Expert committee under Justice BN Srikrishna discusses data, privacy and its protection
An expert committee, under the chairmanship of Justice BN Srikrishna, organised a consultation session, inviting suggestions and objections based on the white paper released by the expert committee.
The reality of the digital environment today, is that almost every single activity undertaken by an individual involves some sort of data transaction or the other.
As Clive Humby had popularly said, “Data is the new oil”, both the public and the private sector collect and use data at an unprecedented scale and for multifarious purposes. However, the unregulated and arbitrary use of data, especially personal data, has raised concerns regarding the privacy and autonomy of an individual.
Therefore, to discuss the data protection framework for India, an expert committee, under the chairmanship of Justice BN Srikrishna, organised a consultation session, recently, inviting suggestions and objections based on the white paper released by the expert committee and following questions were put forward by the committee for the stakeholders to address:
• How can notice and choice be incorporated in a data protection law to operationalize consent? How can children’s personal data be effectively protected?
• How should “data localisation” and “cross border transfer of data” be dealt with under a data protection law?
• What should be the nature and scope of the possible exemptions under a data protection law in the Indian context?
• What are the different types of individual rights, their nature and scope which can be incorporated in a data protection law?
• To what extent should data controllers be held accountable under a data protection law?
• What will be the impact of a data protection law on allied laws, particularly, the Information Technology Act, 2000, Aadhaar Right to Information Act, 2005 etc?
While Justice Srikrishna set the tone for the discussion to begin by asking stakeholders to also provide solutions to the flaws in the white paper, the discussion received various opinions which, if implemented, could completely change how the markets are running.
“Data minimization is something that as a foundational principle I think we should not carry. The question on data collection is that should it be restricted in the first instance? The key point is that if we restrict data in the beginning, what are we achieving? And I am talking in the context of innovation, growth of industry and growth of business. It is only when data is available we can talk its usage,” said Kamlesh Bajaj, former Founder CEO, Data Security Council of India (DSCI) who was present on his individual capacity.
“So the key point should be on preventing misuse of data rather than the collection of data. To my mind, data minimisation has the potential to harm innovation in the country. Today we are just starting on with Artificial intelligence, machine learning, applications, Internet of Things etc. If we put a condition, it will harm innovation in the country, startups which need data, or innovation on drones, traffic control, we don’t know which way this will,” he added.
Disagreeing with Bajaj, Dr. Usha Ramanathan, an internationally recognised expert in the field of Law said, “I think a basic principle in data protection is remembering that it is not about protecting data but protecting people. I don’t think we should go down the US route, because it is exciting and. It is also producing a lot of monsters for us. Data minimisation is an extremely important principle for protecting the interests of people and it can’t give place to the interest of industry to be able to do whatever they call as innovation.”
“There is a complete change in collecting the kind of data we need to be able to plan an economy...shifting that completely to putting the onus on people, outsourcing tremendously to collect personal information and very intimate information and punishing people for not giving or giving inaccurate information. This is the route that we have come” she further said confessing that the white paper was disappointing because it doesn’t take into account “the kind of situation in which we are. It is talking a lot in the air and it also seems to be asking in changing a lot of constitutional understanding of what people are and what data is,” she said.
“People have said that privacy and law should wait until innovation is over, I completely reject this approach,” she added.
On deterrent penalties, Charu Malhotra, Indian institute of public administration, said that in the white paper there is “no clarity on remedial and legal action in case a company breaches the framework. Data is an asset and it should be accorded a status of property rights as per me.”
She further added that data protection has two aspects i.e. the privacy issue and second is commercial issues.
“Let citizens be partners in crime in case of commercial aspects of data. Why aren’t we able to think of a dashboard scenario? If I give an informed consent then I know where data is given in the pipeline and what is my percentage share of it,” she suggested.
However, Pankaj Sharma, Telenor, advised the committee on the need to have a simple law. He suggested, “If the law is simple and incorporates all the protection and the notice just says that as long as whatever is happening on the site is covered by the data protection law of India, I think that should be okay. We can’t make lengthy concepts. It is not going to help the common man”.
WhatsApp, Instagram, LinkedIn, Twitter, Facebook & Youtube