Till recently, critical inquiry in India focused primarily on technology and its negative impact on privacy. Public discourse has been largely enamoured with how these data gathering and processing solutions – including social media and messaging, drones, internet-of-things, and audio and video surveillance — infringe upon privacy.
The noteworthy exception in this was when Justice A.P. Shah Committee Report (2012) elaborated on how privacy principles can constructively shape technology.
Last week’s verdict in Justice Puttaswamy v. Union of India went further. Part of this transition is because of the analytic content offered towards fleshing out the privacy right in greater detail, as discussed earlier.
The verdict offers a fairly comprehensive coverage of the ways in which technology and big data models have come to rule, thus presenting them as important social and economic realities that we need to work with, rather than work against. Justice Chandrachud, in para 151, factors their pervasiveness as a strong enough reason to discard an originalist interpretation of the Constitution.
His opinion then proceeds to note (in paras 170 and 171) the electronic tracks left behind by multiple online transactions we are increasingly reliant on. Similarly, Justice Kaul observes in para 18 that we are no longer contending with new forms of data alone, but also new methods to analyse and use such data, with more effective algorithms and enhanced computational powers.
Even while recognising technological pervasiveness, the verdict adds a few important caveats, paving the path for constructive use of technology and data in appropriate situations.
Justice Chandrachud observes that data mining can be useful to ensure that the state resources are properly deployed to legitimate beneficiaries, thus becoming a valid ground for the state to insist on the collection of authentic data. So long as the gathered data is used to promote legitimate state purposes and not for extraneous reasons, privacy could well take a back-seat.
Digital platforms have been acknowledged as a vital tool to ensure good governance, and to spread innovation and knowledge, factoring in the possibility of using anonymised data to design policy interventions.
Justice Kaul’s opinion also reflects the reality that there are cases where collection and processing of big data is legitimate and proportionate, even when invasive of privacy, due to the ability of big data models to promote public interest.
Carefully parsing these observations, the picture that emerges is of two different kinds of big data uses, which find legally justifiable deployment. The first is the use of data science in public policy formulation and targeting of state benefits; and the second, the role of data in furthering private innovation, often captured by industry captains by likening data to oil.
As Justice Chandrachud observes, data can be invaluable when confronted with a public health crisis or similar exigencies. Whether carpooling arrangements lead to lesser vehicular congestion, cash subsidies are counter-productive, or caste-based reservations deliver education outcomes, are all issues which, with the right data-sets and political will, can be better addressed through policy intervention.
Further, the fulcrum of good governance rests on access to accurate information, and there’s no better way than digital media to disseminate it. Paper-based solutions, coupled with an inherently tardy structure of requesting for information rather than making it all available on real-time basis, results in limited and cumbersome access under the Right to Infomation Act.
In such cases, platforms and apps can significantly contribute towards easing informational access. From a reading of the verdict, it appears that for such big data uses, even absence of individual consent may not be critical, so long as there is a compelling state interest, and safeguards such as anonymisation of private details are in place.
It is difficult to decide whether this verdict places individual consent as a deal-breaker when it comes to private actor uses and innovation around data. The Chandrachud opinion only states that consent is central to data protection policies, which favor individual autonomy as much as privacy.
In any case, we are at a juncture where many of us willingly sign on to multiple apps without reading those elaborate privacy policies. Perhaps with this in mind, the opinion notes other principles such as transparency regarding data transfer and use, and non-discrimination, as vital in shaping a data protection regime, but leaves it to parliament to do the balancing act.
The Kaul opinion refers to the Shah committee’s report, containing recommendations to create privacy commissioners at both central and state levels, and the need for a co-regulatory enforcement regime. This should have a direct bearing on the UIDAI’s present role as both data custodian and regulator/enforcer, when the constitutional challenge to the Aadhaar Act is taken up for hearing by the five-judge bench.
When designing innovating solutions for policy making, privacy is a critical and legally unavoidable layer. This can influence both technical and governance features. The recent verdict makes this abundantly clear, leaving the nuance to lawmakers, and other benches and courts.