Opinion: Personal data is vulnerable. How to protect it.

New Delhi needs to espouse a balanced data protection law to prevent misuse of personal data of its citizens and to protect its appetite for the digital economy. Photograph:( Others )

New Delhi, Delhi, India Dec 20, 2017, 06.34 AM (IST) Jayadev Parida

Does digital-space invade private space? Does India need a data ombudsman to keep a check on all instances of data infringement?

Many might disagree with it due to India’s dependability on export technologies. However, the online state of affairs is troubling in the age of Big Data. We have to seriously consider how a data protection law could protect the fundamentals of individual privacy.

There are many ambiguities as well questions that the committee of experts led by Justice B.N. Srikrishna needs to look into as they set about to craft an Indian data protection law. 

India, as the largest producer of online data and as an emerging digital economy, needs to espouse a balanced data protection law to prevent misuse of personal data of its citizens and to protect its appetite for the digital economy. Here are four pointers in this regards.

First – definition – the law needs to distinguish a line between personal data and non-personal data so that the non-personal data could flow free for innovations. India’s data protection law should be Indian in nature and not a replication of a stringent law like the EU data protection regulation.

Second – accessibility- the creation of data centres needs to be treated under the jurisdiction of India Law. These data centres would facilitate Indian law enforcement and investigative agencies to address diverse online and offline crime issues. The classic example is the Blackberry data turf war in 2010 due to the limitation of Mutual Legal Assistant Treaty.

Third – data flow- These data centres would enable indigenous start-ups to mushroom and give better data-driven services to the end user. Currently, the EU’s GDPR is a strict data protection law of the digital world that keeps internet industries at bay, creating a negative effect on disruptive innovations and digital economy. However, recent talks in the EU mentioned that for free flow for digital innovations, there would be policy to leave aside ‘non-personal data’. New Delhi can learn from EU’s mistakes.

Fourth - regulations – a strong data protection law would curb the misuse of personal data. Government of India should look into the issues of ‘passive data collection’ which is often hidden in the applications. Second, it would create a trust between the user, service providers and governments. If the individual is not the owner of the data, then it is the responsibility of the government to ensure the protection of such data.

Combination of all these four factors- definition, accessibility, data flow and regulations - would open up unprecedented opportunities for India’s $ 1 trillion digital economy.

Recently, Microsoft, Amazon and Google have opened up cloud data centres in India to provide better services to world’s second largest internet users. This indicates that India could be a potential data hub for the South Asian countries.

In addition, estimations also suggested that by 2020 India would be a marketplace of $ 4.1 billion in cloud space industry. 

Justice Brandeis warned against “the progress of science in furnishing the government with means of espionage”, which is why most tech-researchers are a bit suspicious about government's role in both India and abroad.

At the advent of the digital age, privacy and data protection have become two sides of the same coin. Meanwhile, the concept of privacy is socially constructed and naturally influenced by the history, culture, traditions and values of a nation. To address issues of different value clusters of societies, as well as, for protection of personal data, does India need a data gatekeeper? The answer to this is, yes!

(Disclaimer: The opinions expressed above are the personal views of the author and do not reflect the views of ZMCL).