.
[9] Lok Prahari vs Union of India, AIR 2018 SC 1041.
The first post in the series can be found here. Keep watching this space for more posts in the series!]
With the Supreme Court upholding the constitutional validity of the Aadhaar Act and scheme on the 27th of September, 2018, a significant impact will be felt by the Data Protection Bill. If one looks at the larger aim of a Bill like the Data Protection Bill, it is to recognize that an individual’s data and their rights over it are of utmost importance. With the Apex Court upholding the validity of Aadhaar albeit certain caveats, a thorn is created in the larger realization of the Bill’s goal. Principally, the limitation of the role of Aadhaar by the judgment would secure rights in terms of who uses available data and the interference of private parties. However, the fact that biometric data collection is still a valid process creates doubts regarding the conflicting nature of the aims of data protection and Aadhaar.
The sheer amount of private and confidential data amassed in one singular database has given rise to concerns over data security and its privacy. Many critics have pointed out that the use of biometric data instead of smart cards is a mechanism of choosing surveillance over the use of e-governance technologies.
1. Consent, AADHAR and Data Protection
The idea of consent does not present itself when a data subject is mandatorily required to register themselves with the Aadhaar programme. The Supreme Court held that Aadhaar is essential for filing Income Tax Returns (ITR) and to obtain a new PAN Card. Accountants in Nottingham exclaimed that the recent judgment makes linking of Aadhaar to PAN also mandatory which again takes away the idea of choice in giving out information that concerns personal data. Thus while in theory the programme remains voluntary, in practice it simply is not, as most services are linked to the PAN Card, including crucially opening a bank account.
Especially with reference to the provision of subsidies and benefits, Aadhaar has become ‘the’ identification metric. Failure of Aadhaar authentication has resulted in the loss of the subsidy or the benefit. The government has refused to use in other forms of identification as an alternative for the same. Therefore, the idea of consent embodied under Section 12 of the Draft Bill is violated. Even if on a central level Aadhaar is made non-mandatory for the provision of certain services, there are many State-level provisions that are necessarily linked to solely the Aadhaar – most painfully sometimes in denying education to students.
2. The AADHAR infrastructure and purpose of limitation
Section 5 of the Data Protection Bill is the ‘purpose limitation’ clause. Section 5(1) states that ‘personal data shall be processed only for purposes that are clear, specific and unlawful’. A very obvious counter to this is presented in the form of Aadhaar. The nexus that the Government draws upon to justify Aadhaar is the linking of it to subsidy and welfare benefit schemes. While Aadhaar has become mandatory for the same, there is no limitation as to what extent the purpose can be determined until which it is legitimate for making Aadhaar mandatory. The creation of an Aadhaar number associated with an individual is itself the individual giving up on certain rights that concern their biometric data and physical markings. Even if the Aadhaar is made for the singular purpose of accruing social welfare benefits, the fact that every new scheme may seek the same makes the idea of purpose determination difficult if not impossible. The scope available to the Government for drawing out information under the guise of the Aadhaar is notably expanded.
The Aadhaar Act will have to be amended in order to ensure the autonomy of the UIDAI.
The Aadhaar project engages in a balancing exercise between the individual’s right to privacy and the state’s right to intrude upon that privacy but ultimately comes out heavily in favor of the latter. While the idea of a data protection Act appears to be based upon ensuring a fair and meaningful exercise of the right to privacy, this cannot be achieved unless the unjustifiable privacy incursions of Aadhaar are adequately dealt with. The Bill includes several exceptions to the requirement of consent for the processing of data, some of which pertain, inter alia, to the provision of welfare benefits and not merely state security exemptions (Section 42) or prosecution of offenses. This would bolster the functioning of Aadhaar to such an extent as to abrogate a (vulnerable) data subject’s expectation of privacy.
Sections 13 and 19 of the draft Bill are particularly relevant in this regard. While Section 13 allows for the processing of personal data even without consent for the exercise of “any function, for the delivery of services or benefits or issuance of certificates”, Section 19(b) in a similar vein allows for the processing of sensitive personal data (which includes biometric data) if it is “strictly necessary for… any function of the State authorized by law for the provision. The use of such broad and sweeping terms is reminiscent of the broad and sweeping ideals of any service or benefit to the data principal”. Similarly, Section 17 allows the Data Protection Authority (DPA) to process data for “reasonable purposes”, which as per the accompanying illustrative list includes such uses as credit scoring and debt recovery which could be easily taken from the Aadhaar database which, even after the judgment, intrude into multiple areas of everyday life. Hence, it is always advisable to know what must you must know before filing for bankruptcy as it can help you to overcome from being an insolvent. These are some of the things out of what should I know about bankruptcy. This merely strengthens a DPA that is already tasked with far too excessive levels of powers. By providing this increased scope for data interference and exceptions from being governed from the personal right to privacy, there is an increased scope of arbitrary action. Even in the presence of remedies to the same, there will still inevitably be a number of data privacy casualties as a product of this nearly unlimited power.
The key question to be answered in this regard is whether Aadhaar is, in practice, necessary to carry out the function of the State, and this remains extremely contentious (particularly in light of the purpose limitations laid out in Section 5 of the draft Bill). In light of the fact that notifications of breach of data are to be made only in the likelihood of ‘harm’ being caused to the data principal as under Section 32, this is even more troubling.
The draft Bill also states that personal and sensitive personal data can be processed if in accordance with an explicitly mandated Indian law, and this clearly justifies the Aadhaar in its entirety now that the court has validated its existence. Alarmingly, Section 45 does not discuss the requirement of consent when it comes to the large-scale use of data for research or archival purposes (seen to be a ‘national treasure’), which clearly gives further credence to the idea of a project premised upon mandatory collection of personal data.
These exceptions provide greater scope for surveillance, an issue the Bill remained silent on with regards to the Aadhaar.
The draft Bill appears to have strengthened the status of the UIDAI particularly in relation to matters of dispute settlement, by placing the burden upon the data fiduciary i.e. the UIDAI to approach the courts. While the Committee report recognizes the need to ensure the autonomy of the UIDAI, adjudicatory power has been proposed to be granted to the UIDAI (in addition to the power of other Adjudicatory Officers) and at the same time, the exclusivity of allowing the UIDAI to file complaints has been maintained. This only strengthens the legitimacy of privacy incursions by the UIDAI by allowing it to effectively have discretion over claims of data breaches.
The next post can be found here.
[Ed Note : The following series of posts contain comments on the Srikrishna Committee Report and the Draft Data Protection Bill, 2018 made and compiled by students from NALSAR University of Law -Ankush Rai, Ashwin Murthy, Arvind Pennathur, Namratha Murugesan, Priyamvadha Shivaji, Shweta Rao, Sriram Kashyap, Vishal Rakhecha and Tanvi Apte. The comments have been uploaded on the Ministry of Electronics and Information Technology (MeitY) website.
The present post deals with comments made in relation to four issues that arise in relation to the Report and Draft Bill – a) vagueness, b) government interference, c) the data protection authority and d) surveillance.
Since February, YouTube has been shutting down channels that talk about marijuana in any shape or form. Around the second week of May, the disappearance of several channels at once sent users into a panic. When they reached out to the company, YouTube provided arbitrary reasons for this, citing the violation of its community guidelines. However, the videos in question seem to be adhering to them, making their removal all the more questionable. Even channels such as Marijuana Televisión, a Spanish channel that focuses on medicinal use of marijuana and has no association with usage of the drug in a negative way, was struck down. Several content creators have spoken out against these arbitrary shutdowns.
A user by the name of Paul Joseph Watson uploaded a video critiquing the music video of Childish Gambino’s song, ‘This is America’, claiming that a social justice narrative that attempted to fit into the popular ‘black lives matter’ movement was propagated without paying heed to key facts that contradicted the narrative of the music video. YouTube blocked the video on the grounds that it contained ‘content that may be inappropriate or offensive’. It’s worth noting that the original music video never received a warning of any kind, and is going strong on YouTube with over 329 million views. Watson took to Twitter to announce that his video was blocked. While YouTube reinstated the video later, it raised questions on what kinds of videos YouTube censored.
In 2017, PragerU sued the company for supposedly censoring conservative videos, citing their rights to upload content under the First Amendment. However, the lawsuit went in favour of YouTube, with the judge ruling that YouTube did not operate as a ‘state actor’ that was subject to the First Amendment. The primary question that the court dealt with was whether private companies like YouTube fell under the ambit of the First Amendment. District Judge Lucy Koh cited LLyod Corp v Tanner, which held that a mall was allowed to prevent citizens from distributing handbills in its compound, as a precedent to make the decision, departing from the decision in Marsh v Alabama, in which an appellant was allowed to distribute religious texts in a privately-owned sector. It was further stated in the judgment that YouTube was not a ‘public forum’ for speech to be protected under the First Amendment.
Not classifying YouTube as a public forum is problematic, as in recent times, YouTube and other social media have been taken to be important mediums for the public to discuss and debate issues at large. This viewpoint has been echoed by the Supreme Court in the case of Packingham v North Carolina, where it observed that the relationship between the First Amendment and the Internet can no longer be considered static and that the courts could not arbitrarily ban people from using parts of the Internet. Social media sites have grown to be an integral part of people’s lives, and as such, constitute a ground for discussion on important topics. It is therefore, unreasonable to exclude them from being classified as public forums in lieu of their important stature in society in this day and age.
While it is true that companies like YouTube are privately owned companies that must protect their business interests and reputation, if the law gives them the ability to regulate content to the extent that they strike out information that is contrary to their views, they are essentially being given a free hand to establish a stringent set of rules as to what content is allowed on the site and what isn’t. One argument commonly tossed around is that if social media sites were considered to be public forums, then their own community guidelines function as violations of the First Amendment, as regulating what people say is the very antithesis of the purpose of the law. However, this argument is flawed for the sole reason that there needs to be regulation in its most basic form as to what is allowed on the site. This can include removal of hate speech, misleading or discriminatory information and other such malicious content. The removal of information should not be extended to respectful, well thought out opinions on contemporary issues.
George Washington once said, “If freedom of speech is taken away, then dumb and silent we may be led, like sheep to the slaughter.” While he may have said it within the context of the formation of a constitutional framework for America, his words ring true in contemporary times as well, as it is one of the most essential qualities of the modern age. Social media is a place where all of us can express whatever we want, and instead of unreasonable restrictions on what thoughts we can project, balanced regulation can be achieved at the most basic level. If opinions are stifled and one side of the debate is cut out, it leaves an unfinished picture, which can bring about conjecture and assumptions at the very least, and misconduct of the highest order at the worst.
Ed. Note.: This post, by Sayan Bhattacharya, is a part of the NALSAR Tech Law Forum Editorial Test 2016.
Search engines which are quintessential to our internet experience are mechanisms of indexing and crawling through data to provide us with a list of links which are most relevant to both our present and past searches. Figuratively, its functions range from directing users to seats in a movie hall to being the very seat in the movie hall.
(Image Source: owni.fr)
The Internet is an enabling space. It provides us with the realization of our basic human rights, including the right to freedom of expression, opinion, thought and belief. In this blog post, I have tried to give an overview of the recent developments with regard to the Internet rights in Africa.