Saving private data

Nitin Gadkari recently gave an interesting insight in the Lok Sabha. The government of India earned ₹65 crore by providing 87 private and 32 government entities access to a database of vehicle registration and drivers’ licences.

During a recent hearing on data privacy in the Supreme Court, Justice Deepak Gupta said he was afraid of using mobiles as he found Google tracking him everywhere. Further, he said that he could buy an AK-47 assault rifle on the Internet.

In this age of digitisation, data means money, but there are issues, as Justice Gupta pointed out.

Yet, India does not have any law to protect personal data.

Back in the day, life was easier when ‘apple’ and ‘blackberry’ were still fruits. In the 1990s, Google was a simple search engine. Android, YouTube, Google Maps and Gmail were yet to be born. Google had a privacy policy even then—a simple 600 words to detail the process of collection and usage of personal data. More than 20 years later, Google’s privacy policy runs into a sprawling 4,000-word treatise to explain the company’s data practices. The metamorphosis across 20 years and 30 versions is pretty much the story of the World Wide Web’s transmutation into a terribly complex animal. And all tech players have been smart enough to carve privacy policies to match Google’s.

Data Governance: The Big Imperative

The basis for research, a key input for knowledge, a tool of power and domination, and a subject of legislation and governance—the definition of data ticks all these. With humans working, shopping, and communicating online, the digital economy today is thriving with massive data being produced and exchanged every second. It is the most important asset that a company has.

Hence, governance of data is imperative, for privacy concerns are on the rise. “Data is the pollution problem of the information age, and protecting privacy is the environmental challenge,” says American cryptographer and privacy specialist Bruce Schneier. Privacy may simply be defined as the right of an individual to be free from uninvited surveillance. However, increased surveillance combined with profiling of individuals can lead to an impact on individual independence and therefore is tantamount to breach of privacy. A Supreme Court order in 2017 upheld the right to privacy as a fundamental right protected by the Constitution.

The World at India’s Doors

India is among the fastest-growing economies in the world. Its digital economy, worth $200 billion now, is projected to reach $1 trillion according to a government-commissioned study—which will boost the $2.6-trillion economy to a $5-trillion one. Technology majors from Beijing to the Silicon Valley realise the tremendous opportunities that the seismic shift from the old economy to the digital economy is throwing open in the country in sectors such as IT, e-commerce, telecom, digital payments, and online government services.

Privacy versus Digitisation

And so, India must strike the right balance while formulating laws to leverage a data-driven ecosystem with reasonable restrictions.

The proposed privacy law is based on the Draft Personal Data Protection Bill, 2018. The core idea is to protect the individual’s interest while allowing legitimate use of data by the state and private enterprises.

The draft bill has more than its fair share of positives. It has, however, been criticised for some ambiguities, imposing excessive obligations on data fiduciaries and/or prescribing disproportionate punishments.

One particular controversy has been on the proposed data localisation as a mandatory requirement. Arguments range from the associated limitations of such data localisation being against the basic philosophy of the Internet to imposing additional operating costs on data fiduciaries to hindering global innovation and progress of India’s digital economy to challenging the principles of free-market economy.

In the wake of India’s data localisation provision, Mark Zuckerberg was vocal in describing it as setting a precedent with more authoritarian countries tightening their restrictions over data. The U.S. government has cited the same as one of its main concerns in its bilateral relationship with India.

However, S. Gopalakrishnan, additional secretary, Ministry of Electronics and Information Technology, recently expressed hope that opposition from foreign companies to data localisation may weaken when a global framework for taxing big tech majors is formed. He was hinting at a recent proposal by the Organisation of Economic Cooperation and Development to extend governments’ rights to tax MNCs.

It is premature to comment, as the final law is about to be put before Parliament. It is hoped that a little more balance will help in India’s promotion of Digital India, Make in India and in making ‘doing business in India’ work.

Differing Global Views

Data protection and privacy are resonating across global conversations. California’s upcoming Consumer Privacy Act, South Korea’s Personal Information Protection Act (which is being updated) and India’s Personal Data Protection Bill are on the watch lists of observers.

The U.S. data protection model allows the collection of personal information as long as the individual is informed of such collection and use. It is considered the most laissez-faire in its approach.

The U.S. data protection model restrains the state; the European model privileges the individual; the Chinese model serves the collective. While addressing concerns over data exploitation and colonisation in a market with more than a billion people, the Indian government has the opportunity to chart a new course and create an independent identity for New Delhi on the global stage.

Views are personal.