What were your main takeaways from your participation to the last annual meeting of the International Conference in Hong Kong?
The IDPPC conference is a unique event which through an annual conference brings the regulators tasked with implementing and forming data protection laws in their countries. It brings incredible expertise, sharing of insights, and builds a necessary dialogue to further engage with civil society and the global digital rights community. This realisation seemed to be increasingly felt by the attendees and I hope it is carried forward in subsequent editions. Much more substantively, it was fascinating to note a high level of similarity among the data protection frameworks of various jurisdictions who have adopted privacy principles from the OECD and are looking towards EU’s GDPR as a global code of best practices. While there are many disagreements on nuances, there seems to be broad consensus that the open internet and global data flows require an integrated, international approach to data protection.
How do you do you foresee the role of the International Conference in promoting privacy and data protection at international level?
Such a conference can play an anchoring role at the international level. While already many DPAs, through closed and open sessions, exchange on local challenges and regulatory responses, the presence of civil society can help bridge demands and bring greater understanding of a rights based framework for data protection. The Conference needs to develop diversity in its attendee profile to drive greater legitimacy in joint efforts at international harmonisation, through joint declarations and frameworks, which may with time take the form of treaty texts.
Can you tell us more about the ongoing news for the Internet Freedom Foundation and the most recent privacy and data protection developments in India?
The Internet Freedom Foundation is a digital rights advocacy organisation. We drive towards outcomes through strategies of public engagement, regulatory and litigation for user rights in India. We have over the past two years done considerable work on data protection and privacy organisationally, which include regular comments on draft regulations and public consultations. In order to facilitate and spur on civic action, we simplify and create explainers for our responses to these regulatory exercises. We have even approached the Courts on tenuous issues, such as the sharing of data between Whatsapp and Facebook at the Supreme Court of India, with a view to offer expert views through an intervention on a case seeking to create a right to be forgotten on public records. Much more recently, we have sent a legal notice to the Government on its plans to create a, “Social Media Communication Hub” which will survey and profile social media accounts of users in India. To us many of these problems arise from the absence of a user rights oriented data protection law in India. We have supported a community effort at putting forth a model citizen’s draft through the online campaign saveourprivacy.in.
According to you, what is the “next big thing” in the field of privacy and data protection?
The next big thing in privacy is the old last thing. It is a regulatory acknowledgment in India that innovation cannot be a blanket immunity from data protection laws. It is surveillance reform that brings a rule of law framework to the practices of intelligence organisations. It is holding large online platforms and compulsory biometric identification programs accountable and gauging their permissibility. While scholarship and expert commentary is progressing to fields of machine learning and artificial intelligence, many countries especially India have evaded their constitutional duties to even take care of the bare minimum.
Which word comes first to your mind if you think about privacy?
A sense of freedom, of autonomy, that makes me smile. It is a long walk, a short run, a gentle conversation with a friend, even an argument with my partner. All these experiences and my existence without a sense of a third eye watching over me, trying to actively manipulate my behaviour or putting me at risk. Privacy is about physical and mental freedom from an electronic leash. Privacy is about me being in control of my own life.