2020 has been a challenging year, not just on the COVID-19 front but also in ways technology affected us. As the pandemic increased our dependence on technology questions of privacy, surveillance and accountability of technology came to the fore once again.
Here are three resolutions for the Indian government to follow up on in 2021, regarding our cyberspace.
The first resolution the government must take, regarding technology and policies of our cyberspace, is to be transparent with citizens.
2020 witnessed big strides in technology-related policy measures. However, transparency regarding policy consultations, decisions and implementation left much to be desired.
Case in point being Aarogya Setu, a COVID-19 contact tracing app that was made mandatory for all citizens but without transparency towards the very citizens it sought to help.
In a shocking revelation, in October, the Central Information Commission (CIC) slammed the Ministry of Electronics and Information Technology (MeitY) for having “no clue” about the origin of the government’s vaunted coronavirus tracing app, and issued show cause notices to information officers in the ministry for their evasive replies to RTI requests on this issue.
“None of the CPIOs were able to explain anything regarding who created the App, where are the files, and the same is extremely preposterous.”Order of Information Commissioner dated 27 October
Next resolution is accountability. The government must be accountable regarding the use (and misuse) of technology and provide information on how they are being deployed.
A perennial complaint that technology and privacy activists have of innovations and policies pushed by the government is regarding the limited accountability towards the public.
Increasingly, policy consultation and deliberation processes have been observed to be opaque and unaccountable towards the very people they affect.
The Internet Freedom Foundation highlighted a similar issue with the drafting of the non-personal data policy by a Committee set up by the Ministry of Electronics and IT.
On 20 August 2020, IFF filed a Right to Information (RTI) request with the Ministry of Electronics and Information Technology, asking them to provide copies of documents relating to the functioning of the committee of experts, the minutes of meetings of the committee and any other document which were related to its functioning.
“On 19 September 2020, we received a reply from them stating that the Ministry maintains no record of the internal functioning of the committee of experts,” IFF stated in its official post.
3. A Genuine Regard for Privacy
Third is respect for user privacy on the internet and respect for user data.
India is among the very few countries that still do not have a data protection law. In December 2019, the bill was referred to a joint parliamentary committee headed by BJP MP Meenakshi Lekhi.
The absence of a robust and citizen-centric law was felt sharply in the controversies surrounding Aarogya Setu. Despite collecting sensitive health and location data of millions of Indians, the Aarogya Setu app lacks any legislative basis and powers have not been provided under any statutory instrument to mandate use of the app, IFF writes.
In an interview with The Indian Express, Retired Justice BN Srikrishna, who headed the Committee on Data Protection constituted by the MeitY, has endorsed this view and stated that making use of the Aarogya Setu app mandatory without enabling legislation is completely illegal.
“Mandatory imposition of Aarogya Setu amounts to an infringement of fundamental rights of citizens because it could lead to privacy violations and exclusion, and therefore, such a measure must be supported by legislative authorization,” IFF states in its blog.