Consent is not the key to privacy protection

Supreme Court of India recently passed a judgement making privacy citizens' fundamental right.


The Supreme Court has set the tone on the momentous question of the citizens’ fundamental right to privacy with its judgment on the K.S. Puttaswamy case. As we grasp the details and the contours of the right, we are also acutely aware of the speed with which society is being changed by digital technology. The rush to “cashless India”, the spread of smartphones throughout society increasing the extent to which we are tracked, profiled, aggregated and predicted by the networks that used to just ring the telephone numbers we dialed are just two examples. Whatever “privacy” used to mean, it is clear to all of us, as it was to the justices in the Supreme Court that the problems collected under that rubric are changing very rapidly.

There is a forest of details to consider, in the aftermath of the Supreme Court’s ruling. But no matter what happens in future, we continue to move rapidly towards Digital India, towards the “India Stack” and all the other panoply of “amazing new services” that startups wish to roll out for, or over, us. Unless we have our basic concepts right, we will be faced with new facts on the ground, indeed with whole new social realities, before we are ready to understand their consequences or make wise social policy about them. The most important conceptual mistake we are currently being urged to make is the belief that privacy is only about “consent”.

Twentieth-century surveillance was conducted only by governments, against criminals or political adversaries. They used tools such as wiretapping for listening to particular telephone conversations. Twenty-first century surveillance is conducted by businesses as well as governments. They now use “lifetapping” – the ability to collect massive amounts of data on the locations, movements, wishes, thoughts, activities, and habits of entire populations.

Lifetapping leads to “data-mining”, the recognition of large-scale patterns in human behavior that allow the prediction of individual human desires and actions. Businesses use these outputs to sell advertising. Governing regimes, like the Chinese Communist Party, explicitly intend to use those results to eliminate political disagreement, to extinguish the very ideas of democracy, and the rule of law through perfect political repression.

In this new technological context, the data flows that define the distribution of power in society are not bilateral, not about a series of individual transactions. They are all interrelated. Each block of information we give away about ourselves also changes what is known about our family members, our friends, our neighbors – people we are “like” in all sorts of predictable and unexpected ways. Those likes, comments and emojis, all tell a story. ALSO READ: Apple iPhone X Face ID feature raises concerns around privacy and surveillance

When each of our individual actions affects the wellbeing of everyone else, we use “environmental law”, not “transactional law” to regulate and govern in the interests of society. In environmental law, consent is *not* – as in areas like contracts and commercial regulation, finance, or medical treatment – the standard of compliance with the rules. In environmental law, we set overall social standards of care, and everyone must follow them.

You can’t consent to having your children breathe dirtier air, or drink dirtier water, than the environmental laws of developed society allow. We don’t allow contracting around environmental standards, because no individual can foresee, understand, or consent to all the consequences that follow, not only for him but for everyone else, from degrading the environment. None of us are safe, that is, unless all of us are.

Parties who want to make a profit, or slice off some of our political liberties, find it convenient to talk about “consent” as the heart of data democracy. They want us to believe that a “consent layer”, which is really nothing more than a checkbox on a form, somehow magically resolves all issues of privacy in digital India. They want us to believe that environmental standards protecting us against lifetapping by foreign corporates, or an over-powerful State, or local data entrepreneurs are unnecessary, even harmful. It will be better for us to let the local players handle our data because, “Digital Colonialism” is a dangerous path. But data-miners are like other miners – when they come to you with a story about how everyone will be better off if you just sign here at the bottom of the form, their hurry to get your consent means that you’re being asked to do a deal way better for them than it is for you. We should not be making such a deal.

Privacy, which is thankfully no longer an elitist concept, will not be protected by a mechanism of individual “consent”, but needs “environmental standards of cleanliness and safety that applies to everyone equally”. Otherwise, we will simply be pushing the environmental disaster presently sweeping the West and bringing it to India with an Indian face. What we need today, as we needed it seventy years ago, is no rule of the Anglo-English consensus but the correct principles that apply to all parties alike. That will be true digital independence.

Eben Moglen is Professor of Law and Legal History at Columbia Law School in the city of New York and Founder President of the Software Freedom Law Center.

Mishi Choudhary is the Legal Director and President of

  • Published Date: September 21, 2017 4:05 PM IST