Privacy in the age of Aadhaar and Big Data
An incisive look into the past, present and future of our private lives
Some of the framers of the Constitution, including B.R. Ambedkar, were in favour of a guaranteed right to privacy but were voted down by the more vociferous opponents. The latter viewed such a right as an unnecessary fetter on the weak law-enforcement machinery of a newly sovereign state. This omission played a critical role in how the right to privacy came to be interpreted in Indian jurisprudence, writes Rahul Matthan in his new book, Privacy 3.0: Unlocking Our Data-Driven Future.
Among the opponents was B.N. Rau, one of the Constitution’s key architects. Rau felt that such a right would pose a challenge for the administration of justice in the country as it would put onerous demands on prosecuting officers in following the due process of law. Such a view seems to place extraordinary confidence in the fairness and ability of the Indian state, argues Matthan, who encountered similar arguments from the national security establishment while preparing a draft privacy law—one that never saw the light of day.
Matthan argues that the lack of an explicit right to privacy in the Constitution allowed ambiguity and contradictions to creep into successive Supreme Court judgements on the issue till the matter came to a head in the Aadhaar case and a nine-judge constitutional bench was summoned to iron out the contradictions. The K.S. Puttaswamy judgement, delivered in August last year, overruled earlier judgements, stating that privacy is a constitutionally protected right essential for the guarantee of life and personal liberty under Article 21 of the Constitution.
As a technology lawyer who has helped Indian companies deal with European data protection regulations and draft a privacy bill during the term of the second United Progressive Alliance government, Matthan occupies a unique perch. It allows him to provide a comprehensive overview of the different perspectives on privacy within and outside the Indian state. Matthan provides a fascinating account of how such views have evolved over millennia—and how technological changes have shaped and reshaped such views.
Each new technological leap—from the printing press to the camera—has brought with it concerns about its effect on privacy. Each time, society has found a way to balance innovation with regulations. The age of Aadhaar and Big Data will be no different, Matthan argues.
The history of privacy becomes easily accessible with Matthan’s expert guidance and lucid prose. His insider account of what transpired during the drafting of the privacy bill is an added bonus for those interested in understanding how policy paralysis takes root, and how turf wars shape national agendas. The draft bill Matthan worked on never saw the light of day but some of the elements in that draft resurfaced in the draft data protection bill submitted by the Srikrishna committee on data protection.
While his analysis of the evolution of notions of privacy from “primitive man to Puttuswamy" is a delight to read, Matthan’s recommendations on how to regulate the world of Big Data, and the reasons he proffers for making those recommendations, are less than clear.
Matthan argues, quite convincingly, that consent is often token and meaningless in the digital age, when we don’t even bother to read permissions before installing an app. But he leaves the reader, at least this one, unconvinced when he argues that the only way to tackle this problem is to focus on data collectors or controllers (think Google and Paytm), who should be policed by a new class of data auditors.
Matthan envisages a future where data collectors will be provided AAA or AA ratings depending on the results of data audits by such auditors. If you think this solution is strikingly similar to that in the world of finance, you’re not wrong. We all know how that story of AAA ratings played out in the run-up to the big crash of 2008.
Matthan’s solution is also problematic because it is too centralized, and places too much faith, ironically, on both the state and on the Big Data ecosystem. What if the focus were to shift from consent to ownership, in a broad sense of the term? As the economists Luigi Zingales and Guy Rolnik of the University of Chicago’s Booth School of Business have argued, self-ownership of social media data will drive competition and lead to economy-wide gains. It may also lead to the emergence of alternative platforms, which do not store our data at all, eliminating the need for the kind of regulation Matthan envisages. Today, we don’t even have such a choice, sacrificing data on our likes and preferences to enjoy the benefits of connecting with friends.
Zingales and Rolnik point to the example of the mobile number as a precedent. “In the mobile industry, most countries have established that a cellphone number belongs to a customer, not the mobile phone provider," they argue. “This redefinition of property rights (in jargon called ‘number portability’) makes it easier to switch carriers, fostering competition by other carriers and reducing prices for consumers."
A similar strategy for social networks will allow us to own our digital connections in cyberspace and transfer them from one network to another (say from Facebook to a new competitor, which would gain access to our data and connections), forcing competition and reducing monopoly power. This could open up many possibilities that allow us to take back control over how our data is used and processed. Consent and ownership could make a comeback in a reimagined form. Rather than the light-touch regulation which Matthan recommends, competition could be the disciplining force that the tech world needs. In ignoring these possibilities, the book ends on a rather unimaginative note. Yet, one would still recommend Matthan to anyone who cares about privacy in the modern world, and wants to understand how such a notion evolved.
(Disclosure: Rahul Matthan is a Mint columnist. Nandan Nilekani, who initiated the Aadhaar project, is a shareholder in HT Media Ltd, which publishes Mint.)