Right To Privacy

The right of privacy is well established in international law. The core privacy principle in modern law may be found in the Universal Declaration of Human Rights. Besides this, philosophers and ethicists have described privacy as an indispensable characteristic of personal freedom.

Right To Privacy

Protecting freedom in era of technological transformation

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Not much

Mains level : Paper 2- How governments are dealing with the dominance of social media

The article discusses the issue of growing influence of social media companies and response of the governments.

Issues with the growing influence of social media companies

  • In the US the last two general elections in 2016 and 2020 have seen strong charges of political manipulation by social media companies.
  • But influence of social media companies is not limited ot elections, it envelops a range of domestic and international issues.
  • These issuesincludes: the concentration of economic power, individual rights against the state as well as the corporation, disinformation, the rise of digital geopolitics, and global digital governance.

How governments are responding

  •  Democratic forces need to consult each other and collaborate in developing new norms for managing the digital world.
  • In the US, both the left and right are demanding that digital behemoths like Amazon, Google, Facebook and Twitter are brought under greater control if not broken up.
  • Last December, the European Commission proposed new rules to promote competition and fairness in digital markets.
  • The EU is likely to approve a Digital Markets Act next year.
  • Australia has decreed that Google must work out an arrangement with Australian newspapers to pay for the use of their content.
  • The current digital giants, however, are not easily amenable to political attack.
  • They are bigger than the biggest we have known.

3 Issues with business practices of social media companies

  • Governments are now questioning the sharp business practices of the tech giants especially labour rights, taxes and politics.
  • While the tech giants have created a lot of new wealth, some of them have sharply squeezed the labour.
  • In California, trade unions are battling against the success of Uber and Lyft to turn employees into “contract workers” to deny them multiple benefits.
  • Digital giants have been aggressive tax evaders.
  • On the political front recently,Twitter and Facebook shut down President Donald Trump’s accounts.
  • European leaders raised important questions about social media’s actions against Trump.

Way forward

  • Answer to deal with social media on political front lies in laying down a clear set of obligations and responsibilities for the digital giants.
  • This move will help in building digital sovereignty.
  • The world’s democracies must get together to discuss global digital governance.

Consider the question “What are the challenges posed by the growing influence of social media companies in the democratic countries?” 

Conclusion

As governments push back against big tech, a new challenge presents itself — reining in the growing power of the state in the digital age. The answer lies in democracies modernising their laws to protect freedoms in the era of technological transformation.

Right To Privacy

What is Non-price Competition?

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Non-price competition

Mains level : Data privacy issues

Data privacy can take the form of non-price competition and abuse of dominance can lower privacy protection, a study by the Competition Commission of India (CCI) has said.

Try this PYQ:

Q.Right to Privacy is protected as an intrinsic part of Right to Life and Personal Liberty. Which of the following in the Constitution of India correctly and appropriately imply the above statements?

(a) Article 14 and the provisions under the 42nd Amendment to the Constitution

(b) Article 17 and the Directive Principles of State Policy in Part IV

(c) Article 21 and the freedoms guaranteed in Part III

(d) Article 24 and the provisions under the 44th Amendment to the Constitution

What is Non-price Competition?

  • Non-price competition is a marketing strategy “in which one firm tries to distinguish its product or service from competing products on the basis of attributes like design and workmanship”.
  • It often occurs in imperfectly competitive markets as it exists between two or more producers that sell goods and services at the same prices but compete through non-price measures.
  • Such measures include marketing schemes and greater quality or any sustainable competitive advantage other than price.

What is CCI’s observation?

  • The CCI study made observations about non-price factors such as quality of service (QoS), data speeds etc. which are likely to be the new drivers of competitive rivalry between service providers in the telecom sector.
  • CCI noted that an aspect of data in the context of competition in digital communications market is the conflict between allowing access and protecting consumer privacy.

Privacy at stake

  • Abuse of dominance can take the form of lowering the privacy protection and therefore fall within the ambit of antitrust as low privacy standard implies lack of consumer welfare.
  • Privacy can take the form of non-price competition, said the CCI.
  • On other non-price factors of competition, CCI found that consumers ranked network coverage at the top followed by customer service despite their Privacy.

Right To Privacy

New WhatsApp Privacy Policy

Note4Students

From UPSC perspective, the following things are important :

Prelims level : The principle of purpose limitation

Mains level : Paper 2- WhatsApp privacy policy update and issue of privacy

Privacy policy update by the WhatsApp recently led to widespread protest from the user forcing company to put the update on hold. If India had made Personal Protection Bill into the law, the privacy policy update would have been illegal. The article deals with this issue.

About WhatsApp

  • WhatsApp’s unique blend of text, audio, and voice messaging and calling platform.
  • In November 2014, WhatsApp adopted the Signal protocol for end-to-end encryption after its acquisition by Facebook.
  • WhatsApp has two billion users worldwide, of which 400 million are in India, the largest in any country.

What the privacy policy update is about

  • The updated policy seeks consent from users to allow the platform to share their data with Facebook and its companies,
  • It means that WhatsApp would share transaction data, mobile device information, IP addresses, and other metadata on how users interact with businesses on WhatsApp.
  • Such sharing would be done with the user being notified before the start of a chat if the business uses Facebook to store and analyze data and the user would have the option of blocking the business.
  • The update would defy the principle of purpose limitation that has been the yardstick of addressing privacy concerns at a global level.

What is the principle of purpose limitation

  • The Indian government has also sent a strong note to WhatsApp, seeking the company’s response to 14 queries.
  • This note has sent a clear message to WhatsApp to not subject Indian users to greater information security risks and vulnerabilities with the consolidation of data from WhatsApp and Facebook.
  • In the note, the government referred to the principle of purpose limitation provisions in the Personal Data Protection Bill (PDPB) currently being discussed by a joint select committee.
  • Had the bill been passed by now, WhatsApp’s move would have been illegal.
  • Provisions in the bill required that every data intermediary has to take explicit permission from the user whose data would be harvested.
  • Even the method of data classification into sensitive personal data and critical data has been defined and their processing possibilities mentioned in the bill.

Way forward

  • The government should make the Personal Data Protection Bill into law so that such restrictive practices can never be introduced in the first place.
  • It is due to such law, WhatsApp did make an exception for its users in the European Union.
  • The Competition Commission of India should take note that this is a classic case of an organization using its near-monopolistic power to push through something that is not in the consumer interest.

Consider the question “What is the principle of purpose limitation in the Personal Data Protection Bill? How it can help user protect its privacy?”

Conclusion

As Digital India expands and brings in more users from the current base of 70 crores, and more take to social media for communications and business, they must be ensured a safer digital space, given that most wouldn’t be aware of the reach of the data being generated.

Right To Privacy

WhatsApp’s contentious Privacy Policy

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Article 21

Mains level : Right to Privacy

The Government of India has asked WhatsApp to withdraw the proposed changes in its privacy policy.

Q.What are the factors responsible for the spread of misinformation on social media? Suggest the measures to tackle it.

Core of the news

  • WhatsApp has been embroiled in a controversy over its updated privacy policy.
  • The posts are pointers on the new policy.

What was the news Privacy Policy?

  • When one goes to the status tab on the app, one can see the WhatsApp icon and its four posts, along with the statuses of one’s contacts.
  • While one reads ‘We are committed to your privacy’, another reads, ‘WhatsApp can’t read or listen to your personal conversations as they’re end-to-end encrypted’.
  • Another post reads ‘WhatsApp can’t see your shared location’ and yet another reads ‘WhatsApp doesn’t share your contacts with Facebook’.
  • The messaging app reviewed its privacy policy and asked users to accept the terms and conditions by February 8. Following this, the app faced severe backlash from its users and privacy advocates.

Issues pointed by Govt.

  • said that the proposed changes raised “grave concerns” over the implications of the choice and the autonomy of Indian citizens.
  • It pointed out that the Indian users, who have not been given the option to opt-out of data-sharing with Facebook companies, were being subjected to differential treatment.
  • The issue is the impact it has on informational privacy, data security and user choice.

Data at stake

  • The government asked WhatsApp to reconsider its approach to respect the informational privacy, freedom of choice and data security of Indian citizens.
  • It said that India’s distinct identity and its people must be properly respected and any unilateral changes to WhatsApp Terms of Service and Privacy would not be fair and acceptable.

A discriminatory move

  • India formed the largest segment of WhatsApp’s user base globally and any change in policies would have a disproportionate impact on its citizens.
  • The privacy policy offered by WhatsApp to its European users specifically prohibits the use of any information shared with a Facebook company for those companies’ own purposes.
  • This Clause is not present in the privacy policy offered to Indian users.
  • This differential and discriminatory treatment of Indian and European users is attracting serious criticism and betrays a lack of respect for the rights and interest of Indian citizens.

What lies ahead?

  • India has a huge user base of WhatsApp and Facebook in India.
  • The consolidation of sensitive information exposes a very large segment of Indian citizens to greater information security risks.
  • By not providing Indian users with the ability to opt-out of this data sharing with other Facebook companies, WhatsApp is treating users with an ‘all-or-nothing’ approach.

Right To Privacy

Personal Data Protection Bill 2019

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Data Protection Authority

Mains level : Paper 2- Personal Data Protection Bill 2019 and issues with it

The Personal Data Protection Bill (2019) has several provisions which could have implications for the privacy of an individual. The article examines such provisions and highlights the need for further debate on the Bill.

Evolution of privacy as a fundamental right

  • The Supreme Court in MP Sharma v. Satish Chandra (1954) and Kharak Singh v. Uttar Pradesh (1962) had declared that while in certain circumstances the privacy of individuals was to be protected, there was no constitutional right to privacy in and of itself.
  • However, in Puttuswamy v India (2017) the Supreme Court accepted privacy as a fundamental right.
  • This was an important development.

Rising importance of data

  • The rising importance of data has pushed over 80 countries to pass national laws protecting the collection and use of their citizens’ data by companies and the government.
  • The DPB will have huge commercial and political consequences for India.
  • In India, the Personal Data Protection Bill 2019 (DPB) is currently under consideration by a parliamentary committee.
  • According to Ernst and Young, emerging technologies in India will create $1 trillion in economic value by 2025.
  • Much of this value will be founded on the creation, use, and sale of data, and the DPB will have immense implications as firms scramble to meet new privacy regulations.

Conditions for access to data and issues

  • The bill establishes a number of conditions for companies to follow.
  • For one, it would require digital firms to obtain permission from users before collecting their data.
  • It also declares that users who provide data are, in effect, the owners of their own data.
  • So that the users will be able to control the data their online selves produce, and may request firms to delete it, just as European internet-users’ “right to be forgotten”.
  • But the bill stipulates that critical or sensitive personal data, related to information such as religion, or to matters of national security, must be accessible to the government if needed to protect national interest.
  • Critics have suggested that such open-ended access could lead to misuse.
  • Even B N Srikrishna, who chaired the committee that drafted the original bill has also expressed concerns about this provision.
  • Other major concern is about Data Protection Authority (DPA).

Concerns about Data Protection Authority

  • The bill outlines the establishment of a Data Protection Authority (DPA).
  • The DPA will be charged with managing data collected by the Aadhaar programme.
  • It will be led by a chairperson and six committee members, appointed by the central government on the recommendation of a selection committee.
  • But this selection committee will be composed of senior civil servants, raising questions about the board’s independence.
  • The government’s power to appoint and remove members at its discretion also stokes fears about its ability to influence this independent agency.
  • Unlike similar institutions, such as the Reserve Bank of India or the Securities and Exchange Board, the DPA will not have an independent expert or member of the judiciary on its governing committee.

Consider the question “Discuss the various provision of Personal Data Protection Bill 2019 for the protection of individual’s privacy. What are the concerns over the various provisions of the Bill?”

Conclusion

The DPB is a unique opportunity for India, a country with some 740 million internet users, to forge a pathbreaking agenda that will act as a standard-setter in the still-developing field of national data protection legislation.

Right To Privacy

Narco Test and the Issue of Consent

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Narcoanalysis, Polygraph Test

Mains level : Not Much

Involuntary administration of narco or lie detector tests is an “intrusion” into a person’s “mental privacy,” a Supreme Court judgment of 2010 has held.

Try this question:

Q.What are the ethical issues associated with the Lie-detection tests?

Various Lie detector tests

(1) Polygraph Test

  • A polygraph test is based on the assumption that physiological responses that are triggered when a person is lying are different from what they would be otherwise.
  • Instruments like cardio-cuffs or sensitive electrodes are attached to the person, and variables such as blood pressure, pulse, respiration, change in sweat gland activity, blood flow, etc., are measured as questions are put to them.
  • A numerical value is assigned to each response to conclude whether the person is telling the truth, is deceiving, or is uncertain.

(2) Narcoanalysis

  • Narcoanalysis, by contrast, involves the injection of a drug, sodium pentothal, which induces a hypnotic or sedated state.
  • In such a state, the subject’s imagination is neutralized, and they are expected to divulge information that is true.
  • The drug, referred to as “truth serum” in this context, was used in larger doses as anaesthesia during surgery and is said to have been used during World War II for intelligence operations.

Why these tests are so (in)famous?

  • Investigating agencies seek to employ these tests in the investigation, and are sometimes seen as being a “softer alternative” to torture or “third degree” to extract the truth from suspects.
  • These tests put into consideration the international norms on human rights, the right to a fair trial, and the right against self-incrimination under Article 20(3) of the Constitution.

Legal status in India

  • In ‘Selvi & Ors vs State of Karnataka & Anr’ (2010), a Supreme Court Bench comprising CJI ruled that no lie detector tests should be administered “except on the basis of the consent of the accused”.
  • Those who volunteer must have access to a lawyer, and have the physical, emotional, and legal implications of the test explained to them by police and the lawyer, the Bench said.
  • It said that the ‘Guidelines for the Administration of Polygraph Test on an Accused’ published by the National Human Rights Commission in 2000, must be strictly followed.
  • The subject’s consent should be recorded before a judicial magistrate, the court said.

What was the latest Judgement?

  • Involuntary administration of narco or lie detector tests is an “intrusion” into a person’s “mental privacy,” a Supreme Court judgment of 2010 has held.
  • The consequences of such tests on “individuals from weaker sections of society who are unaware of their fundamental rights and unable to afford legal advice” can be devastating.
  • It may involve future abuse, harassment and surveillance, even leakage of the video material to the Press for a “trial by media.”
  • Such tests are an affront to human dignity and liberty and have long-lasting effects.
  • “An individual’s decision to make a statement is the product of a private choice and there should be no scope for any other individual to interfere with such autonomy,” the apex court had held.

Legal status of its outcome

  • The results of the tests cannot be considered to be “confessions”, because those in a drugged-induced state cannot exercise a choice in answering questions that are put to them.
  • However, any information or material subsequently discovered with the help of such a voluntarily-taken test can be admitted as evidence, the court said.
  • Thus, if an accused reveals the location of a murder weapon in the course of the test, and police later find the weapon at that location, the statement of the accused will not be evidence, but the weapon will be.

Right To Privacy

What is Non-Personal Data?

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Non-personal data

Mains level : Data privacy issues

A government committee headed by Infosys co-founder has suggested that non-personal data generated in the country be allowed to be harnessed by various domestic companies and entities.

Practice question for mains:

Q.What is Non-Personal Data? Discuss its utility and various privacy concerns associated with it.

What is non-personal data?

  • In its most basic form, non-personal data is any set of data which does not contain personally identifiable information.
  • This, in essence, means that no individual or living person can be identified by looking at such data.
  • For example, while order details collected by a food delivery service will become non-personal data if the identifiers such as name and contact information are taken out.
  • The government committee, which submitted its report, has classified non-personal data into three main categories, namely public non-personal data, community non-personal data and private non-personal data.

Types of non-personal data

Depending on the source of the data and whether it is anonymised in a way that no individual can be re-identified from the data set, the three categories have been divided:

1) Public

All the data collected by government and its agencies such as census, data collected by municipal corporations on the total tax receipts in a particular period or any information collected during execution of all publicly funded works have been kept under the umbrella of public non-personal data.

2) Community

Any data identifiers about a set of people who have the same geographic location, religion, job, or other common social interests will form the community non-personal data. For example, the metadata collected by ride-hailing apps, telecom companies, electricity distribution companies among others have been put under the community non-personal data category by the committee.

3) Private

Private non-personal data can be defined as those which are produced by individuals which can be derived from the application of proprietary software or knowledge.

How sensitive can non-personal data be?

  • Unlike personal data, which contains explicit information about a person’s name, age, gender, sexual orientation, biometrics and other genetic details, non-personal data is more likely to be in an anonymised form.
  • However, in certain categories such as data related to national security or strategic interests such as locations of government laboratories or research facilities, even if provided in anonymised form can be dangerous.
  • Similarly, even if the data is about the health of a community or a group of communities, though it may be in anonymised form, it can still be dangerous, the committee opined.
  • Possibilities of such harm are obviously much higher if the original personal data is of a sensitive nature.
  • Therefore, the non-personal data arising from such sensitive personal data may be considered as sensitive non-personal data.

What are the global standards on non-personal data?

  • In May 2019, the EU came out with a regulatory framework for the free flow of non-personal data.
  • It suggested that member states of the union would cooperate with each other when it came to data sharing.
  • Such data, the EU had then ruled would be shared by member states without any hindrances.
  • The authorities must inform the commission of any draft act which introduces a new data localisation requirement or makes changes to an existing data localisation requirement.
  • The regulation, however, had not defined what non-personal data constituted of and had simply said all data which is not personal would be under its category.

What areas does India’s non-personal data draft miss?

  • Though the non-personal data draft is a pioneer in identifying the power, role, and usage of anonymised data, there are certain aspects such as community non-personal data, where the draft could have been clearer.
  • Non-personal data often constitute protected trade secrets and often raises significant privacy concerns.
  • The paper proposes the nebulous concept of community data while failing to adequately provide for community rights.
  • Other experts also believe that the final draft of the non-personal data governance framework must clearly define the roles for all participants, such as the data principal, the data custodian, and data trustees.

Conclusion

  • Regulation must be clear, and concise to provide certainty to its market participants, and must demarcate the roles and responsibilities of participants in the regulatory framework.
  • The report is unclear on these counts and requires public consultation and more deliberation.

Right To Privacy

Aarogya Setu app is now open source

Note4Students

From UPSC perspective, the following things are important :

Prelims level : AarogyaSetu App

Mains level : Privacy concerns with AarogyaSetu App

Amid concerns over privacy of data being collected by its COVID-19 contact tracing app, the union government has open-sourced the Aarogya Setu app.

Right to Privacy is an important topic for GS. The Aarogya Setu app which has a lot more to offer is under the radar due to the underlying vacuum of Privacy Law in India. To tackle this, the government has launched a bug bounty programme (a sort of hackathon).

About  AarogyaSetu App

  • The App enables people to assess themselves the risk of their catching the Corona Virus infection.
  • It is designed to keep track of other AarogyaSetu users that a person came in contact with and alert him or her if any of the contacts tests positive for COVID-19.
  • It achieves this using the phone’s Bluetooth and GPS capabilities.
  • Once installed in a smartphone through an easy and user-friendly process, the app detects other devices with AarogyaSetu installed that come in the proximity of that phone.
  • The app can then calculate the risk of infection based on sophisticated parameters if any of these contacts have tested positive.
  • The personal data collected by the App is encrypted using state-of-the-art technology and stays secure on the phone until it is needed for facilitating medical intervention.

Issues with the app

  • The AarogyaSetu app faces the same issue as every other contact tracing technology that has come up during the pandemic period — it is people dependent.
  • It needs widespread usage and self-reporting to be effective.
  • Given that any number of total users will be a subset of smartphone owners in India, and there are bound to be variations in the levels of self-reporting, the efficacy is not bulletproof.
  • The terms of use of the app also say as much, distancing the government from any failure on the part of the app incorrectly identifying COVID-19 patients.

1) Privacy concerns

  • First of all, the app exists in the privacy law vacuum that is India.
  • With no legislation that spells out in detail how the online privacy of Indians is to be protected, AarogyaSetu users have little choice but to accept the privacy policy provided by the government.
  • The policy goes into some detail on where and how long the data will be retained, but it leaves the language around who will have access to it vague.
  • As per the policy persons carrying out medical and administrative interventions necessary in relation to COVID-19” will have access to the data.
  • This suggests interdepartmental exchanges of people’s personal information and is more excessive than countries like Singapore and even Israel.

2) Technical issue

  • Beyond the legal loopholes, there are technical loopholes as well.
  • The unique digital identity in AarogyaSetu is a static number, which increases the probability of identity breaches.
  • The abundance of data collected is also potentially problematic.
  • AarogyaSetu uses both Bluetooth as well as GPS reference points, which could be seen as overkill whereas other apps such as TraceTogether make do with Bluetooth.

3) Other issues

  • Experts emphasise that automated contact tracing is not a panacea.
  • They caution against an over-reliance on technology where a competent human-in-the-loop system with sufficient capacity exists.

Back2Basics: What is Open Source?

  • The term open source refers to something people can modify and share because its design is publicly accessible.
  • The term originated in the context of software development to designate a specific approach to creating computer programs.
  • Today, however, “open source” designates a broader set of values—what we call “the open source way.”
  • Open source projects, products, or initiatives embrace and celebrate principles of open exchange, collaborative participation, rapid prototyping, transparency, meritocracy, and community-oriented development.

The source code

  • “Source code” is the part of the software that most computer users don’t ever see; it’s the code computer programmers can manipulate to change how a piece of software—a “program” or “application”—works.
  • Programmers who have access to a computer program’s source code can improve that program by adding features to it or fixing parts that don’t always work correctly.

What is Open Source Software?

  • At the simplest level, open-source programming is merely writing code that other people can freely use and modify.
  • Open source is a term that originally referred to open source software (OSS).
  • OSS is a code that is designed to be publicly accessible—anyone can see, modify, and distribute the code as they see fit.
  • An open-source development model is a process used by an open-source community project to develop open-source software.
  • The software is then released under an open-source license, so anyone can view or modify the source code.

Right To Privacy

What are the concerns around the AarogyaSetu app?

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Aarogya Setu App

Mains level : Privacy issues with the app

  • Recently the AarogyaSetu app — for pan-India use was launched as the main contact tracing technology endorsed by the Central government.
  • Soon it became one of the most downloaded apps globally and has crossed the 75 million mark.
  • However, there are concerns for more transparency on the inner workings of an app that seeks the personal details of millions.

RIght to Privacy is a very much contested topic for GS. The Aarogya Setu app which has a lot more to offer, is under the radar due to underlying vacuum of Privacy Law in India.

AarogyaSetu App

  • The App enables people to assess themselves the risk of their catching the Corona Virus infection.
  • It is designed to keep track of other AarogyaSetu users that a person came in contact with and alert him or her if any of the contacts tests positive for COVID-19.
  • It achieves this using the phone’s Bluetooth and GPS capabilities.
  • Once installed in a smartphone through an easy and user-friendly process, the app detects other devices with AarogyaSetu installed that come in the proximity of that phone.
  • The app can then calculate the risk of infection based on sophisticated parameters if any of these contacts has tested positive.
  • The personal data collected by the App is encrypted using state-of-the-art technology and stays secure on the phone till it is needed for facilitating medical intervention.

Issues with the app

  • The AarogyaSetu app faces the same issue as every other contact tracing technology that has come up during the pandemic period — it is people dependent.
  • It needs widespread usage and self-reporting to be effective.
  • Given that any number of total users will be a subset of smartphone owners in India, and there are bound to be variations in the levels of self-reporting, the efficacy is not bulletproof.
  • The terms of use of the app also say as much, distancing the government from any failure on the part of the app in correctly identifying COVID-19 patients.

Are there privacy concerns?

  • First of all, the app exists in the privacy law vacuum that is India.
  • With no legislation that spells out in detail how the online privacy of Indians is to be protected, AarogyaSetu users have little choice but to accept the privacy policy provided by the government.
  • The policy goes into some detail on where and how long the data will be retained, but it leaves the language around who will have access to it vague.
  • As per the policy persons carrying out medical and administrative interventions necessary in relation to COVID-19” will have access to the data.
  • This suggests interdepartmental exchanges of people’s personal information and is more excessive than countries like Singapore and even Israel.

Technical issue

  • Beyond the legal loopholes, there are technical loopholes as well.
  • The unique digital identity in AarogyaSetu is a static number, which increases the probability of identity breaches.
  • The abundance of data collected is also potentially problematic.
  • AarogyaSetu uses both Bluetooth as well as GPS reference points, which could be seen as overkill whereas other apps such as TraceTogether make do with Bluetooth.

Other issues

  • Experts emphasise that automated contact tracing is not a panacea.
  • They caution against an over-reliance on technology where a competent human-in-the-loop system with sufficient capacity exists.

Right To Privacy

Breach of trust

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Not much.

Mains level : Paper 2- Breach of privacy in sharing of call record data of citizens.

Context

In bypassing established protocol to seek call details of citizens en masse, the government violates SC guidelines.

What is the issue?

  • Departure from stringent protocol: The Cellular Operators Association of India has reported mass requests from the government for mobile call detail records (CDRs).
    • Which is a serious departure from the stringent protocol established by the UPA government following an uproar in 2013 after prominent politicians were found to be under unauthorised surveillance.
  • Records of all customers: Records have been sought for all consumers on certain dates in parts of Delhi, Andhra Pradesh, Haryana, Himachal Pradesh, Jammu & Kashmir, Kerala, Odisha, Madhya Pradesh and Punjab.
    • In the case of Delhi, records were sought for the last three days of campaigning before assembly elections, while the anti-CAA protests were at their peak.
  • How the data was requested? Requests were delivered by local offices of the Department of Telecommunications, taking advantage of a condition in licences granted to operators, which permits the DoT to inspect their CDRs, which go back one year.

Breach of many requirements and norms

  • A serious breach of privacy: These requests depart from established protocol and international expectations on multiple counts, and amount to a serious breach of privacy.
  • What is the protocol for requesting CDR information? A CDR request is supposed to be sanctioned by the home secretary and handled by a police officer of the rank of SP or above,
    • But in this case DoT offices were used.
  • The requirement of informing magistrate was not fulfilled: The requirement to report CDR requests on a monthly basis to the district magistrate was not complied with.
  • No reason was offered: Most importantly, no reason was offered for snooping on the traffic of citizens.
  • Surveillance must be specific and purposive: It is generally understood that communications surveillance must be specific and purposive, and must not trespass on the privacy of the innocent.
  • Invasion of privacy of all citizens: Indiscriminate mass surveillance of communications invades the privacy of all citizens to the detriment of public trust. In this case, it was for purposes which are not verifiably honourable, since the government has chosen not to reveal them.

Why the CDR data matters if it is metadata only?

  • Combining CDR with other data gives more information: CDRs are all metadata and no content. They do not reveal any words uttered or messaged.
    • But combining the metadata with phone location data reveals a lot about connections between specific people and the actions that they take.
  • Multi-dimensional map of human activity: If data is available at scale, as was the case here, it is possible to build a multi-dimensional map of human activity, and correlate it with real events.
  • This would disturb the balance of information power between the citizen and the state, and amount to a breach of privacy.

Conclusion

If the government needs CDR data for a legitimate purpose, it should have no objection to following the rule-book scrupulously. And if there is a reason for sidestepping protocol in a sensitive matter, it should explain why.

Right To Privacy

The issues around data localisation

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Not much.

Mains level : Paper 2- Data localisation and issues involved.

Context

The contentious clauses on local data storage in the revised Personal Data Protection Bill need re-examination.

What Personal Data Protection Bill contains?

  • Greater control to an individual: The draft law is a comprehensive piece of legislation that seeks to give individuals greater control over how their personal data is collected, stored and used.
  • The promise of improvement over the current privacy law: Once passed, the law promises a huge improvement on current Indian privacy law, which is both inadequate and improperly enforced.
  • Criticism of the bill: The proposed bill has attracted criticism on various grounds such as-
    • The exceptions created for the state.
    • The limited checks imposed on state surveillance, and-
    • Regarding various deficiencies in the structures and processes of the proposed Data Protection Authority.

The issue over the “data localisation”

  • Data within the country: The phrase, which can refer to any restrictions on cross-border transfer of data, has largely come to refer to the need to physically locate data within the country.
  • Provisions for the transfer of personal data outside India: The PDP Bill enables the transfer of personal data outside India, with the sub-category of sensitive personal data have to be mirrored in the country (e. a copy will have to be kept in the country).
    • Ban on transfer of critical data outside the country: Data processing/collecting entities will, however, be barred from transferring critical personal data (a category that the government can notify at a subsequent stage) outside the country.
    • Different from Justice Srikrishna committee report: These above provisions have been changed from the earlier version of the draft Bill, released by the Justice Srikrishna Committee in 2018. 
    • The 2018 draft imposed more stringent measures that required both personal and sensitive personal data to be mirrored in the country (subject to different conditions).
    • Welcome move: The move to liberalise the provisions in the 2019 version of the Bill is undoubtedly welcome, particularly for businesses and users.

How removing the restriction matters?

  • Reduction in cost to business: Liberalised requirements will limit costs to business and ensure users have greater flexibility in choosing where to store their data.
  • More proportionate approach: The changes in the 2019 draft reflect a more proportionate approach to the issue as they implement a tiered system for cross-border data transfer, ostensibly based on the sensitivity/vulnerability of the data.
  • Move-in accordance with the right to privacy: This seems in accord with the Supreme Court’s dicta in the 2017 Puttaswamy case.
  • Conditions for interference in privacy: The Court had made it clear that interference in the fundamental right to privacy would only be permissible if inter alia deemed necessary and proportionate.

Test of proportionality in the bill

  • On closer examination, it appears that even the revised law may not actually stand the test of proportionality.
  • The three-argument for imposing norms: There are broadly three sets of arguments advanced in favour of imposing stringent data localisation norms:
    • Sovereignty and government functions. Referring to the need to recognise Indian data as a resource to be used to further national interest (economically and strategically), and-
    • To enable enforcement of Indian law and state functions.
    • Accruing benefits to the local industry: The second claim is that economic benefits will accrue to local industry in terms of creating local infrastructure, employment and contributions to the AI ecosystem.
    • Protection of civil liberties: Regarding the protection of civil liberties, the argument is that local hosting of data will enhance its privacy and security by ensuring Indian law applies to the data and users can access local remedies.
  • Contradiction in the claim of protection? If data protection was required for the above purposes, it would make sense to ensure that local copies were retained of all the categories of personal data provided for in the Bill (as was the case with the previous draft of the law).
    • Sectoral obligations: In the alternative, sectoral obligations would also suffice as is currently the case with sectors such as digital payments data, certain types of telecom data, government data, etc.
  • Will data localisation lead to privacy protection? We note that the security of data is determined more by the technical measures, skills, cybersecurity protocols, etc. put in place rather than its mere location.
    • Localisation may make it easier for domestic surveillance over citizens.
    • Enabler of better exercise of privacy by citizens: It may also enable the better exercise of privacy rights by Indian citizens against any form of unauthorised access to data, including by foreign intelligence.
    • Effectiveness matters: The degree of protection afforded to data will depend on the effectiveness of the applicable data protection regime.
  • Protecting privacy through less intrusive measures: Insofar as privacy is concerned, this could be equally protected through less intrusive, suitable and equally effective measures such as requirements for contractual conditions and using adequacy tests for the jurisdiction of the transfer.
    • Such conditions are already provided for in the PDP Bill as a set of secondary conditions.
    • The European Union’s General Data Protection Regulation too uses a similar framework.
    • Extra-territorial operation: The extraterritorial application of the PDP Bill also ensures that the data protection obligations under the law continue to exist even if the data is transferred outside the country.
  • Giving an individual a choice: If privacy protection is the real consideration, individuals ought to be able to choose to store their data in any location which afford them the strongest privacy protections.
    • It is arguable that data of Indians will continue to be more secure if stored and processed in the European Union or California.
    • These two jurisdictions have strong data protection laws and advanced technical ecosystems.

Way forward

  • Identification of the issues: The joint parliamentary committee ought to, ideally, identify the need, purpose and practicality of putting in place even the (relatively liberal) measures contained in the PDP Bill.
  • Broader thinking at policy level: Further, in order for localisation-related norms to bear fruit, either in terms of protecting citizen rights, enabling law enforcement access to data or enabling the development of the local economy, there has to be broader thinking at the policy level.
    • This may include for instance-
    • Reforming surveillance-related laws.
    • Entering into more detailed and up-to-date mutual legal assistance treaties.
    • Enabling the development of sufficient digital infrastructure, and
    • Creating appropriate data-sharing policies that preserve privacy and other third party rights, while enabling data to be used for socially useful purposes.

 

 

 

Right To Privacy

System Risk Indicator (SyRI)

Note4Students

From UPSC perspective, the following things are important :

Prelims level : SyRI

Mains level : Debate over right to privacy

  • In a first anywhere in the world, a court in the Netherlands recently stopped a digital identification scheme for reasons of exclusion.
  • This has a context for similar artificial intelligence (AI) systems worldwide, especially at a time when identity, citizenship and privacy are pertinent questions in India.

SyRI

  • Last week, a Dutch district court ruled against an identification mechanism called SyRI (System Risk Indicator), because of data privacy and human rights concerns.
  • It held SyRI was too invasive and violative of the privacy guarantees given by European Human Rights Law as well as the EU’s General Data Protection Regulation.
  • The Dutch Ministry of Social Affairs developed SyRI in 2014 to weed out those who are most likely to commit fraud and receive government benefits.
  • Legislation passed by Dutch Parliament allowed government agencies to share 17 categories of data about welfare recipients such as taxes, land registries, employment records, and vehicle registrations with a private company.
  • The company used an algorithm to analyse data for four cities and calculate risk scores.

What were the arguments in court?

  • After taking into account community concerns, civil society groups and NGOs launched a legal attack on this case of algorithmic governance.
  • Legal criticism mounted, alleging that the algorithm would begin associating poverty and immigrant statuses with fraud risk.
  • The Dutch government defended the programme in court, saying it prevented abuse and acted as only a starting point for further investigation instead of a final determination.
  • The government also refused to disclose all information about how the system makes its decisions, stating that it would allow gaming of the system.
  • The court found that opaque algorithmic decision-making puts citizens at a disadvantage to challenge the resulting risk scores.
  • The Netherlands continuously ranks high on democracy indices.

How relevant is this for India?

  • Similar to the Supreme Court’s Aadhaar judgment setting limits on the ID’s usage, the Hague Court attempted to balance social interest with personal privacy.
  • However, the Aadhaar judgment was not regarding algorithmic decision-making; it was about data collection.
  • The ruling is also an example of how a data protection regulation can be used against government surveillance.
  • India’s pending data protection regulation, being analysed by a Joint Select Committee in Parliament, would give broad exemptions to government data processing in its current form.
  • India’s proposed regulation is similar to the US in the loopholes that could be potentially exploited.

Right To Privacy

[op-ed snap] Unfulfilled promise: On Personal Data Protection Bill

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Nothing much

Mains level : Data protection - Privacy

Context

India’s Personal Data Protection Bill, 2019 seeks to protect “the privacy of individuals relating to their personal data”. On the whole, it is not designed to deliver on the promise. 

Provisions

    • Global rules – It requires handlers of data to abide by globally-accepted rules on getting an individual’s consent first.
    • Wider powers – it gives wide powers to the Government to dilute any of these provisions for its agencies.
    • Data Protection Authority – It will be headed by a chairperson and have not more than six whole-time members.

Doubts on data security

    • WhatsApp revelation – Recently, messaging platform WhatsApp said that some Indian journalists and rights activists were among those spied using technology by an Israeli company which only works for government agencies across the world.
    • Google – it had alerted 12,000 users, including 500 in India, regarding “government-backed” phishing attempts against them.
    • Srikrishna committee – Justice B.N. Srikrishna committee’s report forms the basis of the Bill. He has used words such as “Orwellian” and “Big Brother” in reaction to the removal of safeguards for Government agencies. 
    • Dangers to privacy – the committee noted that the dangers to privacy originate from state and non-state actors. It called for exemptions to be “watertight”, “narrow”, and available for use in “limited circumstances”.
    • Authority – the constitution of the Data Protection Authority of India to monitor and enforce the provisions of the Act is questionable. Members are to be selected by a panel filled with Government nominees. It disregards the fact that Government agencies are also regulated under the Act. They are major collectors and processors of data themselves.
    • Privacy as a rightthe powers to the Government renders the gains from the K.S. Puttaswamy vs. Union of India case meaningless. It culminated in the recognition that privacy is intrinsic to life and liberty, and a basic right.

Way ahead

Srikrishna committee had also recommended that the Government bring in a law for the oversight of intelligence-gathering activities because non-consensual processing of data takes place here.

Right To Privacy

Keywords in Personal Data Protection (PDP) Bill, 2019

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Various keywords mentioned in the Bill

Mains level : Personal Data Protection: Prospects and challenges

The Personal Data Protection (PDP) Bill, 2019, introduced in Lok Sabha this week, has been referred to a joint select committee. Here are some terms described in the Bill:

  • Data: Information that is represented in a form that is more appropriate for processing.
  • Cross-border transfer: The movement of data across nation borders
  • Data localisation: Restrictions on the transfer of data outside national borders.
  • Data processing: The analysis of data to glean patterns, turning raw data into useful information
  • Personal data: Data that identifies an individual
  • Non-personal data: Data that is anonymised, most probably because it is presented in an aggregated or summary form
  • Data principal: The individual whose data is being collected and processed
  • Data fiduciary: The entity that collects and/or processes a data principal’s data
  • Data processor: The entity that a fiduciary might give the data to for processing, a third-party entity
  • Notice: The fiduciary gives the principal a notice of the collection, including the purpose, the type of data, fiduciary contact details, the principals’ rights, and more
  • Right to correction and erasure: Principal’s right to correct and erase their data
  • Right to data portability: The right to receive the data from the fiduciary in a machine-readable format
  • The right to be forgotten: The right to restrict continuing disclosure of personal data
  • Privacy by design: Developing the product and business with privacy concerns in mind
  • Significant data fiduciaries: The Data Protection Authority labels certain as this depending on its data processing, such as volume of data, sensitivity of data, company turnover, risk of harm, and newer technologies.
  • Data protection impact assessment: The fiduciary’s internal assessment
  • Data protection officer: A representative of the fiduciary that coordinates with the Authority
  • Critical personal data: The government decides the definition from time to time and it cannot be taken outside of India at all.
  • Adjudicating officers: Officers in the DPA with the power to call people forward for inquiry into fiduciaries, assess compliance, and determine penalties on the fiduciary or compensation to the principal. Adjudication decisions can be appealed in the appellate tribunal.

Sensitive personal data

  • Data related to finances, health, official identifiers, sex life, sexual orientation, biometric, genetics, transgender status, intersex status, caste or tribe, religious or political belief or affiliation.
  • This data can only be sent abroad with Authority approval.

Data Protection Authority

  • A government authority tasked with protecting individuals’ data and executing this Act through codes of practice, inquiries, audits and more
  • The authority has four groups of tasks. In adjudication, the DPA receives grievances and handles enforcement.
  • In monitoring, it oversees internal assessments and external audits of the fiduciaries, as well as tracks data security breaches.
  • In policy, the DPA defines sensitive personal data, reasonable purposes for processing, forms of consent, and the lawful transfer of data outside of India. Finally, the Authority conducts research and awareness building about data protection.

Right To Privacy

[op-ed snap] Privacy rights & wrongs

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Nothing much

Mains level : Right to Privacy vs Technology Surveillance

Context

TRAI had commenced a process of consultations to bring over the top (OTT) services like WhatsApp and Telegram under “lawful interception”. 

Objectives

  • The objective of the exercise is public security since criminals and terrorists are known to use end-to-end encryption offered by such services to fly under the radar. 
  • Parity has always been an issue since telecom providers complain that they are regulated and must respond to requests for information from governments and agencies. But the OTT sector is untrammeled. 

Is interception technologically feasible, at all?

  • Technology companies have argued that end-to-end encryption is completely private between the correspondents in the conversation.
  • It is encrypted by a pair of security keys which their devices exchange, and which are available to no one else, not even the OTT provider. 
  • Providers are unable to provide governments with any communications content, except metadata like the frequency of contact. 
  • The US Attorney General’s, along with his counterparts in Australia and the UK, has requested Mark Zuckerberg not to deploy systems that preclude any form of access to content, even for preventing or investigating the most serious crimes.

Need for such technologies

  • Concerns about crime, terrorism and lethal mischief-making using encrypted communications are legitimate.
  • Worldwide, the pressure is developing on providers and platforms to make content available for inspection. 

Weighing against privacy 

  • Privacy concerns are equally legitimate because compromising security would degrade privacy across platforms.
  • Blackberry had kept a copy of encrypted communications and provided it to the governments of India, Saudi Arabia, and the United Arab Emirates. Now, it is an inconsequential player. 
  • Privacy is now recognised as a right. It would open the door to situations like the NSA mass surveillance scandal.

Right To Privacy

[op-ed snap] Privacy no longer supreme

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Nothing much

Mains level : 2 years of Puttaswamy judgement

CONTEXT

It has been two years since the nine-judge Supreme Court bench delivered the judgment in the Puttaswamy case. It asserted that Indians have a constitutionally protected fundamental right to privacy.

Background

It held that privacy is a natural right that inheres in all natural persons and that the right may be restricted only by state action that passes each of the three tests:

  1. such state action must have a legislative mandate
  2. it must be pursuing a legitimate state purpose
  3. it must be proportionate

If the judgment is implemented, the outcomes would be

  1. Govt will undertake structural reforms to bring transparency and openness in the process of commissioning and executing surveillance projects.
  2. Establishing a mechanism of judicial oversight over surveillance requests. 
  3. Govt demonstrates great care and sensitivity in dealing with the personal information of its citizens.
  4. Legislating a transformative, rights-oriented data protection law that holds all-powerful entities that deal with citizens’ personal data accountable.
  5. Data protection law 
    • with the principle that the state must be a model data controller with a higher standard of observance.
    • proscribes the practice of making access to essential services contingent on the citizen parting with irrelevant personal information.
    • establishes an effective privacy commission that is tasked with enforcing, protecting and fulfilling the fundamental right to privacy implemented through the specific rights under the legislation.

However, that is not the case. Examples of govt’s violation of privacy 

  1. The Ministry of Home Affairs authorized 10 Central agencies to “intercept, monitor and decrypt any information generated, transmitted, received or stored in any computer in the country”.
  2. Ministry of Information Broadcasting floated a tender for ‘Social Media Monitoring Hub’ to snoop on all social media communications, including e-mail. The government had to withdraw the project.
  3. A similar social media surveillance program was floated in by the UIDAI.
  4. I-T department has its ‘Project Insight’ which also has similar mass surveillance ends.
  5. Economic Survey commends the government for having been able to sell and monetize the vehicle owners’ data in the Vahan database

Way ahead

  1. A rights-oriented data protection legislation is the need of the hour. 
  2. Comprehensive surveillance reform and prohibiting mass surveillance 
  3. Institution of a judicial oversight mechanism for targeted surveillance 
  4. State ought to be a model data controller as it deals with its citizens’ personal information.

Right To Privacy

Giving voice sample to police does not violate privacy: Supreme Court

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Article 20

Mains level : Debate over right to privacy

  • In a significant judgment, the Supreme Court has held that a judicial magistrate is empowered to order a person to give a sample of his voice for the purpose of investigation.

Right to privacy is not absolute

  • Directing a person to part with his voice sample to police is not a violation of his fundamental right to privacy.
  • The judgment authored by CJI said that the fundamental right to privacy cannot be construed as absolute and must bow down to compelling public interest.
  • Hence giving voice sample to an investigating agency was not a violation of the fundamental right against self-incrimination.
  • Originally, Article 20 (3) of the Constitution mandated that no person accused of any offence shall be compelled to be a witness against himself.

Not a self-incrimination

  • The Chief Justice compared a voice sample with other impressions like specimen handwriting, or impressions of his fingers, palm or foot collected by police during investigation.
  • The court ruled that giving voice sample by a person did not amount to furnishing of evidence against oneself.
  • A voice sample is given for the reason of comparison with other voices in order to see if they matched and were of the same person.
  • Hence voice sample by itself is not incriminating evidence.

Voiceprint as evidence

  • The 87th Report of the Law Commission of India in 1980 describes a voice print as a “visual recording of voice”.
  • Voiceprints resemble fingerprints, in that each person has a distinctive voice with characteristic features dictated by vocal cavities and articulates.

Right To Privacy

[op-ed of the day] The makings of a digital kleptocracy

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Nothing Much

Mains level : Data monetisation aspects

Note- Op-ed of the day is the most important editorial of the day. Aspirants should try to cover at least this editorial on a daily basis to have command over most important issues in news. It will help in enhancing and enriching the content in mains answers. Please do not miss at any cost.

CONTEXT

  • There has been public furore over the delay in the release of data, for example farmer suicides, suppression of data such as on employment, bungled migration data in the Census, and controversy over the methodology used to calculate GDP growth rates.
  • These data are the backbone of policy making in India.

Suggested Use of data

  • These three — information obtained through the RTI Act, administrative data and data collected by the statistical machinery of government — are examples of “data as a public good”.
  • But these are scarcely mentioned in a chapter so-titled in this year’s Economic Survey.
  • Instead, its focus is on the expanding digital footprint of people, falling costs of data generation and storage and the growing data mining industry.
  • The thrust is on how to monetise these data, for example by selling data that we share with the government in trust.
  • Another worrying suggestion is consolidation of our data across various ministries.

Problems with Data usage

1.Toxicity – 

  • Somewhere along the line, your mobile number and/or email ID got sold in the data market.
  • Even as most of us delete these, others get trapped.
  • A former Chief Justice of India was duped of ₹1 lakh recently as a result of a fraudulent email.
  • In Mumbai, identity fraud was perpetrated by accessing personal data (address, phone number and Aadhaar).
  • In phishing attacks in Rourkela, Odisha, fraudsters called bank customers asking for Aadhaar details to update their account, but used it to siphon off money.

2. Similar treatment like public services –

  • The Survey treats personal data (such as date of birth, mobile numbers and addresses) the same way as data on rainfall, temperatures and road networks.
  • In the examples above, the fraudsters had to get access to people’s data. The Survey is proposing that these be sold for a price.
  • In early July, the Union Minister of Road Transport and Highways, Nitin Gadkari, informed Parliament that the department had earned ₹65 crore from the sale of vehicle registration and licence data.
  • Imagine the consequences of your health data being sold to private health insurance companies; or your data on your earnings being sold, or data being used in the way Cambridge Analytica did.

Other faultlines

If data can be toxic, centralising and consolidating it, as advocated by the Survey, increases its toxicity exponentially.

1.Centralising the data –

  • Contrary to the widely advocated principle of decentralised/disaggregated data silos as a first line of defence by data security experts, the Survey portrays decentralisation as an obstacle.
  • With decentralised data, data mining companies employ sophisticated tools to combine distinct data silos to create profiles of individuals.
  • Consolidating it, for example if a unique number such as Aadhaar links them, reduces the company costs for profiling and targeting.
  • Centralising it (in one data silo) means that a single data breach can compromise all aspects of your life.

2. Without Consent –

  • Often they are collected and shared without our consent or knowledge, for example, CCTVs or web browsing histories.
  • When our data are used by opaque algorithms to make crucial decisions about our lives, such as shortlisting for jobs, getting health insurance or whether you were speeding, we cannot question them.

Case study of Aadhar –

  • Given the government’s track record on Aadhaar, these laws are unlikely to protect citizen’s rights adequately.
  • Further, privacy and data protection laws will face unique implementation challenges in India.
  • This is on account of low levels of tech-digital and legal literacy combined with pre-existing social inequalities which directly bear upon power relations between us (as citizens/consumers) and them (government/corporations).

Conclusion

  • Even where such laws have been put in place, those societies/economies are grappling with the fallout of corporations whose practices can best be described as “digital kleptocracy”.
  • To understand this, take the example of lending and credit scores.
  • The literature documents unscrupulous use of algorithms to identify vulnerable targets such as search histories of single African American mothers in the United States that are used to sell them home or education loans which it is clear they are unlikely to be able to repay.
  • Thus, digital kleptocracy is a means by which rich tech companies mine poor people’s data,in fact, steal; in most cases the person is unaware of their data being harvested and used for profit.
  • What the Economic Survey advocates is not only for the government to facilitate such practices but also climb aboard this bandwagon of digital kleptocrats.

Right To Privacy

Explained: Why govt wants to bank DNA

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Not Much

Mains level : Debate over the proposed legislation

Context

  • The Union Cabinet cleared the DNA Technology (Use and Application) Regulation Bill once again, paving the way for its reintroduction in Parliament.
  • The Bill had been passed by Lok Sabha in January this year, but could not get the approval of Rajya Sabha before general elections.
  • The fresh clearance by the Cabinet is the third attempt since 2003 by the government to enact a law to regulate the use of DNA technology in the country.
  • The text of the Bill has undergone several changes over the years to address some of the concerns on privacy and the possibility of abuse.

DNA Technology (Use and Application) Regulation Bill

  • The Bill seeks to create a regulatory framework for obtaining, storing and testing of DNA samples of human beings, mainly for the purposes of criminal investigations, and with the objective of establishing the identity of a person.
  • DNA testing is already being used for a variety of purposes, such as criminal investigations, establishment of parentage, and search for missing people.
  • The proposed law seeks to bring in a supervisory structure to oversee these practices, and frame guidelines and rules so that the DNA technology is not misused.
  • To achieve these objectives, the bill proposes to set up two institutional structures — a DNA regulatory board, and a DNA data bank — at the national level.
  • Regional centres of the board as well as the data bank can be set up at the state level as well.

Supervisory structure

  • The DNA regulatory board, which is proposed to be the main regulatory authority, would frame the rules and guidelines for DNA collection, testing and storage.
  • The data bank would be the repository of all DNA samples collected from various people under specified rules.
  • The Bill proposes that testing of DNA samples can be carried out only at laboratories that are authorised to do so by the regulatory board.
  • The bill also specifies the circumstances under which a person can be asked to submit DNA samples, the purposes for which such requests can be made, and the exact procedure for handling, storing and accessing these samples.

DNA Regulatory Board

  • The Regulatory Board will comprise 12 members.
  • Some of them will be experts in the field of biological sciences, whereas the others will be the director-general of the NIA, the directors of the CBI, the heads of the Centre for DNA Fingerprinting and Diagnostics and the Central Forensic Science Laboratory, and a member of the NHRC.
  • The principal responsibility of the Board will be to accredit DNA-testing labs from which data can be collected for the databank and ensure they maintain high quality standards at all times.

Collecting DNA samples

  • DNA samples can be collected from the objects found at the crime scene, or from the body of the accused or volunteer.
  • The samples, collected by an authorised technician or medical practitioner, would have to be sent to an accredited laboratory for tests and analysis.
  • The information generated from these tests would have to be mandatorily shared with the nearest DNA data bank, which in turn, would be required to share it with the national data bank.

DNA data banks

  • Under the provisions, the data banks are required to store the information under one of the five indices — a crime scene index, a suspect or undertrial index, an offenders’ index, a missing persons’ index, and an unknown deceased persons’ index.
  • Although information from DNA can yield a lot of information about the person, the data banks are supposed to store only that information that is necessary to establish the identity of the person.
  • While the information in the crime scene index can be stored permanently, entries in other indices can be removed through processes prescribed.

Removal of information

  • People whose DNA samples have been collected, either from the crime scene, or through voluntary written consent, can also request the removal of their information from the index.
  • DNA samples of people who are not suspects or undertrials cannot be matched with already stored information in the suspects/undertrial index or the offenders’ index.

Using DNA samples

  • According to the provisions of the proposed law, police can ask for DNA samples of the person accused of an offence to facilitate their investigation.
  • But unless the offence is of a very serious nature, punishable by death or by imprisonment for at least seven years, the DNA sample can be obtained only on the written consent of the accused.
  • It can be also be obtained if an authorised magistrate is satisfied that a DNA test is absolutely necessary for investigation of the crime.
  • People who are witness to a crime, or want to locate their missing relatives, or in similar other circumstances, can volunteer to give their DNA samples, again through written consent.

Criticisms  of the bill

I. Over matter of Consent

  • Written consent is required from everyone for their DNA samples to be collected, processed and included in the database except from those who have committed crimes with punishment of 7+ years or death.
  • However, a similarly specific instruction is missing for the collection of DNA samples for civil matters. Such matters include parentage disputes, emigration or immigration and transplantation of human organs.
  • The Bill also doesn’t state that the consent has to be voluntary.

II. Civil Disputes

  • Second, it’s not clear if DNA samples collected to resolve civil disputes will also be stored in the databank (regional or national), although there is no index specific for the same.
  • If they will be stored, then the problem cascades because the Bill also does not provide for information, consent and appeals.
  • If a person’s DNA data has entered the databank, there is no process specified by which they can have it removed.
  • All of these issues together could violate the right to privacy.

III. Authenticity of DNA Labs

  • There’s also the question of whether the DNA labs accredited by the Regulatory Board are allowed to store copies of the samples they analyse.
  • And if so, how the owners of those samples can ensure the data is safe or needs to be removed from their own indices.
  • It’s unclear if the Regulatory Board will oversee other tests performed at the accredited labs.
  • This could become necessary because, unlike one’s biometric data or PAN number, the human genome contains lots of information about every individual.

IV. Overreaching access to identity

  • So a test undertaken to ascertain a person’s identity by analysing her DNA will in the process also reveal a lot of other things about that person, including information about their ancestry, diseases to which they are susceptible, etc. – i.e. information that the individual has a right to keep private.
  • The Bill does not specify which parts of an individual’s DNA can be analysed to ascertain their identity.
  • The more parts are subjected to analysis, the more conclusively a person’s identity can be established.
  • But this can’t be used as a license to parse more than is necessary, because then the DNA lab is also likely to reveal more information than it has the right to seek.

Govt. stance on this

  • The government, on the other hand, has been arguing that since DNA tests are already happening, and frequently used as the most reliable tool to establish identity.
  • It would be better to have regulatory safeguards so that it is carried out only in prescribed manner and by authorised personnel and institutions.
  • The government has also claimed that very limited information is proposed to be stored in the indices — just 17 sets of numbers out of billions that DNA samples can reveal.

Right To Privacy

[op-ed snap] Basic Needs, Basic Rights

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Nothing Much

Mains level : Basic rights are the need of hour.

CONTEXT

The horrific tragedy in Muzaffarpur, Bihar, where the systemic failure of health care has killed over a hundred children.

Defining rights in a new way

  • First, like the constitutional principle of a basic structure, it is time to articulate an equally robust doctrine of basic rights.
  • Second, these basic rights must be viewed primarily as positive, rights not against interference from the state (negative rights) but to the provision of something by it.
  • Third, just as individuals are punished for legal violations, the government of the day must also be punished for the violation of these basic rights.

Basic RIghts

  •  Basic rights flow from basic needs such as physical security or subsistence.  Their non-fulfilment can cause great harm, even kill.
  • The failure to get an antibiotic if you have a bacterial infection can hurt you very badly.
  •  Needs depend on the way human bodies are constituted. They are a solid necessity; one cannot get on without them.
  • Nor can they be fulfilled by substitutes.
  • For us, nothing can take the place of water, food and air.

Impact of lack of basic needs

  • People suffer if basic needs are met inadequately or with delay. They are then denied a minimally decent life.
  • Elementary justice requires that before anything else, the state does everything at its disposal to satisfy all basic needs of its citizens, particularly of those who cannot fend for themselves.

Basic Rights 

1.Right to physical security –

  • The right to physical security, the first basic right, is socially guaranteed when the state provides its people a well-trained, professional police force.
  • It follows that basic rights are a shield for the defenceless against the most damaging threats to their life which include starvation, pestilence and disease.

2. Economic Security –

  • The second is the right to minimum economic security and subsistence, that includes clean air, uncontaminated water, nutritious food, clothing and shelter.
  • By showing the devastation caused by its absence, the Muzaffarpur tragedy amply proves that the right to primary health care is also an integral part of the right to subsistence.
  • For this, proper budgetary allocation is required that depends in turn on getting one’s political priority and commitment right. When a government fails to provide primary health care to those who can’t afford it, it violates their basic rights.

3. The right to free public expression –

  • The right to free public expression of helplessness and frustration, if deprived of other basic rights.
  • The right to make one’s vulnerability public, be informed about the acts of commission and omission of the government regarding anything that adversely affects the satisfaction of basic needs, to critically examine them and to hold state officials publicly accountable is a basic right on a par with right to physical security and subsistence and inseparably linked to them.

 

Conclusion

  • These three basic rights can be summed up in a single phrase, the right to a minimally decent life.
  • A society may soar, strive for great collective achievement. Anything short of a minimally decent life is simply not acceptable. It is this precisely that horrifies us about the callousness of the Bihar government in Muzaffarpur and governments in India more generally.
  • They routinely abdicate responsibility for the suffering they directly or indirectly cause.
  • This is why we must ask why governments are not immediately and severely penalised when they undermine the exercise of these basic rights.

Right To Privacy

Right to travel abroad is a basic human right: SC

Note4Students

From UPSC perspective, the following things are important :

Prelims level : 1958 Kent vs Dulles Judgment

Mains level : Right to travel abroad

  • The right to travel abroad is a genuine and basic human right like marriage and family, the Supreme Court has observed in a recent order.

Right to travel abroad

  • The court was hearing an appeal filed by an IPS officer who was refused permission to take a private trip abroad to visit relatives as he had a departmental enquiry pending against him.
  • The court ruled that the right to travel abroad is an important basic human right for it nourishes independent and self-determining creative character of the individual.
  • The right also extends to private life; marriage, family and friendship are humanities which can be rarely affected through refusal of freedom to go abroad and clearly show that this freedom is a genuine human right.

Referring the 1958 Kent vs Dulles Judgment

  • Setting aside the order, the Supreme Court referred to its Maneka Gandhi judgment upholding the right to travel and the landmark U.S. Supreme Court case of 1958 Kent vs Dulles.
  • The Bench quoted the majority opinion of Justice William O. Douglas in the latter case which said freedom to go abroad has much social value and represents the basic human right of great significance.
  • The court said that this basic human right also extends to private life; marriage, family and friendship.
  • These are part of human nature which can be rarely affected through a refusal of freedom to go abroad.

Right To Privacy

Lok Sabha Passes DNA Technology Bill – All You Need to Know

Note4students

Mains Paper 3: Science & Technology | Developments and their applications and effects in everyday life

From UPSC perspective, the following things are important:

Prelims level:  DNA Technology (Use and Application) Regulation Bill, 2018

Mains level: Understanding the importance of DNA Profiling in curbing crime in India.


News

  • The Bill that provides for regulation of use and application of DNA technology for establishing the identity of certain categories of persons, including offenders, victims, suspects and undertrials, was passed in Lok Sabha.

What it aims to bring?

  1. The use of DNA data is also likely to be useful in quickly identifying missing persons and resolving criminal cases in which repeat offenders might be involved.
  2. This includes offences under the IPC, 1860, as well as offences under other laws such as the Immoral Traffic (Prevention) Act, 1956, the Medical Termination of Pregnancy Act, 1971, the Protection of Civil Rights Act, 1955, and the Motor Vehicles Act, 1988.

DNA Technology (Use and Application) Regulation Bill, 2018 

  1. The primary intended purpose for enactment of the bill is for expanding the application of DNA-based forensic technologies to support and strengthen the justice delivery system of the country.
  2. The utility of DNA based technologies for solving crimes, and to identify missing persons, is well recognized across the world.
  3. Other aims include Speedier justice delivery and Increased conviction rate.
  4. Bill’s provisions will enable the cross-matching between persons reported missing and unidentified dead bodies found in various parts of the country, and also for establishing the identity of victims in mass disasters.
  5. By providing for the mandatory accreditation and regulation of DNA laboratories, the Bill seeks to ensure the data remain protected from misuse or abuse in terms of the privacy rights of our citizens.
  6. The Bill has two major components : the DNA databanks and the DNA Regulatory Board.

DNA databanks

  1. There will be two kinds of databanks: a national one and multiple regional ones.
  2. Every databank will maintain DNA data in one of the following categories: the crime scene index, the suspects’ or undertrials’ index, the offenders’ index, the missing persons’ index and an ‘unknown’ deceased persons’ index.

DNA Regulatory Board

  1. The Regulatory Board will comprise 12 members.
  2. Some of them will be experts in the field of biological sciences, whereas the others will be the director-general of the NIA, the directors of the CBI, the heads of the Centre for DNA Fingerprinting and Diagnostics and the Central Forensic Science Laboratory, and a member of the NHRC.
  3. The principal responsibility of the Board will be to accredit DNA-testing labs from which data can be collected for the databank and ensure they maintain high quality standards at all times.
  4. But in light of recent privacy and surveillance issues, the Board’s responsibility towards ensuring the DNA data is stored securely, used properly and only for identification purposes will also be under close watch.

Criticisms

Matter of Consent

  1. Written consent is required from everyone for their DNA samples to be collected, processed and included in the database except from those who have committed crimes with punishment of 7+ years or death.
  2. However, a similarly specific instruction is missing for the collection of DNA samples for civil matters. Such matters include parentage disputes, emigration or immigration and transplantation of human organs.
  3. The Bill also doesn’t state that the consent has to be voluntary.

Civil Disputes

  1. Second, it’s not clear if DNA samples collected to resolve civil disputes will also be stored in the databank (regional or national), although there is no index specific for the same.
  2. If they will be stored, then the problem cascades because the Bill also does not provide for information, consent and appeals.
  3. If a person’s DNA data has entered the databank, there is no process specified by which they can have it removed.
  4. All of these issues together could violate the right to privacy.

Authenticity of DNA Labs

  1. Third, there’s also the question of whether the DNA labs accredited by the Regulatory Board are allowed to store copies of the samples they analyse.
  2. And if so, how the owners of those samples can ensure the data is safe or needs to be removed from their own indices.
  3. It’s unclear if the Regulatory Board will oversee other tests performed at the accredited labs.
  4. This could become necessary because, unlike one’s biometric data or PAN number, the human genome contains lots of information about every individual.

Overreaching access to identity

  1. So a test undertaken to ascertain a person’s identity by analysing her DNA will in the process also reveal a lot of other things about that person, including information about their ancestry, diseases to which they are susceptible, etc. – i.e. information that the individual has a right to keep private.
  2. The Bill does not specify which parts of an individual’s DNA can be analysed to ascertain their identity.
  3. The more parts are subjected to analysis, the more conclusively a person’s identity can be established.
  4. But this can’t be used as a license to parse more than is necessary, because then the DNA lab is also likely to reveal more information than it has the right to seek.
Subscribe
Notify of
8 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments