Call Us Now

+91 9606900005 / 04

For Enquiry

legacyiasacademy@gmail.com

Data Protection in India & WhatsApp’s privacy policy

Context:

Instant messaging platform WhatsApp may face legal action in India by May 25 if it does not send a satisfactory reply to a new notice sent by the Ministry of Electronics and Information Technology asking the company to withdraw its latest privacy policy update.

Relevance:

GS-III: Internal Security Challenges (Cyber Security), Science and Technology (IT & Computers)

Dimensions of the Article:

  1. About WhatsApp’s updated privacy policy
  2. Significance of Data
  3. Need for Data Protection
  4. Personal Data Protection Bill 2019
  5. Advantages of the changes
  6. Issues with the bill

About WhatsApp’s updated privacy policy

  • According to WhatsApp’s updated privacy policy, users would no longer be able to stop the app from sharing data (such as location and number) with its parent Facebook unless they delete their accounts altogether.
  • Its privacy updates are designed to make the business interactions that take place on its platform easier while also personalising ads on Facebook. That is how it will have to make its money.
  • According to the Government, the messaging app discriminates against Indian users vis-à-vis users in Europe on the matter of a choice to opt-out of the new privacy policy.
  • WhatsApp users in Europe can opt-out of the new privacy policy owing to the laws in the European Union (EU) called the General Data Protection Regulation (GDPR), which shield them from sharing data from Facebook or grant them the power to say no to WhatsApp’s new terms of service.

Significance of Data

  • Data is the large collection of information that is stored in a computer or on a network.
  • Data is collected and handled by entities called data fiduciaries.
  • While the fiduciary controls how and why data is processed, the processing itself may be by a third party, the data processor.
  • This distinction is important to delineate responsibility as data moves from entity to entity. For example, in the US, Facebook (the data controller) fell into controversy for the actions of the data processor — Cambridge Analytica.
  • The processing of this data (based on one’s online habits and preferences, but without prior knowledge of the data subject) has become an important source of profits for big corporations.
  • Apart from it, this has become a potential avenue for invasion of privacy, as it can reveal extremely personal aspects.
  • Also, it is now clear that much of the future’s economy and issues of national sovereignty will be predicated on the regulation of data.
  • The physical attributes of data — where data is stored, where it is sent, where it is turned into something useful — are called data flows. Data localisation arguments are premised on the idea that data flows determine who has access to the data, who profits off it, who taxes and who “owns” it.

Need for Data Protection

  • According to the Internet and Mobile Association of India (IAMAI)’s Digital in India report 2019, there are about 504 million active web users and India’s online market is second only to China.
  • Large collection of information about individuals and their online habits has become an important source of profits. It is also a potential avenue for invasion of privacy because it can reveal extremely personal aspects.
  • Companies, governments, and political parties find it valuable because they can use it to find the most convincing ways to advertise to you online.

Personal Data Protection Bill 2019

  • The Personal Data Protection Bill 2019 (PDP Bill 2019) is being analyzed by a Joint Parliamentary Committee (JPC) in consultation with experts and stakeholders.
  • The Bill covers mechanisms for protection of personal data and proposes the setting up of a Data Protection Authority (DPA) of India for the same.
  • Some key provisions the 2019 Bill provides for which the 2018 draft Bill did not, such as that the central government can exempt any government agency from the Bill and the Right to Be Forgotten, have been included.
  • The Bill proposes “Purpose limitation” and “Collection limitation” clause, which limit the collection of data to what is needed for “clear, specific, and lawful” purposes.
  • It also grants individuals the right to data portability and the ability to access and transfer one’s own data. It also grants individuals the right to data portability, and the ability to access and transfer one’s own data.
  • Finally, it legislates on the right to be forgotten. With historical roots in European Union law, General Data Protection Regulation (GDPR), this right allows an individual to remove consent for data collection and disclosure.
  • The Bill trifurcates data as follows:
  1. Personal data: Data from which an individual can be identified like name, address etc.
  2. Sensitive personal data (SPD): Some types of personal data like as financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, and more.
  3. Critical personal data: Anything that the government at any time can deem critical, such as military or national security data.

Advantages of the changes

  • Data localisation can help law-enforcement agencies access data for investigations and enforcement.
  • As of now, much of cross-border data transfer is governed by individual bilateral “mutual legal assistance treaties”.
  • Accessing data through this route is a cumbersome process and also instances of cyber-attacks and surveillance can be checked easily.
  • Social media is being used to spread fake news, which has resulted in lynchings, national security threats, which can now be monitored, checked and prevented in time.
  • Data localisation will also increase the ability of the Indian government to tax Internet giants.
  • A strong data protection legislation will also help to enforce data sovereignty.

Issues with the bill

  • The current draft requires the DPA to maintain a cadre of adjudicating officers and specifies their desired areas of expertise.
  • All other important details, like the terms of appointment, jurisdictional scope, and procedure for hearings, are, however, left to be decided by the central government.
  • The Bill doesn’t even specify whether the adjudication process can, or should, be preceded by mediation, which could help in the amicable settlement of many complaints.
  • Many contend that the physical location of the data is not relevant in the cyber world. Even if the data is stored in the country, the encryption keys may still be out of reach of national agencies.
  • National security or reasonable purposes are an open-ended term, this may lead to intrusion of state into the private lives of citizens.
  • Technology giants like Facebook and Google have criticised protectionist policy on data protection (data localisation).
  • Protectionist regime supress the values of a globalised, competitive internet marketplace, where costs and speeds determine information flows rather than nationalistic borders.
  • Also, it may backfire on India’s own young startups that are attempting global growth, or on larger firms that process foreign data in India.

-Source: Indian Express

Download PDF
September 2022
MTWTFSS
 1234
567891011
12131415161718
19202122232425
2627282930 
Categories