Shifting stakes of privacy

The government-corporate nexus to monetise data compromises our privacy

Photo by ev on Unsplash

Facebook’s future of privacy

Zuckerberg in a note published on March 7, 2019, gave a four-point agenda to the future of privacy on Facebook: (i)all the FB related activities will be made end-to-end encrypted. This will imply that no third-party including FB can have access to our messages sent via messenger. (ii) all the posts by default will be “ephemeral” and will get deleted automatically after a certain time unless specified otherwise. This is to eliminate the problem of permanence. (iii) Zuckerberg aims to provide choice to people and thus connect all the platforms he owns: Messenger (FB), WhatsApp and Direct (Instagram). This is called “interoperability” i.e., the ability to operate on interconnected platforms. (iv) secured data storage whereby FB will shift its servers from “countries that have a track record of violating human rights like privacy or freedom of expression”. The ultimate aim attached to this fourth limb is no storage of data as WhatsApp does. (It does not store any encryption keys)

Aadhar and the new offline verification seeking an entity

Meanwhile, in India, the Union Cabinet cleared the Aadhaar Ordinance and was signed by the President on March 2, 2019. The original Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016vide Section 57 allowed any “body corporate” to use Aadhaar for any purpose allowed by law. This acted as the gateway for private companies to access Aadhar information through KYC (Know Your Customer). Taking cognisance of the exploitative potential of such a law, the Supreme Court in Justice K.S. Puttaswamy (Retd.) and another v Union of India and others held this section as unconstitutional. The majority held that section 57 did not “pass the muster of proportionality doctrine” and was “susceptible to misuse.”The ordinance repeals Section 57 and brings in a new definition of the “Aadhaar ecosystem” under Section 2(aa). This ecosystem includes requesting entities and offline verification seeking entities, thus bringing in the body corporate back into the Aadhaar system. The definition of the offline verification seeking entity is vague and broad to include any legal personality in this domain:

Lawyer| Consulting Editor @|