Logo

Defender of your Digital Freedom

Home > The Week > India needs to adopt a data protection regime for free and fair election

India needs to adopt a data protection regime for free and fair election

Aug 13,2018 | 08:55 am

Currently India doesn’t have a strong data protection law. Prasanth Sugathan wrote about the necessity of a robust law.

A 2013 study by IRIS Knowledge Foundation and the Internet and Mobile Association of India claimed that Facebook users could swing results in around 160 constituencies in the 2014 general election. Although when this study was published, it was often cited to show the positive impact of social media, the controversy surrounding the Trump victory has shown the other, darker side—how social media could be used to manipulate the electorate and win elections.

The Cambridge Analytica expose and the resulting investigations and testimonies have revealed the transfer of data of millions of Facebook users to third parties; data that was then used for profiling and targeted campaigns. Indian political parties have also been documented to have contracted firms involved in this data breach to manage their social media campaigns

Indian citizens have practically no recourse against the unauthorised use of their data and profiling under the current laws in the country. The Information Technology Act, 2000 gives very limited protection to users from misuse of their data. 

The Cambridge Analytica saga has shown that manipulation of electorate on social media is a reality and there should be sufficient protection in place to prevent this. With the general election only a year away, there is an urgent need to enact a data protection law to give sufficient protection for citizens against misuse of their data. A committee of experts headed by Justice B.N. Srikrishna has been formed to suggest a draft data protection bill for the country. The committee had published a white paper which has received good response from diverse stakeholders. 

In European Union, the existing Data Protection Directive of 1995 and the new General Data Protection Regulation (GDPR) which rolls out on May 25, 2018 provide Europeans sufficient protection from the unauthorised collection, transfer and misuse of their data. This data breach scandal would give sufficient impetus for the committee of experts to propose a robust law modelled on the principles in the GDPR to provide a rights-based framework to protect the right to privacy of Indian citizens in the digital space. GDPR proposes a privacy by design principle where enterprises have to build systems that are designed to protect privacy rights of the users, rather than it being implemented as an after thought. 

GDPR makes it mandatory for organisations collecting data to have clear and affirmative consent from the user to process that data. Thus, vague and unclear privacy policies permitting transfer of data to third parties will be a thing of the past. GDPR also allows users to access their data that an organisation has and provides for the data to be deleted when desired by the user. Both of these are necessary for people to be able to take control of their data.

Indian organisations have often displayed a lax attitude in handling data of users. Security researchers have shown the apps of major political parties to be insecure and sharing data with third parties. If the Indian data protection law is based on the principles found in GDPR, it would provide a robust framework which would require a major rethink by organisations handling data, including the political parties.

If the data protection law becomes operational before the next general elections, it will be a steep learning curve for the political parties who take the data of users for granted and do not think twice before bombarding them with messages and calls. The Cambridge Analytica episode has helped in igniting a debate on the misuse of personal data and it being used for profiling and electoral manipulation.

With organisations including political parties collecting vast amount of data from users, either directly or through data brokers, there needs to be a strict control on its use. With data being a differentiator, the law should also ensure that such data is not transferred to third parties and used for purposes beyond the consent given by users. The new data protection regime in India could be a game changer for internet companies as well as political parties.

Telcos may cash in on loopholes in Trai regulation, warn experts

Prasanth Sugathan was quoted in the article.

No Patents for Standalone Software

In context of the latest guidelines of the Office of the Controller General of Patents, Designs & Trade Marks (CGPDTM) ...

Patents Office rolls back guidelines allowing patenting for software, hailed as victory for startups

Prasanth Sugathan was quoted in the article as saying, "The legislature by limiting the scope of patentable subject matter in ...

This new website will solve all your online privacy issues

SFLC.in’s new initiative, Privacy Bytes, a new website that contains resources on online privacy-related issues, matters and cases in India ...

Introduction of virtual Aadhaar case of too little, too late: Experts

In context of the launch of virtual Aadhaar, Mishi Choudhary was quoted as saying, “What Aadhaar needs is an overhaul ...

The number of Internet shutdowns in India is startling: SFLC

The Economic Times published an interview with Mishi Choudhary about the launch of portal internetshutdowns.in. Neha discussed various topics in ...

Telcos are allegedly deactivating mobile numbers which are not linked to Aadhaar

In an article discussing several instances of mobile network companies forcing people to link Aadhaar and deactivating their services in ...

Aadhaar hearings: Mandatory linking of Aadhaar with bank accounts violates the ‘Right to Equality’, argue petitioners

Our tweets from the Aadhaar hearings were used to write a news article on the hearing.

Privacy: Why it is important for users to protect their own data

Mishi Choudhary was quoted in an article that shed light on the importance of protecting one’s data.

SFLC expresses dismay at SC’s decision to exempt Section 7 from Aadhaar-linking deadline extension

Our statement on the Supreme Court decision to not exempt Section 7 of the Aadhaar Act from its interim order ...