People today are users, producers and consumers of data. This foregrounded the concerns on data commodification in the intersection of law and technology studies. The concern is further amplified by the state-like behaviour by corporations who exercise control on this data. The author here discusses how state and corporations in the arena of data transform citizens from ‘subjects’ to ‘objects’, and laws role in this process.
In this globalised and virtualised world, a new world order of data imperialism is in the works.
The Srikrishna Committee observed that in jurisdictions like the European Union, the rights of the individual in whose name data flows is placed secondarily to the rights of the companies that deal with such data. So, the individual is referred to as the – ‘data subject’ as opposed to the Committee’s ‘data principal’ – the equivalent of a virtual citizen.
It’s no conspiracy that we are a part of a kind of a ‘deep state’ – an ultra state – wherein imperialism has been superimposed on inter-connected nation-states. An imperial power blind to fundamental rights, governed by a data oligarchy. A corporation state. And we barely have the option to not choose its services, or to opt out. As the Indian Supreme Court observed “Only the most committed – and perhaps civilly committable hermit can live without a telephone, without a bank account, without mail”. It is thus questionable if we are virtual citizens.
“A corporation state. And we barely have the option to not choose its services, or to opt out. “
Notably, a mere change of terminology from ‘data subject’ to ‘data principal’ would not give any agency or control to the individual. The all-encompassing sweep of exemption under Section 35 of the Personal Data Protection Bill, 2019 is a sign of the times and it heralds that.
Surveillance under the Personal Data Protection Bill, 2019
We are moving to times when everybody would be surveilled, not just the criminal–but the criminal in us. According to Section 2(20) of the Bill, any restriction placed on speech, movement or any other action arising out of a fear of being observed or surveilled constitutes harm. Under section 2(38), ‘significant harm’ means harm having an aggravated effect.
For example, the use of an Automated Facial Recognition System (AFRS) to nab individuals and store their criminal records might cause significant harm to them. According to the Bill, the consent of a person must be obtained to use or collect facial information which might result in causing ‘significant harm’ to such person.
“This would mean that a person can be digitally recorded, visually, by means of a hand-held camera, a drone, or a CCTV without that person’s consent.”
But Section 12(b) enables the Parliament or State Legislature to pass a law due to which the consent of a person to collect/use their sensitive data would not be required. This might have the doubling effect of first invading their right to privacy, and second, restricting their right to move, speak freely, or protest the surveillant measures through other ways.
This would mean that a person can be digitally recorded, visually, by means of a hand-held camera, a drone, or a CCTV without that person’s consent. Their speech could be restricted, the person could be put in prison and they could be stopped from assembling against surveillant measures, all on the basis of a law that allows these surveillant measures such as facial recognition technology.
It is important to note here that the Bill does not bar ‘reasonable’ surveillance, as ‘harm’ has also been defined as unreasonable surveillance, and thus reasonable surveillance may not cause harm and may be permitted. Rather, under Section 14(2)(a), there could be legitimate surveillant activity in the name of ‘prevention and detection of any unlawful activity’. This would also pass the test of ‘colourable legislation’. Therefore, as long as such surveillance is defined as ‘reasonable’ by the Legislature or interpreted as such by the Courts, the possibility of harm cannot vitiate the surveillance.
“The law can, thus, barely regulate the flow of the inevitable objectification of the subject and the personification of the state – the corporation state.”
As per section 2(20)(x), the surveillance would however have to be reasonably expected by the individual. As per all but one judge in the Aadhaar case, facial identification is not intrusive of privacy, and is thus reasonably surveillant. As per J. Ashok Bhushan, a reasonable expectation of privacy applies to facial identification, and thus it would have to pass the 3-fold test laid down in Puttaswamy . As per J D.Y. Chandrachud, a reasonable expectation would lie between the individual’s right to privacy and the community’s right to public order. Thus, the State can, in the name of public order, surveil its subjects without even exempting itself from the Bill.
The law can, thus, barely regulate the flow of the inevitable objectification of the subject and the personification of the state – the corporation state.
Post Humanism and the datafication of the subject
Due to increasingly complex institutions and methods for surveillance, what we have is an assemblage of surveillance as this ‘corporation state’ has endless information about us through the free flow of data that occurs at the expense of treating data as an intrinsic good and economising it. Such a ‘surveillant assemblage’ leads to the creation of data doubles which are our ‘digital doubles’, our virtual alter egos, combined by mining data points on us and inferring data from our behaviour.
These data doubles are approximated by our number of followers, our likes – thus creating a digital you. And there can be countless number of you’s. On Facebook, you’re You1, on Twitter You2, on YouTube You3. Thus, rendering the endless number of objects of the data subject. Though, in the near future, these You’s might be integrated to create a single data object – a single you. Effectively helping us transition from data subjects to data objects.
“We become the data”
What this effectively does is, render us as consumers, and help in building our consumer profiles. And our social relations transform into data relations. We generate in terms of data, we trade in terms of data, everything is in terms of exchange of data. We become the data.
For those who wish to go back, it’s too late. We were using these services before we could realise their repercussions. However, for the sake of discussion, can one go back? Does one truly have a right to be forgotten? As people become objects, deleting these digital trails left behind by these objects would render them amnesiac and would not be in their best interest.
If one does wish to still delete their trails – the most interesting conundrum would thus be that of ownership of this data. Who owns this data, the corporation state or the individual?
An answer, which has been reiterated by others, could be – no one can own data. The problem can be paraphrased as a question – Can you pit form against substance? Suppose you have created data, but you share it through their medium, then who owns this packet of data? The substance is yours, but the form is theirs. It is not a yes or no, or a true or false, or a 0 or 1 question. The two coexist, and one doesn’t precede the other.
The subject thus transitions into the object, while the corporation state facilitates this inevitable process. While the idea of the ‘data principal’ model, one which is ‘citizen centric’ is novel, it is outdated and only exists in a utopian world where history stands inverted, and we are no longer subjects of the data oligarchy. Because the colonised spirits reject autonomy, and want to be repressed and controlled by the oligarchs. They wish to be surveilled – but gently. As said by Esposito, to gently transition from a person to a thing, and keep up with the times.
(The author is a final year student at RGNUL, Punjab. Views expressed are personal.)