Move fast and fix things-Individual users’ privacy cannot be safeguarded on platforms such as Facebook without institutional reform

• Rather than merely documenting a violation of user trust by Facebook, which has received extensive commentary, let us focus on walking towards solutions.
• Here, it is important to consider how the underlying cause for our deficient national response is a lack of institutional capacity to respond to such challenges.
• It is instructive to take just data protection and privacy and go instance-by-instance to see how the government response is best summed up as, ‘move slow and calm things’.

         Scandals unnoticed

• Even prior to the disclosures by Cambridge Analytica, Indian civil society activists had fought against Facebook very publicly on net neutrality.
• The company had proposed to offer users without Internet on their phones a platform called “Free Basics”, with a bouquet of essential websites.
• The opposition to “Free Basics” won, with a ban on it being imposed by the telecom regulator.
• Then, as now, there is no data protection authority or an office of a privacy commissioner to investigate and independently audit platforms such as Free Basics.
• This practice of data hoarding became clear when after acquiring WhatsApp, it changed its privacy policy with effect from September 2016.
• It allowed sharing a user’s metadata between WhatsApp and Facebook, without clearly explaining what was being shared and how it was being used.
• Changes to these terms of service were challenged in a public interest petition in the Delhi High Court, which dismissed this legal challenge, noting among other things that at the time the status of the fundamental right to privacy was disputed, based on an objection by the Central government.
• The WhatsApp-Facebook case is still pending in the Supreme Court.

         Cambridge Analytica alarm

• By March 2018 the Cambridge Analytica exposé gathered steam.
• Blockbuster reports by The New York Times and The Observer documented the compromising of personal data of Facebook users to micro-target them with subtle forms of political campaigning without their knowledge.
• This was reportedly aimed at influencing their voting preferences and the outcome of elections.
• This immediately acquired a cynical hue in India, with a whodunnit approach in which petty and personal allegations flew in television debates.
• Concurrently the Parliamentary Standing Committee on IT in April 2018 also started examining this issue.
• Subsequently, the matter at the ministerial level was referred to the Central Bureau of Investigation, which launched a preliminary investigation in September 2018.
• Till date, there is little public information on movement in this investigation.

        Public welfare, institutions

• Let us remember that many of these problems go much beyond Facebook, to the entire wave of digitisation from the big building blocks down to a fine grain of Indian society.
• Movement on a privacy law has become gridlocked in recent months.
• A draft law to safeguard it is beset with controversy in a closed drafting process without much transparency.
• On the other hand, the government has prioritised more data collection and privacy-impairing legislation.
• Another instance is the political firestorm after Ministry of Home Affairs issued a notification authorising digital surveillance by 10 Central government agencies.
• The government must act with urgency. To properly harness digitisation, we now have the challenge of developing and prioritising institutions of governance to protect users.
• This must start immediately with a strong, rights-protecting, comprehensive privacy law.

The Hindu