The advent of 2021 has put the Tech World in a frenzy with a multitude of rules, guidelines, and notifications coming into play, with the view of scrambling the tech companies off their feet and making them amenable to the law of the land. One such set of rules is the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 which has been in the limelight since its introduction in February 2021, with the recent controversy surrounding Twitter and WhatsApp. The ongoing discussions surrounding social media rules bring to the spotlight one key issue: Privacy. In the modern era, privacy is considered a fundamental right and an integral component of all communication on the Web. Unfortunately, in the clash of government rules and tech policies, the one stakeholder that suffers the most is the Consumer.
In the backdrop of the race to personal data dominance between Big Tech-hegemony and State-intervention, the authors seek to analyse the changing countours of Privacy over the years since 2017 and its impact on consumer preferences.
DOES THE IT RULES 2021 CONTRAVENE THE TENETS OF THE K.S. PUTTASWAMY JUDGEMENT?
In the famous case of K.S. Puttaswamy vs Union of India (W.P. (C) NO. 342/ 2017), the Supreme Court held Privacy, inclusive of one’s rights over personal decisions, bodily integrity, and protection of personal information, as a fundamental right within the ambit of Article 21 of the Indian Constitution. It is a landmark judgment that is of great significance due to the stance taken by the Apex Court in the pivotal issue of Personal & Data Privacy.
However, looking into the provisions of the IT Rules 2021 in the optic of the Puttaswamy judgment, social media intermediaries will have to maintain access to the messages of users to be able to abide by the mandatory requirement of tracing the origin of messages, thereby infringing the end-to-end encryption and creating a substantial breach of privacy, along with raising concerns on security of the data obtained and stored. The purpose of tracing the messages is to aid the law enforcement agencies in tracing those who are accused of spreading fake, inciteful, or offensive messages, and in bringing them to justice accordingly. Furthermore, the 2021 IT Rules take into consideration the interest of the nation’s sovereignty, public order, morality, and national security for making tracing mandatory. Stanford Internet Observatory Scholar Riana Pfefferkorn in her opinion observes that, “The new traceability and filtering requirements may put an end to end-to-end encryption in India.” The logical follow-up is that in India, where there is an absence of a specific Data Privacy Law, this mandatory procedure could be deleterious as because there is no legislative measure that safeguards the users against the arbitrary use of traceability.
In context to whether the newly introduced IT Rules is in breach of the constitutional safeguards laid down in the Puttaswamy judgment, the answer is two-fold – First, in its observation, the Court made it abundantly clear that the fundamental right of Privacy accorded to the citizens is not absolute and it is subject to reasonable restrictions by the State, which is expressly mentioned under Part III of the Indian Constitution corresponding to Fundamental Rights. The Court opined that any exception made has to be for the interception of data by the State on the grounds of national security & public order and morality. In consonance with the exception, a “Triple Test” needs to be adhered to for any infringement of privacy by the State to be legitimate, which ordains that any State action should:
(i) Have a “Legitimate Aim” that should be inclusive of goals of the State, i.e. security, proper deployment of resources, etc.
(ii) Have “Proportionality” which underlines the rational nexus between the object and the means that would be adopted to achieve the object
(iii) Have “Legality” vis-à-vis the law of the land.
Second, it has to be noted that in its judgment, the Apex Court mentioned also the need for data protection laws for citizens. The Court undertook a notably worthy and pro-active outlook aimed at citizen-welfare. Although the judgment was pronounced three years ago, yet there lies confusion on the enactment and enforcement of the Personal Data Protection Bill to date. At this juncture, one cannot set aside the fear or aspersion of the provisions being used potentially as a weapon for infringement of privacy as the rules give wide powers to the Government to strong-arm the social media intermediaries to procure users’ data.
Hence, a concern of a risk of potential breach of the Puttaswamy judgment arises, all the more now as the State has introduced a set of Rules which legitimizes the interception of data and the tracing of the first originator of messages, in the absence of an appropriate data protection law – and this places citizen-welfare and autonomy in a precarious spot.
THE LION AND THE RINGMASTER: THE CIRCUS SHOW OF FACEBOOK, WHATSAPP & CCI
In recent times, news has been strife about the legal matter in the doors of the Delhi High Court of WhatsApp’s Privacy Policy being put to scrutiny by the competition regulator by way of a Suo moto cognizance. Prior to diving into the row between the Competition Commission of India (CCI). & WhatsApp, one needs to understand the concept of Suo moto cognizance and the working of the CCI. Suo moto cognizance essentially means the legal action taken by the government or authorities upon receiving information regarding violation of rights or any infringement thereof. The purpose for the establishment of CCI is to promote a competitive environment which brings better goods and services to the consumers. One of the main duties of the CCI is to protect the interest of the consumers and ensure freedom of trade. In the fulfillment of its duties, as per Section 19 of the Competition Act 2002, CCI can inquire into alleged contravention of their provisions, upon receipt of information from persons/trade associations or from references made by the Central/State Government. Moreover, according to Section 60 of the Act, the provisions will have an overriding effect over any law in force, notwithstanding anything inconsistent therein. This means the CCI will have the power to take matters in its hands which it believes falls within its purview, and accordingly issue notices or conduct probes.
On the face of it, consumer welfare seems to have prompted the CCI to launch an inquiry into the putative abuse of market dominance by Facebook and WhatsApp. The nose-diving of the CCI by taking a Suo motu cognizance of the matter (the very first in relation to social media intermediaries!) is in contrast to its generally placated self, and it seems to have been triggered after Whatsapp introduced a revamped privacy policy in January of this year. To draw a parallel, comparable to the German competition authority, the CCI also considers data & privacy protection to be a strand of qualitative non-price competition, which basically means that the competition rules must be evoked to discipline any commercial entity which is abusing its dominant position by causing a slump in its service quality by coercing or forcing users to adhere to such terms and conditions that might damage their privacy rights.
As much as the heart of the CCI is at the right place, however, the haste in which this probe is being undertaken against one of the largest Big Tech conglomerates functioning in India seems not just uncanny, but can also lead to legal ambiguities in the near future considering that the nation is gearing up for the advent of a new data protection law. If the CCI doesn’t introspect and perform a course correction, then it is gearing itself up for an impending discordance with the Personal Data Protection Bill, which is now being refined under the auspices of the Joint Parliamentary Committee of the Indian Parliament.
Ostensibly, the CCI seems to be driven by impulse and an arguably shallow grasp of the link between privacy and competition in its rush to straighten Facebook and WhatsApp out. Curiously, the entire premise of the CCI behind its examination of the Big Tech conglomerate is based on the notion that data becomes an integral ingredient of competition by virtue of being the price the consumer has to pay for availing services of social media & messaging platforms – thus, what CCI essentially contends is that the market dominance of Facebook and Whatsapp increases with a decrease in the levels of privacy.
However, there is a critical oversight from the CCI’s end in its approach. As much as the concerns, needs, and necessities of protection and preservation of data and privacy are crucial to consumer welfare, nonetheless credible research showcases that consumers profess to be very concerned about their data and privacy, although they also continue to provide their personal as well as sensitive data to platforms that provide free services on the internet – a contradiction that we call the “Privacy Paradox” in common parlance.
Hence, it may come as a surprise, but research shows that a substantial chunk of the consumer base for digital services in India believes that their personal data is a good barter to avail “free” services offered by platforms and subsequently targeted advertisements being shown to them. And, this re-emphasizes the necessity to examine the Privacy Paradox in the Indian milieu in greater depth and nuance.
It needs to be noted that one of the very rudimentary premises of Competition law is built on the edifice of consumer welfare. Therefore, the need of the hour is to ponder over, first and foremost, if consumers really are opposed to the data & privacy policies of social media and messaging platforms, and if yes, then why, and what are their concerns? A follow-up to the preceding question is whether the consumer base is in favor of giving precedence to the “free” services provided by Big Tech in exchange for its use of the consumers’ personal data.
Secondly, and substantially, a pertinent question arises – should privacy solely be the metric that the CCI peruses for measuring competition in the social media & messaging market segment?
Unless such precursory issues are not delved in detail, and active stakeholder consultations are not undertaken, then any action by the CCI carries with it the risk of absolutely disregarding consumer preferences – which contravenes the very premise of Competition law.
IV. Concluding remarks
“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.” – David Brin. This aptly captures the irony which exists, whereby personal accountability is shoved into the oblivion, but demanding rights and privileges is always priority one. One must also be wary to not muddle the concerns of data-breach and security with that of data-sharing by an informed user, only on the premise that every bit of data shared is subject to eventual misuse.
The contrasting approaches of the Puttaswamy judgment & the CCI’s probe, distinct in the issues contended & the forums approached to seek relief from, are merged on their emphasis of keeping Consumer welfare first. As a constitutional truism, the actions of statutory bodies are regarded to be governed by the principles of equity and good conscience, keeping the interests of the general public at an elevated pedestal. However, if in the garb of welfare, ad lib actions are taken hastily, it can have a detrimental effect – the burden of which will be incurred by the Consumer.
Privacy is a sensitive issue, taking into account the voluminous communication over the Internet via a myriad of platforms on a daily basis. The need of the hour is to give due consideration to the opinion of the relevant stakeholders, including that of the consumer-base, and a conscious deliberation over the measures taken to regulate Big Tech in India with the view of promoting sustainable development. Additionally, consumers should be apprised of the importance of their data, thereby enabling them in taking informed decisions with regards to their personal data and privacy sharing.
In the end, all that we as consumers are left with is the wild wonder of what privacy is: A myth, a right, or a currency?
In context to whether the newly introduced IT Rules are in breach of the constitutional safeguards laid down in the Puttaswamy judgement, the answer is two-foldL: First, in its observation, the court made it abundantly clear that the fundamental right of privacy accorded to the citizens is not absolute and it is subject to reasonable restrictions by the state, which is expressly mentioned under Part III of the Indian Constitution corresponding to Fundamental Rights. The court opined that any exception made has to be for the interception of data by the state on the grounds of national security & public order and morality.