With more time spent online than ever before, and digital transactions, leaving their digital footprints, becoming increasingly de rigueur, concerns regarding data privacy are legitimate and genuine. Thus the demand for regulating the digital domain by privacy laws or data protection legislations, or both.
In 2016, the Cambridge Analytica incident exposed a non-commercial concern — the ability of big data to influence voter preference. As a result, British and EU data protection legislations included provisions for ‘electoral processes’ and aspects of political party functioning. With this backdrop, the Personal Data Protection Bill 2019 is being assessed from the perspective of balancing the right to privacy with the growth of digital economy in India.
Largely overlooked is the link between big data, national security, democracy and free and fair elections. The Bill mentions that the action of a social media intermediary (like Facebook or Twitter) having had or, likely to have a ‘significant impact on electoral democracy, security of the State, public order or the sovereignty and integrity of India’ is ground to designate the intermediary as a ‘significant data fiduciary’. This escalates its responsibilities and consequences of default.
India’s election management bodies (EMBs) — Election Commission of India (ECI) and State ECs — are increasingly reliant on IT. Existing electoral compliance filters are designed to capture use of data from the perspective of hidden costing or election financing concerns, and fake or biased news or campaigns. This surveillance is triggered with the imposition of the model code of conduct (MCC).
The scope of digital injury is immense. Digital platforms can target large numbers, not just during elections but over the long term, by chipping away the credibility of core electoral processes and technologies including electronic voting machines (EVMs). Such threats can be addressed by the proposed Data Protection Authority of India (DPAI).
DPAI’s forensic capabilities will enable EMBs to have a heads-up on the threats of undue influences in the digital domain and neutralise it. To enable this, the time bracket of EMBs’ compliance powers — currently coterminous with notification of the election — needs to be changed.
The inclusion of a new threshold, ‘electoral democracy,’ in the Private Data Protection Bill creates an intersection between DPAI, EMBs and law enforcement agencies that will require harmonious coordination. The Bill envisages ‘concurrent jurisdictions’ and mandates DPAI to ‘consult such authority or regulator before taking such action’. While EMBs may not be specifically covered in the Bill, the provision provides an opportunity to revisit these electoral bodies’ own understanding of their remit in the big data domain.
In India, electoral wrongdoings are either ‘electoral offences’ and ‘offences related to election’, or ‘corrupt practices’ that are processed within ECI. For EMBs, the big data domain brings new dimensions of wrongful conduct that may or may not be at the behest of any contesting candidate or political party. EMBs should be able to leverage DPAI’s considerable penal powers, and enhance the cumulative enforcement space in the electoral landscape.
The threat of misuse of the members’ data of a political party, or their theft from social media intermediaries to influence outcomes is real. ‘Electoral democracy’ is not defined in the Bill, and does not find mention in election laws under Articles 324 to 329 of the Constitution and the Representation of Peoples Act 1950 and 1951. With the Supreme Court viewing free and fair elections as a subset of ‘electoral democracy’, the Bill goes beyond individual election steps and processes. So, emerging threats from the big data domain can be countered by EMBs without waiting for formal amendments.
