“What we are seeing in the debates around privacy is not just about privacy. It is about what it means for a state to respect the rights of people, but also to respect the law. [Currently we see] A state that refuses to respect the law and [proponents for] technologies that say that the law is an obstacle and needs to be set aside. That’s the place where we are having to [now] debate this question called privacy,” said Dr. Usha Ramanathan during the Keynote address at PrivacyNama, MediaNama’s premier virtual conference on data governance and privacy held on October 6, 7 and 11, 2022.
Moderated by MediaNama’s Editor Nikhil Pawha, Ramanathan’s speech covered not only the importance of privacy, but of the responsibility of citizens to fight for it when the state fails to protect it. This is all the more relevant given India’s yet-to-be-passed privacy and data protection law—in its absence, citizens’ have little scope to protect and expand their privacy rights in a rapidly digitising state.
“The job the Constitution gives the state is to preserve and protect and expand the rights of the people. The job of the state is not to control the people. It is to expand freedom. It is to expand liberty. That’s why we have the state. Nobody is going to vote for a jailer. You vote for someone who keeps you free,” added Dr. Ramanathan, who works on the jurisprudence of law, poverty and rights. A foundational voice in raising privacy concerns over India’s national ID project, Ramanathan has extensively written on and debated issues of technology and the human conditions of freedom and liberty. She was also a member of the Expert Group on Privacy set up by the Planning Commission of India, which submitted its report in October 2012, and was awarded Access Now’s Human Rights Heroes Award in 2019.
MediaNama is hosting these discussions with support from Mozilla, Meta, Walmart, Amazon, the Centre for Communication Governance at NLU Delhi, Access Now, the Centre for Internet and Society, and the Advertising Standards Council of India.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
When was the promise of technology replaced with privacy concerns?
One of the questions that arose from technology was certainly [the] privacy [one]. We quickly found that from [or amidst] the excitement around technology, something was creeping in, and placing us at the centre of the experimenting that was going on [by companies and the state]. The first sign of this was when the UID [Unique Identification] project started in India. That’s when we noticed that there were ambitions that technology was harbouring which were way beyond anything that could produce excitement.
What alarm bells did UID raise in the early days?
We were curious about how technology [UID] would help the poor get their benefits [as it had promised]. But, it soon became clear that this was the explanation that was being given so that the project would surge ahead.
Three words were very significant [in the early discussions on the project]. The first was ‘unique’. It became clear that it [UID] was about making every person uniquely identifiable by a number. Then they [the proponents of UID] were talking about ‘presencelessness’—we realised how important that number was because the person was displaced [by it]. After unique, was the use of ‘ubiquitous’. They [the proponents of UID] were saying that the best way to get everyone to adopt it was by making everyone put their number in every database. If they have to put it in, then it becomes impossible for them not to enter the UID system.
Why was the UID project harmful to Indians and their privacy before the state?
There are large parts of digitisation which are extremely helpful—provided it [these efforts] is not succeeded by something [a policy] that converts digitized documents into something else. We found that following digitisation, the UID project came in, which was expressly intended to create multiple databases. The [identifying] number [for a citizen] that would be generated [from the UID project] would be put into multiple databases, creating the potential for convergence [of information].
Convergence has two outcomes. One was centralisation. With it came the idea that the state would now be able to look at every citizen—and make every citizen transfer into the state.
The moment this happens, the transparency of the individual before the state would arise. [It was very clear that] Centralisation would produce surveillance structures of various kinds.
It was also clear that with the collaboration that was happening between businesses and the state, this would also result in the commercialisation of the data.
How did UID onboard citizens and what effects did this have on citizenship, and fundamental rights?
What worried many of us was the targeting of people so that it [UID] could gain legitimacy. These were people who would not be able to resist the state, who required its support. If people in this condition are told that they’ve got to get on to the system, how will they resist? They’re told that they won’t be able to access food, work, scholarships, pensions, or disability payments, because unless they’re on the [UID] system, they’re not going to get the support of the state.
We noticed, at that time, the emergence of the mandated citizen. You can call yourself a citizen, but you don’t have a choice over whether you want to share certain things with the state or not. It’s not just about consent. It’s also about choice.
What has the Indian government’s stance on the right to privacy been in the past?
[In the context of UID] Telling a citizen that I will penalize you because you will not give me information about yourself that I wish to have, is an extraordinary thing for a state to do.
Now, while we were still thinking that was extraordinary, the government actually went to the Supreme Court, and said people in this country don’t have a right to privacy. Since the UIDAI project started, we’ve had three Attorneys General [Goolam Essaji Vahanvati, Mukul Rohatgi, and K.K. Venugopal], each of whom has said privacy is not to be bothered about [in Court].
[In the larger context] When you talk about privacy, very often people will ask, why do you want privacy? This is a way of [the government] turning it [the argument] around to [the citizen] to say that you have to explain why you have a right, which is a fundamentally flawed approach. I have a right whether I like it or not, whether you like it or not, whether I use it or not.
How have Indian Courts approached privacy?
The A.P. Shah Committee [formed to outline the principles of the Right to Privacy] gave its report in 2012. [It noted that] In the first two decades of our Constitution, the Supreme Court was still treating rights narrowly, and state power was much broader [in its ambit]. But in 1967, that changed. The court categorically shifted from that [perspective] and said that what the state can do is limited by the rights of the people. After that, the idea of privacy shifted. To illustrate, limits were placed on the kind of surveillance that the state can launch, even on a person who is a suspect.
Did the Supreme Court’s Puttaswamy v Union of India (2017) judgment do enough to uphold privacy and restrict the power of the state?
It was an excellent judgment. My take is that it’s not about the Court doing enough. It’s a judgment for us [citizens] and we need to work very much more with it.
What recourse is available to citizens and users of technology to gain agency and control over data?
I have met many people who don’t want to change any of their technology habits but want their rights to remain. I don’t see how that is possible. If you offer yourself as a customer first, and if you think convenience is greater than freedom, then it’s very difficult to find an answer to this question. Citizenship means taking responsibility for what is happening. That can’t be done by being a good customer. This doesn’t mean you don’t use technology, but in many cases, you [can] use your mind.
How do we balance our willingness to share personal data for larger benefits, against it being misused against us?
Everything is not just about consent[ing to services], it is about choice. In fundamental rights jurisprudence, you have to come back to this. The most significant thing that’s happened in this whole time [of technological innovation], is the waiver of fundamental rights. [This is] The idea is that you can say it’s okay, for convenience, I’m willing to allow for my right to privacy to be waived. But, when you run businesses which ask for a waiver of your fundamental right [to privacy in this way], then the way in which that business is run will have to be reworked.
Is fighting for privacy the individual’s responsibility—or the state’s?
I don’t think anyone should have to be fighting for their rights all their lives. You only need to step in when you find that there are no institutions picking up [your battles] for you. If we depend on the institution which is not doing it [protecting our rights] for us, then we end up losing.
Where do we draw the line—how do we know when profiling begins to violate privacy?
We are being told there are no lines [or thresholds]—the lines will be drawn after the technologies have decided what [information] they want to take out of you, which is what happened with the UID project too. They started in 2009. In 2016 they said, okay, we’ll draw it [the line] here. Then the Supreme Court redrew it for them [with Puttaswamy]. In 2019, they redrew it for themselves, and then they carried on like no lines exist.
How are the ethics of the debate on innovation at the cost of fundamental freedoms defined?
There is one core constitutional value that too many of us have abandoned or never had in the first place, which is fraternity. In 2017, I remember there was outrage when the government proposed linking bank accounts to UID numbers. There was no outrage when a child died because she hadn’t eaten for eight days—they [her family] was not able to link their UID number with the PDS system. When we are outraged by that [too], that constitutes ethics.”
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Read More
- Who Owns The UID Database? – Usha Ramanathan
- Government Says “Trust Us” With Data But Must A Democracy Be Expected To Trust The Government? #PrivacyNama2022
- ‘Data Is A Part Of Competition, We Can No Longer Turn A Blind Eye Towards It’: #PrivacyNama2022
- Doosra Seeks To Simplify Business Communication With A Layer Of Privacy #PrivacyNama2022