These policies were intrusive and violated fundamental rights related to privacy. In Supreme Court’s 2018 judgement related to Right to Privacy, Justice Chandrachud had stated, “The right to privacy and the protection of sexual orientation lie at the core of the fundamental rights guaranteed by Articles 14, 15 and 21 of the Constitution.” By possibly blocking services if a customer did not accept the new policy, Airtel was violating its customers’ fundamental rights.
Netizens raised flags about this intrusive policy update on Twitter and Reddit. Yes, We Exist, an organization that raises awareness about LGBTQ+ rights, ran an online campaign called ‘Stop Snooping Airtel‘ on October 17. Several folx from the LGBTQ+ community raised their voice against Airtel and alerted journalists, lawyers and activists.
Airtel can now collect and share your personal information with third parties (a thread)
— Anandita🏳️🌈 (@devilsxblessing) October 17, 2020
Emails written to Airtel’s Privacy Officer bounced back. As the campaign gained pace, at around 5 pm on October 17th, Airtel responded to a Twitter user saying, “The policy mentions expansive definitions which may not be warranted & can be misconstrued. We’ll re-evaluate the Policy & make necessary amends. Customer privacy is paramount to us. We don’t collect customer info beyond what’s permissible by law.”
By 11 pm on October 17, Airtel reversed its Policy update and removed the terms: Sexual Orientation, Sex-life, Political, Religious and Philosophical beliefs, Health, Genetics, Biometrics, Race, Ethnicity, Trade Union membership, and Physiological data. Contrary to its previous response on Twitter, Airtel informed Gadgets 360 that this was an inadvertent error caused by using a generic template for the page.
Internet Freedom Foundation celebrated this change saying, “This signals a victory on how citizen voices can help secure privacy and bring accountability. Your voices, retweets and posts have an impact. Keep the faith!”
European Union’s General Data Protection Regulation (GDPR) does not allow processing of such sensitive personal data without obtaining explicit consent from users and without mentioning specific reasons for processing this data. Unfortunately, India lacks a strong data privacy law that can prevent companies like Airtel to obtain, process and share sensitive personal information.
Currently, the Personal Data Protection Bill, 2019 is being analysed by a Joint Parliamentary Committee in consultation with experts and stakeholders. However, as per Forbes India, the power that this bill grants the government, to access personal data is dangerous. Many believe that this bill would cause significant threats to the privacy of Indian citizens.