Judicial inquiry must look into whether companies allied with Cambridge Analytica accessed personal data of Indian Facebook users and influenced elections.
‘Big data is the new oil’ has been the cliché for over a decade or so. Given that oil has pushed nations to go to war, it seems big data may not be too far behind.
If the early claims of investigators in the USA and UK are to be taken at face value, big data has been illegally used to influence voters and sway elections. Today, data protection laws of western nations may stand exposed because of such instances of data breach but there is no equivalent data protection policy in the Indian context. As of January 2018, there are over 250 million Facebook users in India, whose personal information stands at a huge risk of being misused, if it has not happened already.
The issues raised by the current data breach again demonstrate the value of personal information for data-driven businesses in the modern ‘big data’ world. The breaches may not be limited to any one country, as the investigations in USA and UK show and, as such, this is a cross-jurisdictional problem, which requires all countries to act. As of May 2018, Europe is moving towards a new data protection regime under the General Data Protection Regulations (GDPR), which expands the scope of privacy and data protection in Europe especially with regard to the processing of personal data. This policy regime will bring in a new set of ‘digital rights’ for European citizens, which realises the economic significance of data.
In India, a committee of experts, under Justice B.N. Srikrishna, has been set up to deliberate on a data protection framework. This Committee is tasked with studying various issues relating to data protection in India and to make specific recommendations on principles and universal best practices in this domain. The Committee, in the process of drafting a data protection bill, has deliberated on a number of germane issue including what constitutes ‘personal data’, concepts of consent, setting up of the data protection authority and penalties to be levied.
In the White Paper released by the Committee, there is an interesting discussion around what distinguishes personal data from private information. It is stated that while both terms— data and information— are used in the context of data protection and informational privacy, the word ‘data’ is of a more recent vintage. The term ‘data’, though similar in meaning, is also used as the broader term which includes any form of information. Apart from this, the White Paper leaves the issue open to be answered in future deliberations and then goes on to affirm at the ratio laid down by the Justice K.S. Puttaswamy (Retd.) vs Union of India case, where the Supreme Court has held: “the object of data protection regimes is to protect the autonomy of the individual by protecting the identity of the individual”. By doing so, the White Paper has married international best practices with the law of the land and provided a roadmap for setting up a robust data protection regime.
On the other hand, the Parliamentary Standing Committee on Information and Technology has listed the topic of “Citizens’ data security and privacy” for study. It seems, though, that there have been no meetings on the subject and, consequently, there has been no report formulated yet. But, it is hoped that the recent developments will push the committee to take this matter up and examine it in great detail and provide a multi-partisan report.
Given the recent developments, it is counter-intuitively fortuitous that we have a Union Minister holding simultaneous portfolios of Law and Justice as well as Electronics and Information Technology. There have been allegations and counter-allegations by the Congress and the BJP about links with Cambridge Analytica.
A recent report in ThePrint has prima facie exposed that the said company was involved in working on the 2014 Lok Sabha elections.
The minister must now, instead of issuing verbal threats to Mark Zuckerberg et al., focus his efforts on enacting a comprehensive data protection regime and setting up an impartial, judicial inquiry into whether companies allied with Cambridge Analytica accessed personal data of Indian Facebook users and whether this was used to influence electoral processes. Failing which, the disenchantment with democracy would be complete in 2019.
Manuraj Shunmugasundaram is Advocate and Spokesperson, DMK.
Muthupandi Ganesan is Barrister-at-Law, UK