David vs Goliath

A Battle against the Demise of Privacy

P Arun

In 2013, 28-year-old an Irish law student named Max Schrems filed a law suit against Facebook Ireland Ltd headquartered in Dublin (a subsidiary of Facebook Inc). The charges were serious such as the validity of data use policy under the European Union privacy law, aiding the NSA to run the ‘PRISM’ surveillance programme, illegal big data analytics, illegal data sharing, and much more. Unlike the data protection law around the world, in Europe, it is very different with regard to personal information, due to their stringent Data Protection laws. However, in 2000, Safe Harbor framework was designed to content the European Union and the American companies endorsed this scheme to provide an adequate privacy protection; however in their forthcoming years it turned-out as core tension among them. On October 6, 2015, in Schrems I (Max Schrems v Irish Data Protection Commissioner), the Court of Justice of the European Union invalidated the data transfers under the Safe Harbor arrangement. After that decision Schrems filed second suit (Irish Data Protection Commissioner v Facebook and Max Schrems) to the Irish Data Protection Authority, to determine whether the “standard contractual clauses decisions are conflictual under the EU Charter of Fundamental Rights.’’ The lawsuit was turned as a class action and it is still under process, where the judgment has been reserved. However, this case exposed the dangers of the trans-border flow of personal information and its degree of abysmal privacy violations.

In another case Kyle Zak from United States on 18 April, 2017 filed a complaint against a leading company in electronic products and audio equipment, Bose Corporation for privacy violation. As their wireless headphones is tracking music, podcasts and other audio they listen, and trading this information without their permission. This also turned out as a class action complaint (Kyle Zak v BOSE CORP), where Bose Corporation is charged for secretly collecting, transmitting, and disclosing its customers’ private music and audio selections to third parties, including a data mining company. Although trial is still going to occur, however it highlights the ubiquitous data transfer techniques by the business organisations to generate economic value out of data.

The concluding case originates from India. Unlike other countries with strong data protection laws, India is still lingering privacyless due to the absence of an overarching privacy legislation,  even though there  are few scattered data protection laws which are merely superfluous. Aftermath of WhatsApp acquisition by Facebook in 2014, there was a major change in the terms and privacy policy of WhatsApp in August 2016, as it declared that the data would be shared to enhance the experience and market their services. For which two law students, Karmanya Singh Sareen and Shreya Seth filed Public Interest Litigation in Delhi High Court for illegally sharing of their data and breach of their trust and confidentiality. For which the court directed erasure of the stored data of the WhatsApp users till September 25, 2016. However, Karmanya Singh Sareen and Anr vs Union of India, 2016 decision created an artificial distinction between pre-deletion data and post-deletion usage of data. Now it has been referred to apex Court as the larger constitutional Bench will decide whether the right to privacy is an inherent constitutional right and also regarding the status of post-deletion usage WhatsApp data.

Inhabiting in this age of Information brings out an unprecedented amount of challenges to the personal information which is being collected,stored and processed by businesses and organisations. Here the privacy is not merely about data, but it also involves meta-data which is being illegally shared with the third party. It also involves the trans-border flow of data without notice and consent, which frequently tramples the principle of purpose limitation and also the breach of trust and confidentiality. A leading expert in privacy law, Daniel Solove in his book, The Digital Person: Technology and Privacy in the Information Age, contends that protecting privacy in the information age is a question of social design, which involves the designing an architecture for the information networks that are increasingly constitutive of modern society, where the law must restructure citizens' relationships with the entities collecting and using their personal information.

Though the final judgements are yet to be delivered, those above-mentioned cases cutting across the nations would be remembered in the history of battle to protect privacy from being trounced. While in this battle of David vs Goliath, where David is not comfortable sharing his information openly.

Vol. 49, No.45, May 14 - 20, 2017