Prasanth Sugathan wrote an article on the need for India to update its privacy and data protection laws in light of the recognition of the Right to Privacy by the Supreme Court and the coming into force of EU’s GDPR.
Internet services ranging from social networking to video sharing and instant messaging have thrived on a regime of minimum regulation across the world. However, the latest issues surrounding misuse of user data by Facebook have made Governments and users to suggest more regulation over the information behemoths.
The past decade has seen online service providers dominate the tech landscape which has been growing at an exponential rates. Spurred by the business model based on monetisation of data, companies like Facebook and Google have transformed themselves into virtual monopolies.
The Need For Regulation And Policies
Players in the online space have often advocated a light touch regulation model and they have been largely self-regulated by their terms of service and privacy policies. These policies give little choice to the users and are designed to make them give consent to the usage of their data as these companies wish.
In the case of content, the online companies have enjoyed a safe harbour protection in most jurisdictions, making them immune to liabilities arising out of user generated content. This protection has helped the companies to be the torch bearers of free expression and have endeared them to users including human rights defenders across the world.
However, the Cambridge Analytica expose has showed that these companies have taken the users and their trust for granted and this has forced regulators to initiate enquiries against them. With the increase in user base and the network effect, the data handled by these information giants is huge. This treasure trove of information has given rise to a new breed of companies thriving on this data and Cambridge Analytica incident could be a tip of the iceberg.
India Should Bring Laws Similar To GDPR
European lawmakers have been ahead of the rest of the world in drafting laws for privacy in the online space and have a stricter data protection law called General Data Protection Regulation (GDPR) being rolled out in May 2018. There is also a proposal for a strong ePrivacy Regulation to control the collection of information using cookies about user behaviour online. The recent events could force many states including India to follow the European lead in regulating online service providers.
The online players have only themselves to blame if they find themselves to be in for a tough regulatory regime. In India, the committee under the Chairmanship of Justice B.N.Srikrishna tasked with making specific suggestions on principles to be considered for data protection in India could soon be coming out with their recommendations and the recent incidents would surely influence it.
GDPR mandates organisations to get clear and affirmative consent from the user for processing the data. It also provides users options to seek information about the usage and processing of their data, the right to rectify data, the right to restrict processing, right to data portability to obtain and reuse their data and the right to object their data being used for profiling. The principles of GDPR could soon form the basis for data protection laws in different jurisdictions as demand for reining in social networking companies gather steam.
On A Concluding Note
It is time for online companies including those in India to brace for stricter regulation in the area of privacy and data protection. In India, the nine-judge constitutional bench has conclusively affirmed that privacy is a fundamental right. The safe harbour protection from liability in the case of content that intermediaries enjoy could also be eroding with greater scrutiny on issues like fake news. It is time for online companies to act tough on issues like fake news and online harassment or face tougher regulations from Governments.
The business models that thrive on user profiling have to stop and stricter regulations on online intermediaries could soon be the norm across the globe. There is realisation across the world that users need to gain back control over their data. The online players have to warm up to the fact that the days of light-touch regulation are finally over and that user rights are paramount and have to triumph over business interests.