Here’s a policy essay I wrote a couple of years ago about the privacy law

Towards a Technological Rule of Law

Law and Policy  · 

With the growing emphasis on Rule of Law accompanied by a consistent fall of India’s rankings in the Rule of Law index,1 one aspect becomes abundantly clear – that lawmaking can no longer occur in a manner divorced from the realities of implementation.

The fields of privacy and cyber laws in India are notoriously marred by implementational hurdles; be it in the form of filing criminal cases under the struck down Section 66A of the IT Act, 2000,2 or the misuse of Aadhar verification as a mandatory procedure in blatant disregard to statutory provisions governing the same. Even more concerning is the wide ambit that breaches of privacy occur within, which demand a continual appraisal of citizens fundamental rights to have privacy breached only by proportionate measures. While this is not entirely plausible in all cases, it reflects on both, the lack of institutional sensitisation in the governmental bodies that put into effect such measures, as well as the lack of dialogic public consultation when it comes to engaging in lawmaking.

What is required then is to firstly, identify measures to ensure that privacy breaches by the state are controlled at their point of origin, rather than challenging them through advocacy or litigation after the breaching regime has ostensibly passed departmental or parliamentary scrutiny. This would firstly entail the sensitisation of government departments which have the power to enact rules or frame procedures that would breach privacy to any degree. As the state is made up only of officials exercising their discretion in the perspective of positivist jurisprudence, building their capacities to enact such rules or frame procedures legitimately rather than illegitimately would go a long way in ensuring compliance with the superintending rules, namely fundamental rights. This can be done through public private partnerships, building long-standing relationships, and moreover, forming a comprehensive policy recommendation that covers the dissemination and content of rulemaking or procedure formulating.

Hence, this policy recommendation also hinges on the principles of parliamentary conventions which lay the groundwork for publicisation of draft rules and procedures for public consultation in all cases, along with the building of a multimodal communication apparatus for conveying these changes. Thus, identifying all the multimedia channels through which communication of the impacts of changes in procedures or rules will take place helps. These will have to be accompanied by a focus on digital literacy and the impacts of any change in rule or procedure on stakeholders in different social locations – caste and gender minorities, disabled persons, and rural citizens for instance. Additionally, building public information in this manner will by building capacity and enabling feedback, potentially challenge opaque, often indeterminable technological mechanisms that deal with citizens’ biometric data3. However, the foremost aim of this policy recommendation is and shall continue to be identification of ways in which the state’s powers are not abused in implementing the Rule of Law, for instance in the context of Digital Personal Data Protection – a regime that will exist otherwise only in name.

  1. “WJP Rule of Law Index 2023 Global Press Release” World Justice Project. October 25, 2023. https://worldjusticeproject.org/news/wjp-rule-law-index-2023-global-press-release
  2. Anushka Jain, “66A Zombies continue to menace Free Speech on the Internet #ZombieTracker” Internet Freedom Foundation. April 28, 2020. https://internetfreedom.in/66a-zombies-continue-to-menace-free-speech-on-the-internet/
  3. Shobhana Nair, “Aadhaar-linked pay becomes mandatory for MGNREGS workers” The Hindu. December 31, 2023. https://www.thehindu.com/news/national/new-year-new-rule-for-mgnrega-workers/article67692863.ece