More than a fortnight has passed since the 21-day lockdown was enforced in the country to arrest the spread of Covid-19. By and large, people have followed the "stay at home" appeals and many have also inured themselves to a work from home (WFH) life. Information communication tools have been the enabler of this massive digital presence, and while it has been a facilitator, the share of privacy violations and fake news spread has been also witnessed on a large scale.
Ever since the news of around 3,000 people attending the Tablighi Jamaat congregation in Delhi's Nizamuddin Markaz in mid-March 2020 surfaced, social media platforms have been full of lists identifying individuals who purportedly attended the meeting. Many of the attendees were reportedly infected, and a few deaths have been registered from among them.
Many of the districts across the 20 states from where these attendees came, prepared lists detailing their names, addresses and phone numbers. A few other lists were also doing the rounds, with the names of many other people who might have been in the area around those dates, based on cell phone-tower details. The administration and police stepped up to identify, test and quarantine all these attendees. The congregation took place at a time when such gatherings were prohibited under the Delhi Epidemic Diseases Covid-19 Regulations, 2020, under the Epidemic Diseases Act (1897). It has now become a major health and security concern and the law enforcement agencies are dealing with it.
Lists of those who purportedly attended the Tablighi Jamaat congregation in Delhi has been circulating on social media, violating the privacy of individuals. (Photo: Reuters)
However, many individuals have been posting these lists - of these attendees and those identified in the vicinity - across social media platforms, without realising the legal violation of the privacy of these individuals. These lists are being shared more widely on especially WhatsApp. Most of these lists are prepared by authorities, and many even have signatures of police officials. Rather than stay classified, these lists find their way to social media through frivolous leaks and rampant forwards.
Along with these leaked lists, rumours are also being circulated about names of individuals, their health conditions and many other personal details. In the excitement to break the news and live the thrill of appearing all-knowing, many people are not only breaking laws, but also seriously endangering the safety and security of many on these lists in a charged situation like this.
Though the Supreme Court declared privacy a fundamental right in August 2017, the respect for an individual’s privacy is yet to pick up in many quarters across the country. The Personal Data Protection Bill 2019 (PDPB) has already been introduced in the Parliament, in December 2019, and is likely to be taken up in the monsoon session. Since then, the effort has been to legalise many aspects of the privacy framework.
Further, the rules under the Information Technology Act 2008 (IT Act) that were notified in April 2011, clearly define ‘sensitive personal information’ and prevent such information from being posted online and protect the individual’s privacy. The PDPB also defines sensitive personal information almost similarly, and also goes further to define critical personal data, and protection for their usage is laid out clearly.
Despite such laws and rules around privacy having been around for quite some time, the privacy regime has still not set in in the digital community. This is partly because a large section of people are unaware and indifferent to laws. Moreover, many official orders and notes now flow unchecked on social media because of individuals circulating photos and screenshots of the same. In the process, they violate the service rules and prevailing laws.
Action taken against such violations would at least serve as a deterrent. Further, it is imperative to train and sensitise the government officials and police personnel on privacy issues with case studies and scenarios on a much wider scale. Social media intermediaries also need to step up and conduct regular awareness campaigns for users as defined in the rules under Section 79 of the IT Act.
In the current situation, which has emanated out of Covid-19 outbreak, another form of privacy violation has been observed. Medical prescriptions of suspected individuals are posted and forwarded on social media platforms. Be it the lady who tested positive and was the first case in the Northeast region, or the four-year-old child from Assam — in both cases, prescriptions were widely shared on social media. Again, many of these prescriptions come to social media from the healthcare institutes and the well-educated community there.
In August 2018, the Ministry of Health and Family Welfare released a draft ‘charter of patient rights’ which had factored in the privacy of medical records of patients. However, this was never notified and the effort to pass the legislation — the Digital Information Security in Healthcare Act (DISHA) — was subsumed under the PDPB.
Many Work From Home employees have also been raising the issue of digital surveillance by their employers. This is ostensibly to keep a check on their activities on an almost minute-by-minute basis. The mobile device management (MDM) and other softwares, which come inbuilt in smartphones and laptops, enable such tracking on a regular basis. Privacy violations happen in many such cases.
With the practice of respecting privacy still very poor in the country, there needs to be a fostered approach by the government along with mass awareness drives to involve citizens. Needless to say, the Nizamuddin congregation instilled fear among many, but circulating those lists are equally fearful.
The Supreme Court has also asked the Centre to closely monitor social media networks against posts that violate the law, and the same has been communicated to the state governments. The law enforcement now needs to do their job, responsibly and without leaks.