Editorial: Health and data must both be protected

According to him,” People tend to trust the state more. And they also see themselves as a collective; individualism is far less pronounced.” This is particularly true of India, where questions concerning data protection/ privacy of individuals have been raised time and again. Right from the time Aadhaar was mandated, to the recent collection of data via the Aarogya Setu app, the government is actively collecting public data without as much as even the basic assurance that the data will not be used for any other purpose apart from contact tracing to tackle the coronavirus outbreak.

Recently Kerala, which was lauded for the manner in which it flattened the corona curve, is on the backfoot after allegations emerged that the privacy of as many as 1.75 lakh quarantined citizens in the state has been compromised by the Kerala government’s act of tying up with a US-based SaaS (software as a service) firm called Sprinklr. Entrusted with the collation and handling of medical records of these citizens, Sprinklr allegedly carried out the process without the consent of the individuals. While the Kerala government has gone on to defend itself asserting that the personal data of citizens is safe with the administration, it brings up a point worth pondering. Should citizens be willing to accept a trade-off in privacy to comply with the government? What exactly is at risk here?

Identity fraud for starters. With so much personal data lying in one repository, it will become easy to either use or exploit the data to track or identify people without their consent and beyond legal provisions. This leads to a bigger issue that is fairly rampant in more developed countries, where individuals can be tracked and monitored with official authorisation. The trade-off in privacy might not seem like a major perspective shift of sorts in India that still does not have a data privacy law that can protect people’s personal data. However, there is little doubt that lack of a framework for consent from the individual and unregulated access control can give the government a level of control that can potentially threaten civil liberty and democracy.

The Personal Data Protection Bill, which is currently being debated in the Parliament, intends to change that. It will govern the manner in which personal data of Indian citizens is used by the government, law enforcement and companies. It is imperative that the Bill — a first attempt of sorts at securing the data of individuals — sees the light of the day, especially when considered in the backdrop of how citizens’ details would be used in the battle against COVID-19. Going forth, data privacy and health protection should not be posed as an either/or choice, as far as Indians are concerned.