Privacy in India
Many among us who pursue MBA either come from IT sector or wish to enter one. Irrespective of which industry you enter, IT will always play a crucial role. As IT continues to evolve, new aspects have started to surface that need understanding. Data Privacy is one among them. Through this article I try to explore the status of Privacy in India.
It has been 3 years since the “Privacy Rules 2011”, a set of guidelines acting as an extension of the Indian IT Act 2008 amendment, came into picture; and almost same amount of time has elapsed since Privacy Bill has been pending to be tabled in the Indian parliament. In the same period, South Africa passed its first Privacy Law; and the Australians refurbished their Nation Privacy Principles to have a greater impact. The same time phase saw the European court of justice bringing the “Right to be forgotten” to prominence. Even the Chinese Authorities, who are often accused of having a bootless data protection law, brought in stronger measures to protect the health information of its citizens from unlawful processing.
Different reasons can be attributed for the triggering of privacy consciousness across the globe, whether it be Snowden’s revelations about PRISM or the legal actions against the privacy practices of Google and Facebook. But what’s certain is that the world is gradually becoming aware of the importance of privacy in this ‘Age of Data’. Unfortunately, India has still not gained the cognizance of its peers.
Though not as explicit as the 4th Amendment of U.S. constitution, The Article 21 of the Indian Constitution, which confers the right to life and personal liberty of Indian Citizens, is the closest constitutional provision for protection of an individual’s Privacy in the country. The focus over data privacy came only when the absence of a data protection regime started become an impediment for businesses, especially in the IT sector which was not able to gain crucial projects from its European clients.
Necessary work has initiated but at a pace that is much lower that needed. The e commerce boom which is working in tandem with the social media and big data analytics does carry potential privacy implications that may currently go unaddressed. The data vibrancy is gathering momentum in India but with it comes threats of ever increasing privacy breaches. In absence of a reasonable data protection framework, the privacy risks could grow enormously.
The Data Security council of India is doing exemplary work by creating the right environment for data privacy to exist at the organisational level. The corporates of India are also inculcating the practices that best preserve the privacy of data subjects. But in absence of proper awareness, there is a lot to be done.
This year, on 28th January-the data privacy day, Microsoft released the findings of a digital privacy survey that it had sponsored. Conducted in United states of America and several countries of Europe, the survey reflected the awareness of people with respect to digital privacy. More than 80% of respondents on both side of the Atlantic desired to know about the the kind of data being collected from them, where it went and why.
In a similar survey conducted in New Zealand, more than 50% of the respondents showed greater privacy awareness than the previous years. But when it comes to India, the opposite is observed. This year in the “EMC Privacy Index”, more than 61% of Indians were willing to trade their Privacy for convenience (to read the entire survey: http://www.emc.com/campaign/privacy-index/india.htm). Somehow it didn’t surprise me.
While questioning an average educated person in India about his understanding of privacy, you can find a series of responses depending on your luck. If you are lucky, then perhaps the respondent will tell that privacy is a sub section or something similar to Information Security. And on not such a good day, you will find people getting confused between privacy and piracy.
“Why should I know about Privacy?” is perhaps the most common question to be backfired at you after your querying. Indeed, there are many fields and areas which don’t require the attention of a layman, specially if its not his area of work or interest. But Privacy has everything to do with you, as an individual. It is a fundamental right, whether explicitly stated in your law books or not.
What is that differentiates countries in terms of privacy awareness? is it the education level, the financial condition, or the right exposure. The exact answer may not lie in any one single aspect. But in order to explore the reason, let us begin from where most solutions come: the history.
Terrorism and corruption: the unrecognised factors
I seldom observe incidents in India’s past that could have roused a concern for Privacy. Instead, the incidents that occurred generated apathy towards an individual’s privacy. Post Independence, almost every decade was frequented with scams and fraudulent activities that resulted in loss of public money. Such events effected the perception of the citizens who felt that everyone in power can potentially collude to harm the interests of common people. Hence, a greater ask for openness diminished the chances of privacy to bloom. A huge population suffering from poverty and corruption, provided the perfect ground for people to be insensitive towards a person’s personal affairs. As resources were always scant, people readily parted with their personal information in exchange for some service or good, without bothering to inquire the rationale behind such data collection.
But more than anything else, our past was marred by acts of terrorism. Specially the past three decades witnessed innumerable incidents of terrorism in different parts of the country that resulted in loss of lives and property. These events generated deep concerns for security among the citizens, who demanded and supported surveillance of not only public areas but also people under suspicion. There is little doubt that all measures for safety of the citizens were necessary but at the same time they prevented the privacy to thrive.
Now let us compare our case to that of Germany, perhaps the strictest data privacy regime in the world. The rationality behind the stringency of its privacy laws are rooted in its history too. Initially under the Nazi rule and later in east Germany in the pre-unification era, the people were under constant watch of the administration and often faced persecution. The people not only faced violation of privacy but selective targeting on basis of sensitive personal information such as religious ideology, ethnicity etc. Such acts led to a negative impact on the citizen of Germany, and they became poised to bring a change.
Physical privacy, the traditionally more valued form of privacy, evolves from an individual’s upbringing and cultural sensitivities. In earlier times, Indian society lived in comparatively more spacious homes than today, but had a joint family structure. In present time, the nuclear families have replaced the existing structure. But at the same time, our homes are much smaller, thanks to land price appreciation and overcrowding of towns and cities. Both scenarios never let the concept of privacy to emerge. Somehow the personal space was always missing.
On the other hand, our American counterparts had a societal and housing structure that always promoted individual space. They have much bigger homes, individual rooms, and a smaller circle of relatives residing together. Even the neighborhood homes are either at a distance or non existent.
Do note that the intent here is not to reflect the existing features of India’s past and society in a negative light. Its unfortunate that up till now, the prevailing circumstances had prevented the imbibing of privacy. Also, we had never been a major victim of infringement of privacy. But chances of facing a privacy violation induced mental trauma or financial loss will only increase in near future. Hence, its imperative that a change is brought in the attitude of the people as well as the system.
The digital world with its web of communication and technology is growing at exponential rate. The deluge can be regulated only by building a dam on the balanced pillars of information security and privacy. If the foundation of privacy is not stabilized, then be prepared for the floods!
“be prepared for the digital flood!”
By: Rajat Srivastava (PGDIM student from NITIE)