The Personal Data Protection Bill is designed to fall between the laissez faire approach of US law and the much stricter regimen of the General Data Protection Regulation in force in the European Union, striking a balance between the imperatives of privacy and security. It includes features which have entered the legal lexicon only recently, like the right to be forgotten, and is a much-needed stepping stone towards a mature digital economy and society. But there is concern because a provision appears to compromise the security of personal data, instead of securing it.
This is the proposal of voluntary verification, which is designed to make social media companies more responsible, and make fake news easier to deal with, by marking apart unverified accounts for closer scrutiny. However, the efficacy of this strategy is questionable. Twitter already has such a verification service, with vetted accounts visibly ticked blue. But it seems to have had limited impact on fake news, since verified accounts also spread it, and the trolls just carry on regardless. For marginal gain, therefore, users would be handing over their personal details to social media companies, the biggest of which, Facebook, has not been a trustworthy fiduciary of public data internationally.
It may also be recalled that one of the legitimate objections to Aadhaar was the handling of personal data by private contractors, who collected it outside the government silo. Besides, out of ignorance or callousness, the maintainers of government websites repeatedly exposed Aadhaar data to the internet. Now, if verification is made a feature of social media in India, the possibility of companies leaking data must again cause concern.
Besides, there is no guarantee that companies would not use the data internally to profile users more accurately than they do already. Just adding an address and a phone number to the dataset of an individual’s movements on a city map would bring in a new depth of meaning. In which case the bill, intended to secure privacy, would achieve precisely the opposite.
The need felt by the government, and by citizens who had suffered harm from misinformation or malicious communications on social media, was that traffic across platforms must not be so anonymous as to be untraceable. It is only specific posts which cross the line and cause public harm that need to be traced home. All bona fide users should not have to disclose their personal details to make that possible.