Across the world, including in India, increasing digital penetration has been transforming societies. Technologies are integrated into a spectrum of day-to-day processes, resulting in an exponential rise in the number of ways in which information is used.
As a result, the processing of personal data has become omnipresent.
“The reality of the digital environment today is that almost every single activity undertaken by an individual involves some sort of data transaction,” said Vikash Chourasia, Scientist ‘C’, Ministry of Electronics and Information Technology, Government of India, speaking at the RSA Conference 2019 Asia Pacific & Japan, held at Marina Bay Sands earlier this month.
“Some of the largest companies of the world today are data-driven. Take for example Uber, which doesn’t own any cars, was able to disrupt the entire transport industry through its use of data points.”
However, data is both an asset and a liability. The unregulated and arbitrary use of data – in particular, personal data – has raised concerns regarding the privacy and autonomy of individuals. It has therefore become important for regulators to set up guidelines on data protection to safeguard the interests of their citizens.
Chourasia was part of the committee entrusted with the task of coming up with India’s privacy legislation, the Personal Data Protection Bill. In a keynote titled ‘Future of Data Protection Legislation: India’s Journey and Way Forward’, he touched on the Indian government’s approach towards data protection, as well as the core design principles that India adopted in shaping the framework.
Mobilising the various stakeholders
In July 2017, an expert committee was set up under the chairpersonship of Justice BN Srikishna. Its aim was to study the various issues relating to data protection in India.
A whitepaper was first released as a concept note, and a public consultation ensued. The committee deliberated on the concerns and suggestions received, and formulated a comprehensive draft bill, which was submitted along with a report in July 2018.
“This process was historic in the way it has involved so many stakeholders in law making,” said Chourasia. “In India, it is not normal for the government to engage with the public on such a wide scale,” he explained.
Finding a balance between business and privacy
The draft bill presented by the expert committee was crafted based on a few core design principles adopted by the Indian government.
For one, the guidelines have to be flexible enough to take into account the rapid pace at which technological developments are happening. The law must also apply to both the private sector and the government. “This, I would say, is a huge culture shift – to be able to get the government included and be ruled by the law,” Chourasia said.
In addition, businesses have to ensure that consumers give consent that is informed and meaningful. Consumers also continue to reserve the right to the data they have provided. “This means that consumers would be able to ask an organisation whether they have information on me, as well as what sort of data they have,” he said.
At the same time, in order to protect the intellectual property for businesses, the draft bill acknowledges that it is not realistic for companies to provide a complete copy of the information they have on consumers. “Take for example Google – If I had managed to derive valuable insights from the data I have collected, I cannot simply let it go,” Chourasia explained. “The law therefore performs a balancing act between protecting data privacy and business value. It will only require businesses to provide a summary of what they know about consumers.”
As a society that has benefited greatly from the outsourcing business, India is supportive of global free flow of data. However, Chourasia emphasises that digitisation must not have a purely economically-driven agenda.
“The Indian government has a mandate from the Supreme Court and the legislative establishment to look after the privacy and individual rights of our people, and we are committed in doing so,” Chourasia said.