Why Wikipedia is worried over provisions in Data Protection Bill

The Personal Data Protection Bill, which has since been referred to the Select Committee of the Parliament, has several gaps that need to be plugged. The experts have flagged concerns over issues relating to localisation of data, individual consent and penalising those breaching the privacy norms.

Wikimedia, a non-profit group that runs Wikipedia, is the latest to voice its fear over the adverse impact of the proposed provisions regarding setting up of a local India entity, filtering of content and the traceability requirements.

The General Counsel of Wikimedia Foundation Amanda Keton has written to the Union Minister for Information Technology Ravi Shankar Prasad, expressing concerns over the proposed changes to India’s intermediary liability rules — the rules that govern how websites with users in India host content on their platforms.

“The new changes may have serious impact on Wikipedia’s open editing model, create a significant financial burden for the non-profit technology organisations and have the potential to limit free expression rights for internet users across the country,” Wikimedia said in a statement.

Also read | Ambiguities haunt Personal Data Protection Bil

Following staunch opposition, the data protection bill was not tabled in the winter session of the Parliament. Instead, it was referred to the 20-member Select Committee, comprising ten members each from the Lok Sabha and Rajya Sabha. The panel is expected to submit its report before the end of the Budget session next year.

“The requirements in the Bill will hinder our mission to provide free access to knowledge in India, rather than support it. We remain concerned about requirements which encourage or necessitate automated filtering of user uploads, either explicitly or implicitly through short takedown times, and could severely disrupt the availability and reliability of Wikipedia,” the Foundation said in its letter to the Minister.

Unrealistic burden

The Data Protection Bill requires companies to set up local data entities in India.

“This will be an unrealistic burden. While it may be possible for larger companies to comply with local incorporation rules, it would be an unrealistic burden for a global non-profit with limited resources to comply with local incorporation requirements. Rules which require the removal of content or cooperation with law enforcement within short time periods could also prove impracticable without significant additional investments in either new employees or technology. We fear that such burdens will consume vital resources that would otherwise be directed to providing access to knowledge and reliable, neutral information to Indian citizens,” the letter said.

India is one of the largest markets for Wikipedia. This November, readers in India visited Wikipedia over 771 million times, the 5th highest number of views from any country in the world. Wikipedia is available in 23 languages spoken across India. The information that is included on Wikipedia is collected and curated by thousands of global volunteers who work together to make knowledge available for everyone.

Also read | WhatsApp Snoopgate: The Orwellian world is here and now

“The requirements to quickly and automatically remove content that may be illegal in one jurisdiction without meeting globally accepted human rights standards are also antithetical to Wikipedia’s global perspective and reach,” it argued.

Fulfilling mandatory content removal requirements from one country would leave problematic gaps in Wikipedia for the whole world, break apart highly context-specific encyclopedic articles, and prevent people from accessing information that may be legal in their country.

“Wikipedia’s broad reach and cross-cultural collaboration is integral to our goal of providing access to knowledge for everyone, and these requirements significantly hinder that goal,” the representation said.

The organisation also contended that imposing “traceability” requirements on online communication would be a serious threat to freedom of expression as it could interfere with the ability of Wikipedia contributors to freely participate in the project.

“An important feature of Wikipedia is that the website does not track its users. This is important for data protection reasons and readers’ and contributors’ autonomy alike. However, it is also crucial for the safety of Wikipedia contributors who contribute or moderate content on sensitive topics, or who contribute from regions where their personal safety could be at risk for editing Wikipedia. Requiring websites to track their users will discourage free communications and has the potential to even discourage legal economic activity on the internet, especially in countries where online censorship is prevalent,” it argued.

Key concerns

While the bill puts the onus on the data fiduciary (any entity processing personal data) to ensure that data is processed in a “fair and reasonable manner that respects the privacy of the individual”, it does not, however, specify any principles or guidelines for what constitutes a ‘fair and reasonable’ manner of personal data processing.  The experts warn that the absence of guidelines could allow fairness and reasonability standards to vary across fiduciaries processing similar types of data and it may be unreasonable to expect the companies to demonstrate compliance.

Apart from data localisation, the law enforcement access to data and weak oversight are the other key issues over which there are genuine apprehensions.