Privacy

Every evolution of communications technology from the printing press to the telegraph to telephones and eventually the internet has placed new and different stresses on personal privacy. As much as we welcome these technologies when launched, in time we realise the effect that they can have on personal privacy. The whole point of communicating is to violate your privacy in a controlled way. But if we do not have information about all the ways in which a given communication can affect your privacy you cannot really exercise effective control over it.

Identity is a prerequisite for the provision of services and efficient identity systems are necessary to scale digital public infrastructure. We can build back trust in identity systems through encryption and tokenisation of identity information by using privacy preserving technologies like zero knowledge proofs so that we can still establish eligibility for a service without exposing identity information.

Issues of privacy and competition often overlap and we need a coordinated approach between regulators. That works in the US and EU where both the privacy and the competition regulators are active. In India, where we are yet to establish a privacy regulator, the competition commission will step in and regulate privacy aspects of data businesses from a competition perspective. There is a risk that privacy will be decided from a competition perspective. We need a data protection authority asap.

The Competition Commission of India has argued that since privacy is a non-price factor of competition, the competition regulator can regulate it. Privacy is a specialised area that should not be entrusted to a regulator that brings a purely economic lens its regulation.

The Data Empowerment and Protection Architecture framework allows data companies to collect consent for data portability just before transfer, simplifying privacy policies and focusing them on data collection and use. This unbundling of consent improves user control over personal data and enhances privacy.

The European Court of Justice’s ruling on the US-EU Privacy Shield, impacts global data transfer practices. This decision, highlighting the importance of local laws in data protection, may lead to increased data localization, affecting countries like India and beyond, potentially restricting European data within Europe’s borders.

The article “The Right to Privacy” by Samuel Warren and Louis Brandeis, published in 1890, has been influential in shaping modern privacy law. This foundational work has indirectly contributed to securing protections for the LGBTQ+ community, including influencing decisions that decriminalized homosexuality in the U.S. and India. But recent scholarship suggests that Warren’s motivation for writing the article may not have been what we thought it was.

When Mario Costeja Gonzales filed a complaint against Google in Spain, it lead to the creation of the “right to be forgotten.” Technology’s perfect memory challenges traditional legal concepts like bankruptcy law, which relies on human forgetfulness. We need to worry about technology-enhanced regulation, as it could stifle innovation and flexibility in business. We may need a new right to be forgotten in the context of regulation.

Facebook’s acquisition of a 9.99% stake in Jio Platforms has led to the integration of WhatsApp with JioMart, Reliance’s grocery platform. The collaboration’s scope and implementation remain unclear, but concerns arise regarding the impact on privacy - especially in the absence of a data protection law in India.

During India’s fifth week of lockdown, measures have slowed COVID-19’s spread, despite testing and reporting concerns. A staggered lifting of restrictions is planned, balancing disease control with economic needs. Utilizing mobility data can guide reopening strategies, but privacy concerns must be addressed, especially in less dense areas.