The Indian government’s Aarogya Setu app aims to slow the spread of COVID-19 by tracking and testing those who have come into contact with infected individuals. Despite concerns over personal privacy, the app incorporates privacy protections such as dissociating personal data, retaining data on the device by default, and strict data retention policies.
Post-9/11 and 26/11 attacks, security measures at US airports and Indian hotels became stringent, normalizing privacy sacrifices for safety. The COVID-19 crisis demands similar privacy compromises for health surveillance, potentially resetting our privacy expectations permanently, but we must resist normalizing this intrusion post-crisis.
The use of end-to-end encryption is essential for privacy but also poses challenges, as it can be misused for criminal activities, such as the distribution of Child Sexual Abuse Imagery (CSAI). The paper presented at the Web Conference 2019 highlights the exponential growth in CSAI, correlating it with technological advancements. The dilemma lies in finding a balance between protecting civil liberties through encryption and preventing its exploitation for criminal purposes.
The arrest of the Golden State Killer, a serial criminal, was made possible through advances in DNA technology and commercial forensic genealogy. While effective in solving crimes, the use of public genetic information raises serious privacy concerns, potentially harming innocent relatives and uncovering unwanted private information.
India’s Data Protection Authority (DPA) must adopt technology to manage the high volume of privacy violation complaints and data-breach notifications. The DPA needs experts in technology, law, and privacy to balance privacy protection with technological innovation, requiring members beyond the traditional pool of bureaucrats and retired judges.
There is a tension between data collectors and data subjects regarding ownership and value of their data. WHile traditional ownership concepts have not really succeeded when it comes to data regulation, contained within the idea of either collector-centric or subject-centric data trusts we might find an alternative approach to data governance.
Stripping away anonymity entirely from social media platforms will never ever be useful. Just because a few have taken advantage of online anonymity for nefarious purposes does not mean that everyone else should be denied the many benefits that technology platforms provide.
The effectiveness of consent in protecting privacy is diminishing in our data-rich world. A study found that companies’ privacy policies and actual data sharing practices are inconsistent, with technically sophisticated firms sharing less data. A digital consent framework, exemplified by India’s account aggregator system, could enhance privacy protection by allowing dynamic, informed consent, but it currently lacks features to fully ensure privacy, such as purpose limitation and data deletion upon consent revocation. Enhancements to this framework could restore faith in consent as a tool for privacy protection.
Given the extensive surveillance efforts by the US and UK governments, as revealed by Edward Snowden, there has been a push for data localization laws in various countries. We need to question the effectiveness of mass data collection in preventing terrorism since the growing volume of data may render such efforts futile. At the same time we need to question the approach of data localization, given the difficulty in extracting actionable intelligence from vast amounts of information.
Historically, privacy was a luxury for the wealthy, who could afford private spaces and crafted distinct social personas. As society’s economic well-being improved, privacy became a societal expectation. Today, however, the rise of data-driven businesses threatens this privacy. Since privacy is rooted in capitalist interests, its preservation now conflicts with the commercial benefits of exploiting personal data. To protect privacy, we must establish commercial disincentives that outweigh the financial benefits of exploiting personal data.
