By Palak Rastogi
The emergence of technology across various sectors of the economy is a sign of the nation's progress and growth. But if someone were to question us, the "common man," about the effects of our increased use of technology and our participation in digital activities. The answer revolves around the fact that the lives of individuals have become easier with technological changes but at the same time they also raise grave privacy concerns, particularly about the personal information/data that is accessible on digital platforms and social media apps like Instagram and WhatsApp. To tackle and address these major grievances, the European Union (EU), which is actively developing machine learning platforms and artificial intelligence (AI) bots, realized that innovation and data protection law needed to be balanced. Previously, the General Data Protection Regulation, 2016 (GDPR) adopted by the EU parliament which serves as a comprehensive regulation governing the protection of personal data, addresses a broad spectrum of data protection issues but lacks in providing specific guidance tailored to electronic communication services. The most recent, well-known, and significant case is the Facebook-Cambridge Analytica scandal, which had an impact on users by obtaining their personal information without their consent. This case demonstrates the gaps in the GDPR legislation and the weaknesses in data protection procedures. Even though there is a legal framework in place to protect personal data, it is crucial for businesses to continue being vigilant and to recognise the need for specific guidance ensuring transparency and informed consent as they navigate the complex world of data protection and privacy.
So, for the aforementioned reasons the European Data Protection Board (EDPB) introduced the ePrivacy Guidelines, 2023 which supplements the GDPR to provide a purposive interpretation of Article 5(3) which is still open to public consultation for a period of six weeks till 28 December, 2023 and especially targeting the inputs, feedback and insights from the companies engaged in digital activities who encounter such challenges on day to day basis.
Implication of newly drafted guidelines
So, when we think of privacy guidelines, the first component that comes to our mind are the ‘cookies’ and the ‘terms and conditions’ that one must accept before accessing a website, However, the current guidelines are so wide-ranging that they attempt to address every facet of a discussion that takes place between two people via electronic means. For instance- in the upcoming time even the emails that a sender and a recipient exchange would be covered under these guidelines as per provision 5(3), It would be regarded as passive access because, generally speaking, it is assumed that, when you compose an email and send it, a configured file containing your contact information is also sent, and that file is stored and kept on the recipient's device without your explicit consent. Therefore, under these guidelines, the act of sending and receiving an email could become illegal because you would need the sender's proper and explicit consent to have that information on your device.
So, the major concerns expected to be raised in this regard would be about its practical application in the contemporary digital world as these broad and impractical guidelines attempt to cover all the information that is transferred through IP addresses and even the information that is retained on hard drives or RAM. This raises serious concerns because, as the general public understands it, the primary function of a hard drive or even a RAM is to store and retain information. However, the EU has tried to cover the information stored temporarily on these devices also under its ambit and states that gaining access and storing information on these devices would be illegal if done without consent, which when practically thought about defeats the ultimate purpose of these devices.
Conclusion
Considering these simple instances of email and hard drive that are currently covered under this ambit, the businesses who are actively involved in digital activities must utilize the public consultation process to the fullest and put forth their opinions and concerns regarding the same, as once these guidelines become obligatory- then even though they only have a single website or they just advertise online or you merely use certain tracking technological tools to get information about the popularity of your business still they would be bound by various compliances under the broadened guidelines. Getting involved in the commentary process would help businesses to stay up to date with the developed regulatory framework as currently when looked at from a business perspective these guidelines are very disproportionate as they do not keep in mind the needs of business owners or even the general citizens. Further, as has been observed there is a lot of talk about the notion of consent, so by commenting on these guidelines, the businesses must make sure that the process and procedure for obtaining consent is provided to them for each subject matter which is currently lacking. If the businesses participate in these commentary and consultation processes, then it would provide them with a competitive advantage as they would be able to influence the board and the regulations according to their needs to help balance privacy and innovation as these two pillars go hand-in-hand.
To conclude, it can be said that these guidelines were indeed a welcoming step in the digitally evolving era which tried to address the ambiguity and vagueness that were inherent in the GDPR Act and tried to provide specific guidance on electronic communication and data protection. However, these guidelines are still broad as they stand against the basic interests of the businesses which is why it is of utmost importance for businesses to participate in this process and provide their feedback regarding the same.
The author of this article is Palak Rastogi, a third-year BALLB student SVKM NMIMS School of Law, Navi Mumbai.
This article contains the view of the author and the publisher in no way associates with the views or ideologies of the author. All the moral rights vests with the Author(s).
Comments