1. Right to Privacy case: Making data controllers accountable will be a good start

Right to Privacy case: Making data controllers accountable will be a good start

Whether or not the Supreme Court reverses its stand and concludes privacy is a fundamental right remains to be seen, but in either event it is critical to secure the data being given to a plethora of organisations.

By: | New Delhi | Published: August 12, 2017 5:30 AM
privacy, right to privacy, aadhaar, supreme court, right to privacy case, financial express Takshashila argues that true data protection can be secured through a “rights-based model” based on accountability of the data controller, autonomy of the user over her data and security of the data.

Whether or not the Supreme Court reverses its stand and concludes privacy is a fundamental right remains to be seen, but in either event it is critical to secure the data being given to a plethora of organisations like Apple, Google and Facebook and countless apps, and not just to Aadhaar though the public imagination seems to have got fixated with it. Recognising this, SC has tasked the Justice BN Srikrishna panel with recommending a framework for data protection. Against such a backdrop, a discussion paper by the Bengaluru-based Takshashila Institution lends some perspective on how such a legal framework should look like. The paper posits that the present ‘consent model’—one in which the data controller is free to collect, process and use the data once a user has given her consent—doesn’t offer complete, or even adequate, data protection. This could be because the user doesn’t always understand what she is giving her ‘consent’ to or the ‘consent’ can be forced—the majority of apps can’t be loaded without giving access to your phone-book, etc. Also, with data being collected, processed and used in far too many ways by far too many platforms for an average user to comprehend—interconnected databases and artificial learning complicate the scenario further—there is consent fatigue.

Takshashila argues that true data protection can be secured through a “rights-based model” based on accountability of the data controller, autonomy of the user over her data and security of the data. The model will guarantee certain broad rights to individuals, with the onus on the controller that these are not violated. In this model, the individual has a right to opt out of the processing of the data collected by a controller at any point of time. The controller will have to show the subject all the data that it has collected/or intends to collect on an interactive dashboard, and the ways in which this can be processed. The user can then opt out of data processing for certain categories or for certain outcomes, even as the dashboard informs her of the consequences—for instance, withdrawing consent for location tracking will mean that the data subject can’t use navigation services necessary for using, say, Uber. In this model, the data controller must assure security of the data collected, it must share information with the subject regarding what use the data has been put to or with whom has it been shared. While it is difficult to argue that the data controller must compensate the subject if there is discrimination due to data use—journalists’ data may suggest, for instance, to bankers that they don’t repay loans on time—the overall approach is a sound one.

  1. R
    Reader
    Oct 11, 2017 at 6:31 pm
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    Reply
    1. R
      Reader
      Oct 11, 2017 at 6:30 pm
      UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
      Reply
      1. R
        Reader
        Oct 11, 2017 at 6:30 pm
        The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
        Reply

        Go to Top