When state violates privacy, others get free ride: Cong data analytics head

On the lines of the GDPR, which the European Union implemented in May, the report talks about transactional consent, which I think is the right way to go, says Congress data analytics head

The Justice Srikrishna Committee report on data protection released in the last week of July has received laudatory responses from various sections of the economy. Praveen Chakravarty, head of data analytics at the Indian National Congress, speaks to Abhishek Waghmare on the pros and cons of the report, and India’s dire need for a strong and robust privacy regime. Edited excerpts:

As the head of data in the principal Opposition party, what are your thoughts on the Srikrishna report on data protection?

I am glad that the government, which had said that privacy is not a fundamental right in the Aadhaar case, has moved away from its stand, and has recognised that we need a data privacy framework. It is a welcome sign.

What constitute public and private data?

For example, a tweet that I put out is public. Anybody can use it, comment on it, analyse all tweets together to get an inference. But say my mobile number is private. Can anybody call or text me without my consent? No. Before anybody engages with my data, I must have the right to provide consent for the same.

What kind of privacy should the regime set forth? What should be the role of the state in this matter?

On the lines of the GDPR, which the European Union implemented in May, the report talks about transactional consent, which I think is the right way to go, and not a once-and-for-all kind of consent.

However, there are serious issues related to the blanket exemptions granted to the government by the committee. There seems to be the philosophy that the state is all-powerful and must be given exemptions for violating privacy rights.

But the government needs even private data for implementation of welfare schemes, and for planning public investment.

I am sure that there are cases of national interest, and there might be a variety of reasons that we (state) may have to do this. But those uses of private data must go through legislative processes or parliamentary committees. There has to be a second-level check.

We are living in times when all of us get unsolicited emails from the Prime Minister’s Office on Mann Ki Baat, we get unsolicited SMSes from MyGov.in. We know what is happening in the world of WhatsApp and the rumours.

We know that the state has an inclination to misuse private data. So, to what extent can we trust the state (as a political entity) to give blanket exemptions? What about the privacy violations by companies who deal with the public at large, say for example the telecom companies? I never signed up for Mann ki Baat text messages. The moment you have the state violating privacy, then others just get a free ride. And that is why I personally think this report is a much-needed step, though very late.

The report dwells on data localisation. Is that viable? 

When the Internet arrived, we used to say, "Geography is history!" But today, the rationale behind data localisation is worth understanding. To prevent the public use of private data in remote locations, this is necessary. I am sympathetic to the idea of data localisation. I understand where it is coming from.

Even before privacy arrives, many institutions do not have the wherewithal to maintain sophisticated database systems. How will they cope?

True. But this is exactly what the privacy law can help accomplish. Say if a company cannot private user data properly and a breach happens, such an entity can be held liable and responsible under the privacy law that will take shape. Under a strong privacy regime, the company’s incentive to encrypt and take care of private personal data takes precedence. Most entities would opt for not storing and using the data in the first place.

How should the government go forward now?

The privacy bill should not witness the same rout that the Aadhaar bill witnessed under the garb of introducing it as a "money bill". Privacy is too serious an issue and we must ensure that this doesn’t happen in the case of the privacy bill. The nation needs a privacy regime and before we build that, we need extensive discussions and deliberations, which have no alternative. The only big problem with the report is that there is a higher bar for consent but a very low bar for state exemptions. That should be corrected.