As technology continues to advance, will Indian regulators take user privacy more seriously?
From internet activists to lawmakers, this is a question that is in the vanguard of regulating technologies. This space is also very dynamic; new technologies are so pervasive and capture the public imagination much before the regulator plays catch-up.
Can the core principles behind traditional concepts of privacy — like the right to be left alone, the right to have a private life, or to have confidential communications — hold their heft with advancements in technology? While privacy is a constitutionally protected right in India, we do not yet have legal safeguards against the misuse of personal data. What we have is a longstanding Personal Data Protection Bill, 2019 tabled in the Lok Sabha, which is yet to be notified as law.
There are grave repercussions to framing new regulations to govern technologies without ensuring that user data is adequately protected. Personal data is collected, used, processed, analyzed, shared, transferred, copied, and stored by companies at an extraordinary speed and volume than ever before. Data dominance is one of the key drivers to monopolization and abuse of dominance by firms. Similarly, governments are also expanding their data collection capabilities evincing mass surveillance fears. In 2001, Justice Antonin Scalia of the United States Supreme Court in his opinion, on a case of enforcement agencies using advanced technology for surveillance into a suspected marijuana grower’s house, commented that “The question we confront today is what limits there are upon this power of technology to shrink the realm of guaranteed privacy.”
In India, drones are the latest entrants into the debate on privacy harms caused by new technologies. The use of drones by law enforcement agencies during the anti-Citizenship Amendment Act protests and the recent Farmer’s protest has raised the same old concern on the use of technology for mass surveillance.
Also, India’s drone regulations have been accused of paying lip service to the issue of privacy. Draft drone guidelines that were released in 2016 and 2017 had no place for necessary and urgent issues like privacy, safety concerns, or legal liabilities. The 2018 regulations, commonly referred to as Drone Regulations 1.0, took a more progressive stand in the light of previous criticisms. The regulations required operators of drones to be “liable to ensure that privacy norms of any entity are not compromised in any manner”. This guidance was provided without any safeguards to prevent data breaches.
On 12th March 2021, the Civil Aviation Ministry released new guidelines (Unmanned Aircraft System Rules 2021) to regulate drones in India. One would have hoped to see the issue of user privacy discussed in detail in this document, but it turns out that we must, as a practice, prepare ourselves to be disappointed. These regulations, much in sync with their former selves, only pay lip service to the issue of privacy and data protection.
The rules, while mentioning the role and responsibilities of an operator, also mention that drones should fly “ensuring the privacy of a person and its property during operation”. Therefore, the entire onus of protecting individual privacy is on the drone operator, without any procedural safeguards to deal with situations when there is a breach of user data. What happens when the company that stores data from these drones also captures and processes user data for its own independent purposes? What about user consent from people who come under the line of sight of drones and may get recorded in its drive? Such essential privacy questions do not find any place in the latest guidelines.
Moreover, drones have been used by law enforcement agencies for surveillance several times in the past. The new guidelines, by allowing the exemption to security agencies for drone use in the name of “national security” and “interest of the security of India”, only support this trend. These aren’t new terms. They can be found across many other laws and guidelines in India, even including the recent guidelines to regulate social media intermediaries and digital news services. What does “interests of national security” mean in the context of drone usage?
Drone-like technologies are a one-way street. Unlike traditional consent infrastructures, an individual neither has any control over the operation of these devices nor has a say in their deployment. Also, there is very limited user education with regard to these devices. Privacy harms can exponentially multiply without a sound data protection framework. From development to deployment to data collection and monitoring, it is crucial that regulations support embedding privacy as a default feature in every step of the drone architecture. Businesses and governments must also educate users about drones, and the reasons for their deployment.
Drones have helped solve some extraordinary problems during national disasters and COVID-19 in India, delivering immense public value. How we use and regulate new technologies must be compliant with the spirit of democracy. The current drone regulations fall short of addressing remedies to privacy harms; there is an immediate need to review these regulations to implement privacy-by-design practices including data minimization and transparency requirements in the current regulatory architecture.
Abhishek Chakravarty is an Assistant Professor of Law at Sai University in Chennai and Faculty at Daksha Fellowship. His research interests lie in environmental law, and also technology regulation. He writes regularly for the Indian Express, Down to Earth, the Wire, the Jurist and several other portals.
Archana Sivasubramanian works at Centre for Policy Research, New Delhi. She is also Area Editor, Algorithmic Governance for Cambridge University Press’s Data and Policy Journal. Her research focuses on state capacity and technology regulation.
Suggested citation: Abhishek Chakravarty and Archana Sivasubramanian, The Privacy Question in India’s Drone Regulation, JURIST – Academic Commentary, April 14, 2020, https://www.jurist.org/commentary/2021/04/chakravarty-sivasubramanian-privacy-drone/.
This article was prepared for publication by Vishwajeet Deshmukh, a JURIST staff editor. Please direct any questions or comments to him at firstname.lastname@example.org.