While we in India is still procrastinating on the introduction of a law for protecting information privacy, the world seems to be moving ahead into legislating for “Mental Privacy”.
The “Information Privacy” as defined by the Puttaswamy judgement refers to the right of a person to exercise his choice about how his personal information may be collected, used or disclosed by a third party.
Puttaswamy judgement recognizes that “Privacy” is a state of mind and much more than “Right to Spatial Privacy”. But technology developments are opening up new challenges on defining the boundaries of “Privacy”.
While I am not discussing the boundaries from the perspective of how much privacy intrusion should be allowed to Government or Law Enforcement or even Commercial interests, it is time to look at the more basic level of how technology may be threatening the very basics of “Freedom of Thought”.
Firstly, let us look at medical implants which sit inside our body, and watch how our heart is beating or blood sugar is changing etc. Is this “Privacy Invasion”? …of the exempted category where there is a need to protect life, and there is an explicit consent?
If the implant device owning company like it does in the case of all IoT devices, retain an ability to collect data, store it, analyze it and make money out of such analysis, is there a concern about potential misuse of personal data, possible crimes which may extend to causing death of the individual etc.?
When sports medics analysed the bowling action of Muttiah Muralidharan, were they intruding on his privacy and to gather evidence which could be incriminating against Mr Muralidharan himself?
…are issues that we are already aware of.
The wearable devices like the smart watches and the Alexa kind of “Always listening” devices also pose substantial privacy risks in the normal sense though “Explicit Consents” could be used to manage them.
In the next level, we are getting into the era of Meta Verse with Virtual presence where the potential for privacy invasion causing mental disturbance is extremely high.
Over and above these developments, the questions now coming up are the “Neuro Intrusions” where probes collect brain wave emissions and collect the subject’s thoughts. Probably in the coming days, the same probes may be capable of sending in messages to alter the brain perceptions and make people hallucinate more realistically than ever before.
Does our present legal system address “Brain Hacking”? is a question we need to ask ourselves.
ITA 2000 attributes an action of a computer to its owner. This has effectively extended the Act to the field of Artificial Intelligence. The definition of “unauthorized access” is however limited to “Computer Devices”.
A Computer is defined in ITA 2000 as
” any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;”
While the legislative intent has to be limited to treating the devices that we today recognize as Computers, Mobiles and other binary processing devices , this definition is difficult to be extended to the “System” of “Human Brain” though the neuro system also consists of data storage, data transmission, data sensors, data input and output periherals etc. similar to the computer system we know of.
In India, our Supreme Court can assume any kind of power whether written in the constitution or not and this argument has been used in the Puttaswamy judgement by one of the judges (Justice Chelameswar). Hence the Supreme Court has the power to read down the section 2(i) to interpret that the definition of a computer system includes the human brain since it also receives and emits electro magnetic impulses.
Every end point of a nerve is like a pixel in a computing device and has an experience which is communicated by the neurons. The software inside the human brain interprets the experience as “Sight” if it comes from the eye or “Sound” if it comes from the ears and “Touch” if it comes from the skin, “Smell” if it comes from the nose and “Taste” if it comes from the tongue and so on. There are APIs inside our body with specific instructions on how to interpret different sensory perceptions.
We may therefore consider that there is a need to discuss whether the interpretation of “Computer” has to be limited to the “Devices” or should be extended to human brain also. If so, our current law, either the ITA 2000 or the upcoming DPA 2021 can be used also to interpret Mental Privacy as the west is trying to interpret.
We may need more discussions on this subject and we shall continue our discussions in due course.