After a number of delays, India has finally proposed a set of rules for data protection laws. While the proposed legislation could place restrictions on how companies like Facebook and Twitter use information from India’s 600 million internet users, it also risks balkanizing the internet with the types of government controls seen in countries like China.
According to the new rules, which were leaked on Tuesday, the Indian government would require technology companies to garner consent from users before collecting and processing their personal data. A newly proposed government agency, the Data Protection Authority, will write specific rules, monitor how companies are applying them and mediate to settle disputes.
While the bill, dubbed the “Personal Data Protection Bill 2019,” addresses long standing needs for data protection in India, it also posits more worrying concerns about authoritarian overreach by the government.
According to the current draft, which is expected to be debated by lawmakers over the next few weeks, the rules would allow the government to “exempt any agency of government from application of Act in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order.”
Of equal concern is how the bill mandates the use of public data by the government. One rule seeks to grant the government the power to ask any “data fiduciary or data processor” to hand over “anonymized non-personal data” with the aim of helping legislators deliver better governance and services to their citizens.
While the bill is unclear, this could essentially allow the government to request user data from social media platforms like Facebook and Twitter.
Critics of the bill have been quick to highlight their concerns. Udbhav Tiwari, a public policy advisor at Mozilla, said the bill would “represent new, significant threats to Indians’ privacy. If Indians are to be truly protected, it is urgent that the Parliament reviews and addresses these dangerous provisions before they become law.”
The draft has also come under fire from a judge who led the committee that drafted an earlier version of the bill. Justice BN Srikrishna said the new version is “dangerous” and could turn India into an “Orwellian State”.
“They have removed the safeguards,” said Srikrishna. “That is most dangerous. The government can at any time access private data or government agency data on grounds of sovereignty or public order. This has dangerous implications.”
Rahul Matthan, a partner at the Indian law firm Trilegal, said that businesses had real concerns as to whether the new data authority would have the capacity to manage all of its responsibilities. “We are expecting this Data Protection Authority to be at the standard of a G.D.P.R. without any experience,” Matthan told the New York Times. “That’s a tall ask.”
You can read a good breakdown of the bill in this Twitter thread by digital advocates Media Nama.
My favorite Coda piece this week:
Scant coverage has been given to Algeria, where a popular protest movement against an entrenched regime has mobilized weekly protests for over 40 weeks. Ahead of a presidential election last Thursday, we published this story by Layli Faroudi about how pro-regime social media accounts, dubbed “electronic flies”, targeted platforms like Facebook and Twitter with fake news and fear mongering.
Recommended reads:
- China is about to become becoming the first major economy to issue sovereign digital money. According to reports, a digital currency has been in development In China for several years and may be rolled out in a small-scale pilot in Shenzhen as early as this month, before expanding in 2020. Important questions about privacy and anonymity, as well as how much transaction information the government will be able to access, remain unanswered. (MIT Technology Review)
- From offering users the chance to take a Tai Chi class, fly above New York City or even have a guided meditation with Jesus, virtual reality headsets like the Oculus Quest are having a major effect on retail, science and security. In this entertaining and often funny essay, Patricia Marx tries out the best of the Oculus store. (New Yorker)
If you have any tips about how governments and companies use authoritarian technology, you can send me an email at [email protected] or contact me on @BWazir1.