The Law Tries To Catch Up With Tech

AT HIS TESTIMONY before the U.S. Congress, Facebook CEO Mark Zuckerberg spoke about the upcoming elections in India. “2018 is an incredibly important year for elections not just with the U.S. midterms, but around the world. There are important elections in India, in Brazil, in Mexico, in Pakistan, and in Hungary,” he said. “We want to make sure we do everything we can to protect the integrity of those elections.”

But is Zuckerberg’s assurance enough? Can Facebook truly ensure that there is no meddling in India’s general elections; political consulting firm Cambridge Analytica is accused of harvesting Facebook data of millions of people, and targeting them with ads designed to influence the Brexit referendum and the U.S. presidential election?

Instead, shouldn’t India proactively strengthen its data privacy laws?

India’s existing regulation on data protection—the Information Technology (IT) Act, 2000—in its original form, experts say, did not explicitly protect data. And even subsequent amendments were “retrofitting of the law”, says Sunil Abraham, executive director of the Centre for Internet & Society, a Bengaluru-based research and advocacy firm.

One amendment, Section 43-A, makes a “body corporate” possessing, dealing or handling any sensitive personal data or information liable to pay damages if it has been negligent in implementing and maintaining reasonable security practices, and thereby causing “wrongful loss or wrongful gain” to any person. The other amendment, Section 72-A, provides a criminal remedy—imprisonment of up to three years or a fine of up to Rs 5 lakh or both—for disclosure of personal information in breach of lawful contract.