Can’t have security trumping privacy and vice versa
The face-off between the Centre and WhatsApp on the issue of privacy of users needs to be resolved with both sides moderating their stances. Freedom of speech is important as is privacy, but social media platforms do need to be regulated since messaging services with such large numbers of users can potentially cause disruptions. There is apprehension the government may call upon the messaging service very frequently to know the first originator of a message, although it has listed some specific instances which would trigger a request on its part. There is also anxiety the government could try to stifle dissent. Difficult as it may appear, we need to find a way to allow users to express their views on social media/messaging services without their privacy being impinged, but also without empowering anyone to play mischief.
WhatsApp claims that tracing the first originator would require the end -to-end encryption of the messaging service to be broken and, in the process, the privacy principles underlying these too would be infringed. This argument stems from the nature of the technology which cannot predict which message would need to be traced; consequently, the platform would need to build the capability to identify the first originator for every message sent. While it isn’t clear whether this is possible, or how easy or difficult this is, but if alternative identification systems can be built, half the battle would be won. For its part, the government needs to take a fresh look at the rules and seek wider consultation; it is true that fundamental rights may not be absolute, but the restrictions must comply with the tests of legality, necessity and proportionality, as outlined by the Supreme Court in the 2017 Puttaswamy judgment.
Legal experts argue the executive may have over-stepped its powers while framing the IT rules put out in February this year. Some believe the IT Act should have been amended to incorporate some of the conditions, which currently draw only from the rules. They point out, for instance, that due diligence under the IT Act does not contemplate the identification of any users, and the rules thus cannot introduce this mandate. With regards to concerns over exercise of the powers, unbridled freedom of speech is not permissible, but neither is the possibility, however low, of the government being able to block dissent of every sort. The rules need to be framed such that social media intermediaries are regulated but without altogether clamping down on them. The security of the nation or tackling serious crimes like sexual abuse, especially of children, are no doubt of the utmost importance, but the regulations too need to be fair. To be sure, one cannot rule out instances of unfairness in any system; but the objective of the legislation should be to minimise these. Perhaps draconian measures like imprisonment can be done away with.
Sadly, India does not yet have a data protection law although a draft personal data protection Bill is currently being considered by a joint committee of Parliament. The PDP Bill essentially deals with how personal data—sensitive data including financial information—is processed by government and companies. Hopefully, the legislation, when it is enforced, will protect individuals.