Identity is a prerequisite for the provision of services and efficient identity systems are necessary to scale digital public infrastructure. We can build back trust in identity systems through encryption and tokenisation of identity information by using privacy preserving technologies like zero knowledge proofs so that we can still establish eligibility for a service without exposing identity information.
Issues of privacy and competition often overlap and we need a coordinated approach between regulators. That works in the US and EU where both the privacy and the competition regulators are active. In India, where we are yet to establish a privacy regulator, the competition commission will step in and regulate privacy aspects of data businesses from a competition perspective. There is a risk that privacy will be decided from a competition perspective. We need a data protection authority asap.
The Competition Commission of India has argued that since privacy is a non-price factor of competition, the competition regulator can regulate it. Privacy is a specialised area that should not be entrusted to a regulator that brings a purely economic lens its regulation.
The Data Empowerment and Protection Architecture framework allows data companies to collect consent for data portability just before transfer, simplifying privacy policies and focusing them on data collection and use. This unbundling of consent improves user control over personal data and enhances privacy.
The European Court of Justice’s ruling on the US-EU Privacy Shield, impacts global data transfer practices. This decision, highlighting the importance of local laws in data protection, may lead to increased data localization, affecting countries like India and beyond, potentially restricting European data within Europe’s borders.
The article “The Right to Privacy” by Samuel Warren and Louis Brandeis, published in 1890, has been influential in shaping modern privacy law. This foundational work has indirectly contributed to securing protections for the LGBTQ+ community, including influencing decisions that decriminalized homosexuality in the U.S. and India. But recent scholarship suggests that Warren’s motivation for writing the article may not have been what we thought it was.
When Mario Costeja Gonzales filed a complaint against Google in Spain, it lead to the creation of the “right to be forgotten.” Technology’s perfect memory challenges traditional legal concepts like bankruptcy law, which relies on human forgetfulness. We need to worry about technology-enhanced regulation, as it could stifle innovation and flexibility in business. We may need a new right to be forgotten in the context of regulation.
Facebook’s acquisition of a 9.99% stake in Jio Platforms has led to the integration of WhatsApp with JioMart, Reliance’s grocery platform. The collaboration’s scope and implementation remain unclear, but concerns arise regarding the impact on privacy - especially in the absence of a data protection law in India.
During India’s fifth week of lockdown, measures have slowed COVID-19’s spread, despite testing and reporting concerns. A staggered lifting of restrictions is planned, balancing disease control with economic needs. Utilizing mobility data can guide reopening strategies, but privacy concerns must be addressed, especially in less dense areas.
The Indian government’s Aarogya Setu app aims to slow the spread of COVID-19 by tracking and testing those who have come into contact with infected individuals. Despite concerns over personal privacy, the app incorporates privacy protections such as dissociating personal data, retaining data on the device by default, and strict data retention policies.
