Private Goes Public

900
Impacting Elections: Private goes public

Above: Photo by Bhavana Gaur

Despite the Supreme Court upholding the right to privacy as a fundamental right, the ground reality is that the data of millions of Indians on social media is at risk and could be used to impact polls

~By Pavan Duggal

Even as there are reports of Cambridge Analytica and its parent company, SCL Group, impacting election campaigns in various parts of the globe, including Donald Trump’s 2016 poll, its impact is being felt widely in India where it targeted many political parties.

With the internet becoming the biggest gamechanger in our lives, the cyber world can be used for a variety of purposes. Cambridge Analytica’s revelations about its links with political parties in India and mobile app wars have brought to the forefront the need for people to be aware of the legal, policy and regulatory ramifications of using social media.

Social media has become a mainstay in our lives and represents a fertile platform for us to communicate with each other, apart from showcasing our thoughts, opinions, emotions and perspectives. And that is why India needs to ensure that the use of social media is managed with care and diligence, ensuring privacy of its users.

In the cut-throat world of politics, social media can be used to manipulate voting and electoral profiling. This has been done in the US and has been documented. Given the fact that India is the biggest democracy in the world, there is no reason why elections too are not targeted and even impacted by social media engagement.

Impacting Elections: Private goes publicClearly, at a time when India is thoroughly ill-prepared to deal with cyber security breaches and given the fact that it lacks a dedicated law on cyber security, it is high time we realised that social media is a fertile ground for misuse. It can be used to not just colour people’s opinions, perceptions and perspectives but to impact the final outcome of elections.

Many elections are on the anvil, including the crucial 2019 general election. Imagine the power vested in various State and non-State actors who can successfully manipulate the results of these polls and ride on the crest of huge popularity. If these actors have the power to tamper with the biggest democracy in the world, it can open new vistas for cyber criminals and cyber terrorists. So India needs to understand its cyber legal inadequacies and inefficiencies.

The biggest defect is that India does not have a dedicated legal framework to govern mobile applications or social media. Mobiles are aptly, under the ambit of the term “communication device”, under the Information Technology (IT) Act, 2000. However, regulating the affairs of mo-bile application service providers has not been defined or adequately dealt with under Indian cyber law.

It is correct that social media apps or mobile app service providers are intermediaries under the IT Act, 2000, and consequently, all intermediaries are mandated to exercise due diligence while discharging their obligations under the law. However, the specific parameters of due diligence have not been specifically defined under this Act. The Act does not deal with specific issues pertaining to social media either.  This was despite the fact that amendments in 2008 to this Act had come at a time when social media had not only arrived but was quite prevalent.

Further, all aspects pertaining to activities on social media have not been adequately covered under the prevailing law. India also does not have a law on cyber security which can stipulate and elaborate the roles, duties and responsibilities of various stakeholders in the context of protecting and preserving cyber security in the social media ecosystem. The absence of a dedicated data protection law in India has further complicated matters.

This assumes more significance given that today, every mobile application is going to access any data that is on a user’s device. This could include information, photos, audios and videos. It depends from app to app as to what is the specific focus of the data they want and the reasons for which they are seeking permission from users.

Our world is a data economy world. Today, every social media service provider is interested in a user not as a person but as a data entity who is constantly generating, broadcasting and transmitting data. Service providers consequently use data generated from users for various purposes like targeting them with specific messages. Data has a multifold purpose not just for profiling users, but also for bombarding them with various kinds of services, perspectives, opinions and content which could help them make decisions pertaining to their day-to-day affairs.

In this scenario, it becomes all the more necessary for more stringent measures to be taken to protect and preserve a user’s privacy and data. Despite the Supreme Court upholding the right to privacy as a fundamental right, the ground reality is that India has till date failed to come up with dedicated legislation on protecting and preserving privacy.

It, thus, becomes all the more important to have norms of acceptable behaviour on social media. Users need to take control over the kind of information they share on it. There is a need for regulating social media engagement to ensure that it does not get misused for voting and electoral profiling purposes. Further, India needs to ensure that misuse of social media should not impact the sovereignty, security and integrity of India.

In order to protect the data of its users and their privacy, India needs to revisit its existing stand on intermediary liability and make service providers liable for unauthorised access to and use of third party data. It needs to ensure that the data of Indians is not sent to locations outside India and misused. All eyes are now on the government. It will be interesting to see what specific approach it adopts to combat these emerging cyberspace and social media challenges. After all, no one wants India’s physical and cyber sovereignty to be under threat.

—The author is an advocate in the Supreme Court and an authority on cyber law and cyber security law