India desperately needs a delayed data privacy law

Video: WhatsApp limits message forwarding in India after mob lynchings

As global cell phone companies plough ahead with trying to plant a device in the hands of every one of India's 1.3 billion citizens (smartphone penetration in the country is around 35 percent), the question of who is going to protect their rights is becoming more urgent by the day.

Certainly, faith in the Indian government to do so seems to be overly optimistic. For one, gaping holes have appeared in its Universal Identification program, Aadhar, where millions of users' account information (bank details, email IDs, etc) have been leaked through various government utility sites.

Read also: A new data leak hits Aadhaar, India's national ID database

Most worrying has been the government's long silence when confronted with these leaks, followed by an obdurate denial about these instances, despite ample proof of the unsecured tranches of private information being easily accessible to anyone who wishes to illegally avail of them. Absurdly, in many instances, the government has threatened prosecution of individuals who made public these breaches.

Terrors of an invasive state don't stop there. An RFP put out by the government to global software firms listed in detail the need for heavy monitoring of Indian citizens' social media usage, creating conversation archives, "listening to email," architecting a plan to "inculcate nationalistic feelings in the masses," and manipulating discussions online with a positive spin in favour of India.

If all this isn't enough to make the informed citizen queasy, then the onslaught of online fraudsters that have begun preying on millions of Indians should do the job.

The problem is that while a massive amount of data is set to be generated in the next 10 years and beyond, no framework exists to protect Indians from marauders like Cambridge Analytica that have begun preying on millions of Indians should do the job.

One positive -- and, some say, paradoxical -- move by the government has been to appoint a 10-member committee last year headed by Justice Srikrishna for this purpose and a white paper that was released recently shows a desire to sculpt a law that will apply to all governmental and non-governmental parties that collect and process data after consent. A much-delayed draft law is expected by the end of August.

Read also: WhatsApp rumors reportedly led to lynchings in India - CNET

According to Mint newspaper, over 150 lawyers, activists, and journalists have written to the Srikrishna committee and expressed their dissatisfaction with the transparency in the committee's process. They fear it is stacked with members who echo the government's stance with the Aadhar program. This is especially problematic considering the Aadhar number has become compulsory to even open a bank account or a cell phone connection, which is fundamentally unconstitutional when you factor in the right to privacy of an individual, recently affirmed by the Supreme Court.

Meanwhile -- and this may be fortuitous or deleterious, depending on how you interpret it -- the Telecom Authority of India (TRAI) that keeps tabs on the telecom sector in the country one-upped the Srikrishna committee and published its own set of recommendations on data privacy, heavily favouring consumers and radically restricting ways in which entities both private and public can harvest and use consumer data.

Even if TRAI was cheekily skipping over its de-facto jurisdiction, there's now thankfully no room for the Srikrishna committee to gloss over any aspect of the data privacy debate.

Read also: Bizarre mobile attack in India uses MDM to target only 13 phones - TechRepublic

Here are some important issues, outlined in Mint, that experts and consumer advocates hope will be resolved when the report or draft bill comes out:

• One vital issue to sort out is the nature of data that will be allowed for collection and whether this should be made standard. Also relevant will be the length of storage of such data and what are the various responsibilities that go along with this functionality.
• The issue of privacy will be supreme. Companies, observers say, will need to assuage the public that their platforms are constructed to prevent data theft first and foremost rather than its exploitation.
• Oversight by a regulator will be a much-scrutinized issue, especially considering there are currently regulators for the banking, stock market, and telecom sectors who may have overlapping domains with the internet sphere and may be affected by the bill.
• Considering the Indian government's de-facto war against its minorities and critics as evidenced by its deafening silence following lynchings, assassinations, and acts of terror against these groups by right-wing Hindu entities, sanctioned surveillance will become a key issue. Critics hope that the committee will deftly outline what can and cannot be done and that a robust judicial process is in place to protect the rights of those who are under the scanner.

Hardware is hard: The tech products that fooled or failed us

Previous and related coverage:

This remote, small town is the epicentre of cybercrime in India

Unemployed youth in Jamtara in the state of Jharkhand have hoodwinked millions of Indians across the length and breadth of the country.

How WhatsApp has emerged as an unwitting messenger of hate and division in India

Opinion: While the app has been widely used in the past to goad religious groups into violent acts, the dissemination of deeply bigoted fake news during the state elections in Karnataka is a small example of how technology is destined to adversely affect the 2019 federal elections.