SANSAD TV: PERSPECTIVE- DATA PROTECTION – INSIGHTSIAS

[ad_1]

sansad_tv


Introduction:

As more and more social and economic activities take place online, the importance of privacy and data protection is being increasingly recognized. According to UN’s report on Roadmap for Digital Cooperation 2020 more than 7,000 data breaches were recorded in 2019 exposing more than 15 billion records. As per estimates, the potential cost of worldwide data breaches will be more than $5 trillion by 2024. Data Privacy or Information privacy is a part of the data protection area that deals with the proper handling of data focusing on compliance with data protection regulations. It is centred around how data should be collected, stored, managed, and shared with any third parties, as well as compliance with the applicable privacy laws. According to United Nations Conference on Trade and Development 128 out of 194 countries have put in place legislations to secure the protection of data and privacy. In India Personal Data Protection Bill seeking to provide for the protection of personal data of individuals and establish a Data Protection Authority for the same, was brought in Parliament in 2019 and was referred to the Joint Committee for further scrutiny.

India’s Data Protection Bill- Key recommendations:

  • Remove the word ‘personal’ from the existing title of ‘Personal Data Protection Bill’. This is intended to reflect that the bill, in order to better ensure privacy, will also be dealing with non-personal data, such as personal data that has been anonymised.
  • Amend the section restricting the transfer of personal data outside India to say “sensitive personal data shall not be shared with any foreign government or agency unless such sharing is approved by the central government.
  • No social media platform be allowed to operate in India unless its parent company, which controls the technology powering its services, sets up an office in the country.
  • It proposes a separate regulatory body to be set up to regulate the media.
  • Jail term of up to 3 years, fine of Rs 2 lakh or both if de-identified data is re-identified by any person.
  • The word ‘personal’ ought to be dropped from the name of the Bill.
  • Central government may exempt any government agency from the legislation only under exceptional circumstances.

Need for Data Protection in India

India has around 40 cr internet users and 25cr social media users who spend significant time online. The average cost for data breach in India has gone up to Rs. 11.9 crore, an increase of 7.9% from 2017. Moreover, in the KS Puttaswamy case, the Supreme Court has declared Data Privacy as a fundamental right under Article 21. Hence it becomes all the more significant to ensure data protection. The reasons are as follows :-

  • Data Export: Most of the data storage companies are based abroad. Especially the e-commerce companies that have exabytes of data on Indians. They also export data to other jurisdiction making it difficult to apply Indian laws.
  • Data Localization: Enforcing data localization has faced backlash from many private entities and their home governments. There hundreds of private players are involved in data dynamics which makes it difficult to apply uniform data protection framework.
  • User Consent: Generally, the application using pre-ticked boxes on consent while asking users regarding the acceptance to the terms and conditions.
  • Privacy Breach:  It is usually difficult to trace the perpetrator invading the data privacy.
  • Privacy laws: Currently, the usage and transfer of personal data of citizens is regulated by the Information Technology (IT) Rules, 2011, under the IT Act, 2000. However, this are applicable only to private entities and not on government agency.
  • Data ownership: As per TRAI guidelines, individuals own the data, while the collectors and data processors are mere custodians of data who are subject to regulations.

Need for Data Protection in India

India has around 40 cr internet users and 25cr social media users who spend significant time online. The average cost for data breach in India has gone up to Rs. 11.9 crore, an increase of 7.9% from 2017. Moreover, in the KS Puttaswamy case, the Supreme Court has declared Data Privacy as a fundamental right under Article 21. Hence it becomes all the more significant to ensure data protection. The reasons are as follows :-

  • Data Export: Most of the data storage companies are based abroad. Especially the e-commerce companies that have exabytes of data on Indians. They also export data to other jurisdiction making it difficult to apply Indian laws.
  • Data Localization: Enforcing data localization has faced backlash from many private entities and their home governments. There hundreds of private players are involved in data dynamics which makes it difficult to apply uniform data protection framework.
  • User Consent: Generally, the application using pre-ticked boxes on consent while asking users regarding the acceptance to the terms and conditions.
  • Privacy Breach:  It is usually difficult to trace the perpetrator invading the data privacy.
  • Privacy laws: Currently, the usage and transfer of personal data of citizens is regulated by the Information Technology (IT) Rules, 2011, under the IT Act, 2000. However, this are applicable only to private entities and not on government agency.
  • Data ownership: As per TRAI guidelines, individuals own the data, while the collectors and data processors are mere custodians of data who are subject to regulations.

Concerns:

  • Major players in India’s digital economy are not only based abroad, but also export data to other jurisdictions.
  • Potential drain of economic wealth of a nation. Financial rewards of big data are enjoyed by MNCs located in USA.
  • Infrastructure in India for efficient data collection and management is lacking

Way Forward:

  • Data minimisation and accountability of those who process and control data.
  • Personal data in the public interest should be protected and used only for the purposes it was collected.
  • Adequate infrastructure in terms of energy, real estate, and internet connectivity also needs to be made available for India to become a global hub for data centres.
  • Start-ups can develop technology that enables users to control who gets access to the data about their behaviour patterns in the digital world.
  • Data needs to be shared with start-ups so that they can have a level playing field in offering innovative services with large and often global data companies.
  • Encouraging formation of native internet giants like how china has done.
  • Current data protection rules under the Information Technology Act urgently need an update and should reflect modern trends.
  • Data protection is essential to balance the growth of the digital economy and use of data as a means of communication between persons with a statutory regime that will protect the autonomy of individuals from encroachments by the state and private entities.
  • India must adopt stringent law in the same lines as GDPR (General Data Protection Regime) enacted by the European Union.

[ad_2]

Leave a Comment