Published some time ago, Privacy 3.0 is three books thoughtfully packaged into one. However, not much has been written about it for a couple of reasons - the complex techno-legal nature of the topic and the raging controversies over data privacy issues, especially the 'large-scale misuse' of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, which ended up in the apex court. The Supreme Court has upheld the validity of the Act since but limited the scope of the biometric identity project to some extent. Besides, the government has identified several data loopholes and the Draft Personal Data Protection Bill will soon be tabled in Parliament to address data privacy, safety and security. Undoubtedly, this is the ideal time to peruse the book as the author combines his deep understanding of the concept and legal experience spanning more than two decades.
Rahul Matthan's work traverses the anthropological roots of privacy and its practical relevance in the digital-first era. It does not stop there, though, and offers a way forward to "unlocking our data-driven future". This future (Privacy 3.0), in the author's view, need not be as bleak as privacy activists seem to fear. But to protect privacy and still ensure free flow of data for individual and collective benefits, he suggests a new legal framework. This expressly disavows the current notice-and-choice model, where individuals seemingly consent to the collection and use of their personal information. The author's alternative framework is based on the principle of accountability that penalises data controllers for any privacy breach, although it does not require them to seek the consent of an individual before making use of the data. Adopting this system will address "the data asymmetry" that exists between companies/governments collecting and using such data and individuals whose personal data is used.
This is a provocative suggestion. If individuals must be protected from data breaches or use of their data for purposes other than what they think they have signed up for, companies need to be liable. However, dispensing with consent altogether (because of its practical failings) to achieve this goal may not be the right step. Consent forms may be unclear, lengthy and written in difficult-to-understand legalese. But there is always a potential solution to address these issues. For example, give every website/and app a privacy score for enabling users to understand how secure their data is or allow people to consent after watching a short video instead of expecting them to read a long form. Matthan may summarily dismiss it as it works within the consent paradigm, but this will at least force policymakers out of their stupor to come up with suitable solutions.
The author has worked with policymakers, and his experience feeds the part of the book (Privacy 2.0) dealing with policy debates around privacy in India and elsewhere. This is a terrific account of Indian realpolitik that characterises law-making in our country. The need for privacy, Matthan writes, was recognised early on by then UIDAI Chairman Nandan Nilekani who set the wheels in motion to implement the first-ever privacy law in India. But there were wheels within wheels, and the attempt to draft a privacy law ran aground very soon. This part of the book is as much an account of the balance that must be struck between privacy and other values necessary for a developing India as it is about India's opaque pre-legislative process.
Throughout the book, Matthan astutely balances the clamour for privacy with the need for efficiency. But his argument falls short when he tries to trace the roots of privacy (or its absence) in ancient societies. The writer dons the combined hats of an anthropologist, a philosopher and a historian and argues in the first part of the book (Privacy 1.0) that privacy is a construct, both born out of and threatened by technological development. The narrative is compelling, but the argument puts Matthan in a double bind. If his initial observation is right, privacy may not be considered a fundamental human right and, consequently, less critical than he assumes it to be. If privacy is essential, as he appears to treat it in the rest of the book, his account must be partially wrong in the beginning.
In pre-privacy societies, complex rules safeguarded individual privacy and dignity, although it was not so apparent. In the ancient Roman society, well-known for its communal toilets where men chatted while emptying their bowels, they wore togas which protected their privacy. To state that privacy is an unnatural development on the basis that older societies were fundamentally communal is a tad simplistic. Also, to assume that the growth of privacy was only a response following technology growth of various kinds over time means privacy is important only because technology is capable of revealing something which we would have liked to hide. This is more like Privacy 0.0, a retrograde view of privacy sceptics. Luckily, for Matthan and the readers, this is just a minor footnote in an otherwise breezy book that makes the philosophically slippery concept of privacy and the jargon-filled world of technology both accessible and understandable. In an otherwise shrill public discourse dominated by privacy advocates and their adversaries, this is a balanced book that deserves to be widely read.
The writer is Research Director, Vidhi Centre for Legal Policy; views are personal