In earlier research, Kovacs and I (2020) identified six feminist principles to strengthen consent in data governance. An examination of the account aggregator (AA) ecosystem against these principles makes clear that the AA framework is a positive step towards addressing some of the key concerns regarding current consent regimes, for example where auditability and granularity are concerned. However, to fully meet the minimum requirements necessary to ensure meaningful consent, further modifications will be needed. In particular, it appears that the focus of the ecosystem currently is on ensuring that AAs are robust, but that it fails to address challenges relating to other stakeholders in the ecosystem.
More
In this exploratory study, I assess account aggregators (AA) in India, and the emerging ecosystem in which they are embedded, against the feminist principles of consent in the age of embodied data. While consent continues to be a cornerstone of ensuring autonomy across data protection regimes, research has nevertheless been critical of it. In an earlier study, Anja Kovacs and I (Kovacs & Jain, 2020) identified the current perception of data, i.e. as a resource, as one of the crucial problems plaguing existing consent regimes; instead, we demonstrated, data is increasingly functioning as an extension of, or even integral to our bodies. We then built on this reconceptualisation to draw parallels between feminist learnings around sexual consent and data protection, to delineate six feminist principles that need to be observed in data protection regimes for consent to be meaningful there (Kovacs & Jain, 2020). Meanwhile, technology-enabled consent frameworks, such as the account aggregator framework conceptualised and launched in India, aim to similarly address key criticisms of consent regimes today, to thus strengthen user consent and the autonomy of individuals. I examine in this research study how well the developing AA ecosystem in India is delivering on these claims in practice. Assessing it against each of the feminist principles of consent, I ask to what extent AAs align with the feminist principles, whether AAs are effective, and what the way forward is. As we will see, while AAs do mark a notable improvement over existing consent regimes in a number of ways, many weaknesses remain. All too often, this is because AAs are positioned as a silver bullet: changes in the broader landscape in which they are embedded, while crucial to their mission, remain absent. As long as this does not change, it will not be possible for AAs to do all the work that is currently expected from them.
More
Consent continues to be a crucial element of data protection regimes around the world. However, as a tool to promote and protect individuals’ autonomy, it has been diagnosed with numerable weaknesses. While there have been suggestions that it is therefore time to move away from consent altogether, we propose a different approach. Data protection regimes first need to reconceptualise the nature of data, by recognising the need to centre bodies in debates on data governance. Once the entanglement between bodies and data has been acknowledged, data governance regimes can, then, adopt feminist principles of consent that build on insights developed in numerous offline contexts and which allow us to imagine data relations that enable people to actually move closer to the ideal of meaningful consent. This policy brief was first published by the Data Governance Network.
More
While consent continues to be a crucial element of data protection regimes around the world, it has also been diagnosed with numerous weaknesses as a tool to promote and protect individuals’ autonomy. In this paper, we set out to learn from feminist theory around consent in general and feminist applied thinking around sexual consent in particular how consent regimes in data protection can be strengthened. We argue that such a journey will be promising because of the close entanglements between our bodies and our data. We particularly foreground feminist criticisms of the concept of “property in the person” to understand in more detail the profound harms that current data practices do to our personhood, as well as the ways in which consent is currently deployed to enable and even legitimise such practices, rather than challenge or reject them. Through close engagement with feminist thinking around consent, we then develop a list of feminist principles that will need to be followed if consent is to ever be meaningful in data governance. Finally, we outline three areas of change that the application of these principles immediately points to: changes related to the collection of data; changes related to the uses of data; and changes required to protect people who are especially vulnerable in particular. Making these shifts, we argue, is essential if we are to put into place a data infrastructure that is actually empowering for, rather than exploitative of people. This paper was first published by the Data Governance Network.
More
The Ministry of Electronics and Information Technology has invited public comments in its consultation on the Non-Personal Data Governance Framework Report. The report has been drafted by a committee of experts under the chairmanship of K. Gopalakrishnan. The committee prescribes for a framework to govern non personal data. It categorises non personal data into various categories and suggests mechanisms to reap maximum economic value from non personal data. On 13 September, the Internet Democracy Project made a submission to the consultation, highlighting fundamental concerns as well as making additional comments on ‘non personal data’ and some other concepts discussed in the report.
More
On 2 June 2020, the Ministry of Civil Aviation invited public comments for consultation on the draft Unmanned Aircraft System Rules, 2020, or in short the draft Drone Rules. On 3 July 2020, the Internet Democracy Project made a submission and recommendations to the consultation, to address the privacy, freedom of speech and discrimination concerns arising from the Rules, 2020, so that this technology can be used to benefit the society. You can read our full submission below.
More
The Ministry of Electronics and Information Technology invited public comments for consultation on the National Open Digital Ecosystems (NODE), White Paper. The paper proposes for a paradigm shift from earlier approaches to digital governance. It aims to build a citizen centric, interoperable and open digital ecosystem, in order to do that it presents certain principles and use cases. On 31 May, the Internet Democracy Project made a submission into the consultation, highlighting fundamental concerns as well as making additional comments on the NODE guiding principles against the backdrop of these concerns.
More
The paper proposes to change the approach to data and consent in the data governance régime. The authors Tripti Jain and Anja Kovacs reconceptualise the existing connotations of data by putting bodies back in the debates around consent and data governance. The paper recommends that the findings from feminist research can help in rethinking consent in data protection both at the individual and structural level. Listen to our researcher Tripti Jain explain it in detail.
More
Let us know if you have any feedback or comments, or would like to get a copy of the final paper once published.
As Aarogya Setu is becoming mandatory in a growing number of cases, it deserves to be asked: does the app ensure welfare for all – or not at all? In this column, we try to answer that question. We look in particular at the implications that the mandates pose on people’s lives and fundamental rights, especially on marginalised sections of the community. We also highlight the other concerns with the app: the issues of efficacy, potential tool for mass surveillance and exclusionary nature of the app. This opinion piece was originally published in The Quint, on 6 May 2020.
More
In a public consultation, the Joint Parliamentary Committee has sought comments on the Personal Data Protection Bill 2019. The Internet Democracy Project submitted its inputs on 25 February. We highlighted how the Bill has skewed the fiduciary relationship between the data fiduciary and data principal by favouring the data fiduciaries in several ways, thereby leaving data principals vulnerable to a range of privacy harms. You can read the full submission below.
More