Hate Speech Or Data Privacy, Tech Platforms Cannot Set Their Own Rules

Last week, Paytm CEO Vijay Shekhar Sharma raised a huge stink after Google temporarily removed the Paytm app from its Play Store for allegedly violating its anti-gambling rules.

In an interview to The Economic Times (21 September), he has promised to fight the good fight against Google till it reaches a logical conclusion, since features like scratch cards and cashbacks are available even on Google Pay, a Paytm competitor.

Sharma said: “This is a concern for every regulator in this country and for the government because our app is not a gambling app. I feel agitated to the level that it won’t stop today or tomorrow, this fight will go long.”

A few weeks ago, there was a political ruckus over whether Facebook India was favouring Bharatiya Janata Party (BJP) politicians by not acting against their “hate speech” posts. Facebook says it has an independent oversight board which is supposed to guard the right to free expression without compromising the goal of deterring hate speech.

How it is going to do this when hate speech has not been properly defined either in the Indian or global context is anybody’s guess. Effectively, hate speech is going to be defined subjectively by the global tech majors who have been asked to police so much content on their platforms.

While Facebook has denied any kind of political tilt, the real issue is something else: is Facebook following the law of the land, or its own rules in this matter?

The same question needs to be asked of Google and its anti-gambling rules, which it seems to have imposed selectively on Paytm. Ditto for other social media platforms like Twitter, Instagram, WhatsApp, or even email companies, which again involves Google.

A Swarajya contributor, V Anantha Nageswaran, had a nasty experience when he tried to reply to a group mail that offered a link to a Times of India columnist’s latest article, but Nageswaran’s rebuttals did not go to them, till the columnist himself enabled it.

So, even in mail, we have censorship rules set by a global tech major. Never mind that Gmail reads all your mail, and even offers helpful suggestions on how to respond to them.

Some time ago, the same global tech majors (ie, Google, Facebook, et al) raised a furore when the Reserve Bank of India decided that our customer data should be kept in India (the so-called data localisation policy). This writer has always believed that data sovereignty rests with the country in which the data is collected, and cannot be housed in jurisdictions where Indian law cannot reach, or reach effectively.

Many tech commentators objected to this idea, since the Internet is about free flow of information, and mandating localisation would not only interfere with this freedom but also push up costs since data would need to be housed in multiple locations.

But now, after the European Union has effectively mandated the same thing – enforcement of its own data standards on EU citizens’ data housed elsewhere – the case against data localisation is effectively dead.

In a recent case involving Maximillian Schrems against Facebook Ireland, the European Court of Justice junked the US-EU Privacy Shield because US law did not protect the privacy of EU citizens as well as its own laws. The court held that even when data sent outside the EU is covered under standard contractual clauses (SCCs), but if these SCCs cannot be effectively implemented in those jurisdictions, then too the data would need to come back to the EU.

Rahul Matthan, who writes a column in Mint, confesses that he feels a “bit foolish” for fighting against data localisation and free information flows across borders because “there is (now) not much difference between a law that requires all data to be processed within the territorial jurisdiction of your country and one that only allows you to transfer data (only) if it satisfies conditions that no other country really wants to meet.”

Quite.

India now needs to move quickly to ensure the following:

One, it must implement the data localisation order without hesitation. A country that cannot allow its own laws to govern its citizens’ data is not sovereign at all. One can revisit the idea once there is effective and democratic global governance rules in place, but right now that is nowhere in sight.

Two, laws on hate speech and censorship, currently governed by arbitrary definitions and rules provided by the tech giants themselves, especially the social media majors, need to be regulated by national laws. In particular, the algorithms that determine what content can be allowed or not allowed need to be transparent and offered for public scrutiny.

Three, tech platforms need tighter regulation since they can effectively compete with their own customers, which can lead to conflicts of interest. This is what makes Sharma of Paytm see red, for Google competes with Paytm. While tech majors need not be barred from competing with their customers – that would also be anti-customer – they cannot be allowed to use their clout to deter competitors.

Four, neither of the above laws will work if India does not clearly strengthen its own privacy laws. Private data has to stay private, unless authorised by court orders and/or an independent panel that should include ex-judges and customer advocates.

Some joint secretary or government-appointed official cannot be tasked with deciding when an individual’s private data can be shared with law enforcement officials when major crimes are involved.