There’s a tug of war going between social networking giants and the Indian government over who will control user data, while this plays out the privacy of users is being compromised

Information, read data, is power. And with the advent and spread of social networking sites, particularly in the last decade, there has been wholesale destruction of privacy. There’s always someone watching, can decipher users’ psychological traits, habit patterns that will help design better business strategies–targeted advertisement is just one of the many uses. 

They play with us, make us see what we want to see, there are real-time rewards and punishments, algorithmic recommendation tools, and engineered social comparison. With subliminal cues and psychological microtargeting they have got so much on us that it’s not funny—it’s in fact scary. It’s hundreds of billions of dollars worth of surveillance empire that taps into every aspect of our life. 

There are apps designed to limit this penetration—like the ‘App Tracking Transparency’ notification on iPhone—it checks and limits tracking across applications and across devices. What it doesn’t stop doing is collecting data within its own application—it has the ability to collect information about the behaviour, activities, even thoughts and feelings. Facebook, Twitter, WhatsApp, Instagram and a host of such platforms have amassed an unprecedented amount of human-generated data—they can affect a change in the polity, society, and general attitude of people to what they wear, how they think, what they aspire for. 

Privacy is the core issue—between people, social networking sites, and the government—who’s going to control the data!  

For example, on January 4, WhatsApp announced its new privacy policy guidelines, which would allow WhatsApp to share users’ information with its parent company, Facebook. Users had to agree by February 8—by when the new policy was to come into effect—or else they would have to quit WhatsApp. This has been done in India and various other countries in the less developed world, which do not have stringent  IT rules. For this reason, the new privacy policy—which was thrust upon the users by WhatsApp—-wouldn’t be applicable in Europe because they have a strong data protection law in place there. 

General Data Protection Regulation, to be precise, is the law on data protection and privacy in the European Union and the European Economic Area—the law gives users the right to opt-out of the privacy policy, they don’t have to abide by the new terms of service.

This is a bit of an issue for Roger M, 29, a British national, who’s residing in Delhi. This tall lanky fellow, sports scraggly goatee on his conical face, is very particular about the privacy issues to the extent that he’s not a user of Twitter or Facebook.  

“I use WhatsApp to communicate with my family and friends in a secure fashion. Now they want my private conversations, pictures and videos to be shared with their parent company Facebook. This is not acceptable. I stayed away from Twitter and Facebook for privacy concerns. You can’t undo your past on the internet. My personal information will help strangers run businesses, make money. Had I been living in Europe (lived in Berlin for 7 years before coming to Delhi), I could have gotten away.” 

He’s quit WhatsApp, “it’s a breach of trust and understanding with which I had signed up.” He says that the privacy laws in India are weak—and “I have reasons to believe most of it is unenforceable, there’s no effective deterrent to even identity theft.”

The Ministry of Electronics and Information Technology (Meity), called WhatsApp’s new policy “invasive” with the objective of deciphering “precise inferences about users” of WhatsApp and other Facebook-owned companies. 

In an affidavit to the Delhi High Court, the Meity opposed the move by WhatsApp, referring to the Supreme Court ruling that accorded government the responsibility ensure a “regime on data protection and privacy” in a way that would “limit the ability of entities” –in this case, WhatsApp—to issue “privacy policies which do not align with appropriate standards of security and data protection.” Meity pointed out that many of the top social networking platforms don’t specify the type of sensitive data they are collecting, the purpose for which it’s been collected, without the user having the choice to withdraw consent on data sharing retrospectively. Most importantly, there’s no guarantee in place for non-disclosure by third parties.

Not just for such companies, data is crucial for shaping public perception, disseminating information, multimedia—videos and voice messages—to create a certain political climate conducive for some, and disadvantageous for others, can so easily change the outcome of elections. It’s imperative, for privacy concerns, also political reasons that the government has some leverage over these social networking sites.  

There was a big hue and cry when the government issued the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (or the Intermediary Rules) that will substantially alter the way the internet will be experienced in India. This requires the social media intermediaries to appoint a chief compliance officer, a nodal contact person and a resident grievance officer—and all of them have to be Indian residents. They will facilitate monitoring of harmful content, tracking down the first originator of mischief, and the voluntary verification of users. In addition, the messaging services are mandated to enable identification of the first originator of the information, if required by a court order or an order of the government under Section 69 of the IT Act.

A few weeks ago, the same WhatsApp that changed the rules of the game for the advantage of its parent company, sued the government of India challenging the new IT rules that require to trace down the “first originator” of a message—the objection being that it will compromise the end-to-end encryption, exposing the identities of senders, and, in the process, compromise the security of its 400 million-plus users in India.

Twitter was concerned for the security of its staff in India, after a police visit to its headquarters in the NCR, after the micro-blogging site marked the posts by the BJP leaders as “manipulated media”—hinting it was forged content. Congress party opposed the proposed action of the government against Twitter. It became global news—ripples of it were felt in the US. It’s a matter of fact that recently the government directed the shut down of over 1,000 accounts under section 69A of the IT Act that were critical of government policies or actions. Also, India leads in the number of internet network shutdowns to deal with law and order problems.  

Amongst many, ten international non-profit organizations — Access Now, ARTICLE 19, the Association for Progressive Communications, the Committee to Protect Journalists, Derechos Digitales, the Electronic Frontier Foundation, Human Rights Watch, Mnemonic, Reporters Without Borders, and WITNESS —opposed the government’s action in an open letter. “It is alarming that censoring the internet user base of the world’s largest democracy and curtailing the rights of individuals to free speech and liberty online is increasingly becoming a policy priority for the Government of India,” said Raman Jit Singh Chima, Asia Pacific Policy Director at Access Now, he was critical of the new legal measure introduced to restrict securely sharing information online. 

No one wants to lose control of this great human-generated data pool—neither the social networking companies nor the government. Data is a treasure. “In this tug of war, the privacy rights of billions of the users are compromised,” says Roger M.