Shape of things to come-16: Should Neuro Rights be recognized in India?

(Continued from the previous article)

P.S: This series of articles is an attempt to place some issues before the Government of India which promises to bring a new Data Protection Law that is futuristic, comprehensive and Perfect. 


Naavi has been discussing some aspects of Neuro Rights which are also presented through the website www.neurorights.in.

Neuro Rights are an extension of “Privacy Rights “as defined by the current generation of Privacy Activists. The Puttaswamy judgement referred to “Information Privacy” as an extension of the “Right of Privacy” to the information world. This translated into the PDPB 2018/2019 etc.  The core definition of the “Right to Privacy” is however the “Right to be left alone” and is a mental state of an individual which is dynamic and inconsistent, but nevertheless is a Right. It can only be exercised by the individual by stating what is his “Choice” for collection and processing of his personally identifiable data.

Neuro technology however could change the “Free Will” or the “Choice of an individual” because it establishes direct contact with the electro-magnetic emissions that emanate from the human brain as a result of the Electro Chemical changes induced in the neurons.

This therefore requires to be recognized as a threat to the Right to Privacy by interfering with the exercise of “Right to Choice of an individual”.

In the proposals so far discussed under this series, we have suggested inclusion of a definition of “Neuro Privacy” and “Neuro Data”. The suggested definitions are as follows.

  • “Neuro Privacy” means the choice of an individual to determine to what extent the individual may share his neuro space with others
  • “Neuro Data” means the electromagnetic signals that are collected from or fed into the human brain by a Brain Computer Interface in binary form.

The principles of “Informed Consent” applies to Neuro Privacy also. However, Neuro Data could be considered as “Super Sensitive Data” and consent may be made effective only on the confirmation of independent witnesses like what a Brain Surgeon would do before undertaking brain surgery.

Consent for “Anaesthesia” (particularly total anaesthesia as different from local anaesthesia) which interferes with the nerve functions and is used in all major surgeries should be considered as an issue of neuro privacy and subjected to this form of special third party witnessed consent.

This requires a modification of the definition of “Consent” to include three types of consent namely

“General Consent” : For multiple usage scenario including deemed consent

“Explicit Consent”: For specific usage and identifiable consent linked to the purpose.

“Witnessed Consent”: For special usage scenarios with a third party confirmation of consent.

All three forms of consent should be legally enforceable.

GDPR defines consent under article 4(11) as follows:

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

The current definition of “Consent” under Section 11 (2) of PDPB 2019 is

The consent of the data principal shall not be valid, unless such consent is—

(a) free, having regard to whether it complies with the standard specified under section 14 of the Indian Contract Act, 1872;(9 of 1872.)
(b) informed, having regard to whether the data principal has been provided with the information required under section 7;
(c)specific, having regard to whether the data principal can determine the scope of consent in respect of the purpose of processing;
(d) clear, having regard to whether it is indicated through an affirmative action that is meaningful in a given context; and
(e) capable of being withdrawn, having regard to whether the ease of such withdrawal is comparable to the ease with which consent may be given.

Explicit Consent is defined under PDPB 2019 as

 the consent of the data principal in respect of processing of any sensitive personal data shall be explicitly obtained

(a) after informing him the purpose of, or operation in, processing which is likely to cause significant harm to the data principal;
(b) in clear terms without recourse to inference to be drawn either from conduct or context; and
(c) after giving him the choice of separately consenting to the purposes of operations in the use of different categories of sensitive personal data relevant to processing.

Now it is necessary to add an additional sub clause to define “Witnessed Consent” and could be on the following lines.

Consent shall be obtained with witness of  two independent witnesses who are considered responsible to the interests of the individual where the purpose of consent includes a situation where the withdrawal of consent is disabled by the nature of processing.

IDPS 2022 is set to discuss this aspect. Be there to participate and contribute.

Naavi


P.S: These discussions are presently for a debate and is a work in progress awaiting more inputs for further refinement. It is understood that the Government may already have a draft and may completely ignore all these recommendations. However, it is considered that these suggestions will assist in the development of “Jurisprudence” in the field of Data Governance in India and hence these discussions will continue until the Government releases its own version for further debate. Other professionals who are interested in participating in this exercise and particularly the Research and Academic organizations are invited to participate. Since this exercise is too complex to institutionalize, it is being presented at this stage as only the thoughts of Naavi.  Views expressed here may be considered as personal views of Naavi and not that of FDPPI or any other organization that Naavi may be associated with. 

  1. Introduction
2. Preamble 3.Regulators
4. Chapterization 5. Privacy Definition 6. Clarifications-Binary
7. Clarifications-Privacy 8. Definitions-Data 9. Definitions-Roles
10. Exemptions-Privacy 11. Advertising 12. Dropping of Central Regulatory authority
13. Regulation of Monetization of Data  14. Automated means .. 15.Prevention of Data Laundering-Policybazaar data breach

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.