PrivacyofThePeoplePDPBData ProtectionAgriStackAgriculture

#PrivacyOfThePeople - Agristack and Farmers’ Issues

In the second post in our #PrivacyOfThePeople series, we discuss the issue of farmer rights under the Personal Data Protection Bill, 2019 with respect to aggressive digitization by governmental initiatives. Who really benefits from Agristack systems and how does a loss of privacy affect farmers?

Rohin Garg
Rohin Garg

30 June, 2021
8 min read

Tl;dr

In the second post in our #PrivacyOfThePeople series, we discuss the issue of farmer rights under the Personal Data Protection Bill, 2019 with respect to aggressive digitization by governmental initiatives. We specifically examine this through the recent Consultation Paper on IDEA by the Department of Agriculture, Cooperation, and Family Welfare. Who really benefits from Agristack systems and how does a loss of privacy affect farmers?

Background

Last week, in the first post in our new #PrivacyOfThePeople series, we used recent protests by ASHA workers to look at larger issues with worker surveillance under the Personal Data Protection Bill, 2019. The growing number of intrusive systems only undermine the fundamental right to privacy, and negatively impact free speech and worker unionization. Privacy cannot be compromised in the name of “efficiency”.

This series continues to discuss the very concrete problems that different groups will face after the implementation of the Personal Data Protection Bill, 2019, and so, for this week, we decided to look at an issue that is generating a lot of discussion at present: the rights of the farmers of India. Our engagement with agriculture in India has taken place mostly through the Agristack, a proposed project for implementing digital agriculture systems across India (to better understand what the Agristack really is, please see our public explainer on the issue). We have written a joint letter with 55 other organizations to the Ministry of Agriculture highlighting our concerns with the project. We have also analyzed the various MoUs signed by the Ministry regarding a pilot for the Agristack (see here and here). In this post, we will be taking a closer look at some of the issues with the Agristack project, and how the provisions of the Personal Data Protection Bill may exacerbate such problems.

The issue

The recently published Consultation Paper on IDEA-India Digital Ecosystem of Agriculture by the Department of Agriculture, Cooperation, and Family Welfare proposed a digital architecture for the agricultural industry. This is a new addition to the rapidly developing Agristack in India. The Agristack is a collection of technologies and digital databases proposed by the Central Government focussing on India’s farmers and the agricultural sector. The central government has claimed that these new databases are being built to primarily tackle issues such as poor access to credit and wastage in the agricultural supply chain. It is important to understand why there is such keen interest in agricultural data.

Big Data” can be defined as “a collection of data from traditional and digital sources inside and outside your company that represents a source for ongoing discovery and analysis”. The agricultural industry stands on the front line with other industries in the Big Data revolution. In agriculture, tremendous leaps in data acquisition equipment on everything from tractors to granaries coupled with instantaneous and continuous transmission of that data through cellular modems create a dataset soon to rival that of any industry. Yet, with the increased generation of agricultural data arises the concerns of data collection and usage.

Here are some of the broader issues with Agristack so far:

  1. Implementation before consultation: As can be seen through the signing of MoUs with several IT corporations, it is alarming that without adequate consultations, MEITY has stated that the blueprint for Agristack is already in the advanced stage. While the agriculture sector would indeed benefit from the use of technology to aid both production and marketing, doing so in a manner that excludes the main intended beneficiaries may end up exacerbating existing problems.
  2. Lack of representation: A clear lack of any consultation with farmers and a lack of representation in the task force. While private companies are being consulted, there has been insufficient to none engagement with the leading agricultural organizations and unions in India.
  3. Loss of privacy: The proposed framework for Agristack does indeed face serious questions related to privacy. Farms generate a huge amount of data in their daily operations, and so are fertile ground for agritech and fintech firms. As has been seen before, this would lead to “banks and insurance companies [knowing] more about the incomes and businesses of farms than the individual farmers themselves”.
  4. No consent: A lack of farmers’ consent. Any system that uses a person’s data must have that person as a stakeholder in that system’s decision-making and governance process. Despite the fact that the Personal Data Protection Bill, 2019 mandates consent in processing personal data, farmers have not been informed or even involved in the conversation.
  5. No protection: The paper states that it aims to “(l)ay down clear policies specific to the agriculture domain that enable and regulate the sharing of data, in conformance with the applicable data protection regulations” but currently we do not have any such data protection regulations in place. Moreover, the current Bill does not protect non-personal data. However, MoUs signed with private companies like Amazon & Patanjali give them access to a lot of information, with no farmers' consent or security for pertinent data on their lands, income, loans, etc.
  6. Inscrutable nature of the paper: The paper is daily ambiguous. Buzzwords such as “AI” and “ML” have been used without stating where exactly artificial intelligence models would be used. It has been reiterated that farmers would be economically benefited without explaining how. It is also unclear who owns IDEA. Furthermore, there are no grievance redressal mechanisms nor is it made clear what happens to farmers outside this system.

Overall, the IDEA paper and the proposed Agristack seem to benefit the government and private corporations more than the farmers. Agricultural data is being collected without the consent or consultation of farmers themselves, for the benefit of private agencies. In the absence of a data protection law, the consequent loss of privacy can negatively impact farmers in the following ways:

  • Financial lending models relying on technology towards farmers may offer extortionary rates for those in dire need.
  • Given the incomplete nature of land title records, farmers may also be exploited by land grabs by large agribusinesses.
  • Algorithm-based decision-making may further reduce the agency of farmers if and when AI-based decision-making becomes widespread, possibly impacting on legal rights.

The PDP Bill and Farmers’ Rights

The Personal Data Protection Bill, 2019 (PDP) has no specific provisions for agricultural data. Thus, the treatment of agricultural data would depend on how it gets classified. Certain farm data may be classified as non-personal data. Non-personal data is not protected under the Bill, and is instead to be dealt with under a separate non-personal data governance framework. As we have written earlier, the currently proposed framework is quite lax and allows gross violations of user consent by providing entities the opportunity to exploit large datasets without much oversight. Thus, it is likely that non-personal agricultural data will be exploited.

However, we already know that significant amounts of personal data will be processed under the Agristack framework (this was reiterated in the MoUs as well). Thus, we must also consider the future of agricultural data through this lens. Here, two main issues exist:

  1. Potential lack of consent: The Agristack is being rolled out under the aegis of the Ministry of Agriculture and Farmers’ Welfare. The Ministry also has plans to integrate the platform with several agriculture schemes being implemented by the government. Thus, under clause 12 of the Bill, which allows personal data to be processed without consent for the performance of a State function, farmers’ data may be harvested.  Were this data to remain with the government, this may not have been as pressing an issue. However, given the proposed scale of integration in the Agristack, it is likely that private entities will also be able to easily access these datasets (especially if access to services becomes contingent upon the provision of said data). Clause 14, which allows the non-consensual processing of data for ‘reasonable purposes’ such as credit scoring and the operation of search engines, also seems to imply such a possibility.
  2. Constrained user rights: The Bill provides users with certain rights over their data. However, the Bill also sets certain limitations on the exercise of these rights, and from here stems the potential for misuse and exploitation. For example, clause 19 provides for the right to data portability but allows companies the leeway to deny such requests on grounds of technical infeasibility or protection of a trade secret. Alternatively, clause 20 allows data processors to reject requests under the right to be forgotten if it feels that the data in question has not served the purpose for which it was collected; the burden for proving this, of course, is on the user. Furthermore, clause 21 provides that users may be charged with fees for exercising these very rights. Now consider this in the context of the Agristack: will a farmer really be able to get a company to delete his/her data, given the significant difference in bargaining power? This will lead to farmers becoming beholden to the platform and the companies that are on it - this clearly cannot be good for farmer’s welfare! Moreover, the already severely indebted farmers may be asked to pay onerous fees for trying to assert their rights.

Solution

Other jurisdictions have laid down specific guidelines and laws for dealing with agricultural data. These include the US American Farm Bureau Federations’ (AFBF)  Privacy and Security Principles for Farm Data, the New Zealand Farm Data Code, and the EU Code of Conduct on Agricultural Data Sharing by Contractual Agreement. These codes cover central issues such as terminology, data ownership, data rights (including the right to access, data portability, and the right to erasure/right to be forgotten), privacy issues, security, consent, disclosure, and transparency. In addition, they all attempt to harness the benefits of agricultural data while protecting producers’ privacy and security.

The AFBF championed Privacy and Security Principles for Farm Data, for example, is an agreement between influential farm organizations and Agriculture Technology Providers (ATP). It is an affirmation of belief (or promise) by the signatory ATPs that their business relationships should operate and data should be collected, used, and managed in accordance with the Farm Data Principles. Any Indian regulations protecting agricultural data must set clear expectations regarding a diverse set of interrelated data issues including education, ownership, collection, access, control, transparency, and more. Here are some of our recommendations:

  1. Comprehensive Consultations: There needs to be discussion on the merits of the proposal with farmer groups and unions on their very premise before any policy document is implemented. The utilisation of technology must happen on the basis of feedback that emerges from these conversations.
  2. Long-term study and Advocacy: Academics, technologists, civil society and digital rights organisations to be engaged with on the development of the “Agristack” both as a policy framework and its execution proceeding from the concerns and experiences of farmers.
  3. Privacy for Farmers: Examination of the relationship between personal data and digital policies such as the Data Empowerment and Protection Architecture (DEPA) to be conducted in the context of the ongoing process of the Joint Parliamentary Committee on the Data Protection Bill.
  4. Strengthen User Rights: The rights of users under the Bill have to be reviewed to ensure that the right to privacy of users gets primacy and the interests of data fiduciaries are addressed through limited exceptions.
  5. Protecting non-personal data: Allow non-personal data to be regulated under the Data Protection Authority. This shifts the focus onto the protection of digital rights and the responsibility of providing robust regulatory mechanisms would fall on the Data Protection Authority. This also protects important data of farmers such as lands, income, loans, etc from being misused by private companies.

Given that in India, agriculture contributes to 19% of the country’s GDP (according to the Economic Survery 2020-21) and provides employment to around 58% of the population, a lot more can and should be done to protect the interests, autonomy, and privacy of farmers.

This is the second post in our #PrivacyOfThePeople series on how the Personal Data Protection Bill will impact different facets of our life; you can read part 1 on worker surveillance here. Join us next week as we look at the Bill in the context of Social Media.

Important Documents

  1. The Personal Data Protection Bill, 2019 as introduced by the Minister for Electronics and Information Technology, Mr. Ravi Shankar Prasad (link)
  2. IFF's Public Brief and Analysis of the Personal Data Protection Bill, 2019 (link)
  3. IFF’s Public Explainer on the Agristack (link)
  4. Previous blogpost dated December 04, 2020, titled “The Agristack: A Primer” (link)
  5. Compendium of IFF’s work on the Agristack (link)
  6. The SaveOurPrivacy Campaign (link)

This post was largely drafted by Tanvi Roy, who is an undergraduate student majoring in Computer Science at Ashoka University and currently interning at IFF.

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!