Data Protection has been in the news ever since the dawn of the digital era. But, in the last few years the clamour for stronger data protections laws have become louder. Europe has taken the first step to limit the power that digital behemoths have over us. Will India Follow. I write for CNBC-TV18
Source : Here
Privacy means different things to different people. And in today’s world dominated by social media, the definitions have mushroomed like weeds on an unattended farm.
Most of us on social media live lives of an exhibitionist. Sharing what we eat, where we go, where we holiday, what we buy, who our friends are, and what our political preference is.
We are window-shopping in a mall and casually write our email address or mobile phone number in guestbook of a store, a stranger selling credit cards or for the lure of a lucky-draw prize at the mall itself.
Clearly, most of us don’t cast a fleeting glance at the concept of privacy.
And therefore, it is left to the paranoid amongst us to take action that prevents others from misusing this data we put up for people and machines to see and learn about us.
The ink on the Cambridge Analytica saga has not dried yet. The company, although now shut down, was profiling Facebook users and pointing them towards sophisticated political propaganda that may have influenced voting patterns.
It is now believed that this kind of sophistry may have had some role to play in how the UK voted for Brexit, and the surprise victory of Donald Trump in the USA.
Data, as some now say, is the new oil. There is a difference, though. Oil is a finite resource we are running out of at an alarming, pace but production of data seems infinite.
Oil does not create more fossil fuel. Data creates more data.
Given this, the question honestly is quite simple.
How do you regulate who controls your data, who uses it and for what purposes?
For example, is it ethical for a fitness tracker to share my daily fitness progress with someone who would then use it to suggest a diet plan to me, without my explicit permission?
On the face of it, this does not seem like a ‘major’ invasion of privacy; after all, who doesn’t want to try something new to lose weight.
Who then is to decide what a reasonable amount of invasion of privacy is, and what is not?
This is why there are calls for regulation of our data.
With an aim to put a user’s data in her hands, Europe has introduced the General Data Protection Regulation (GDPR), which is the strongest data protection law the world has seen so far.
At the core of this new law is the ability for ordinary citizens to ask to see the data that companies, or governments, have on them. The law takes a step further and allows the citizen to demand deletion of this data. The law even outlines firm guidelines on how data is to be collected and used.
This seems years ahead of what we are grappling with in India at the moment– Aadhaar.
As we struggle with the privacy issues surrounding the programme that was conceived as an instrument to efficiently distribute subsidies among the poor, it is now being linked across ecosystems – be it banks, mobiles, rent agreements, and even payments.
It is in this context that one has to look at a structure of the GDPR.
As the country’s apex court discusses Aadhaar, it is time India also began a debate on the regulation of all data.
While the Information Technology Act of 2000 has a framework regarding the collection, collation, and use of data, experts believe that the sophistication of online platforms and data scientists leaves our privacy on shaky grounds.
With the Supreme Court asserting the right to privacy as being a fundamental right under the Indian Constitution, it is time to relook at the IT Act, and it is also time to look at regulating data and how it is being used.
Who owns our data? Who controls it? Who monetises it? Who benefits from it? What do we do to get out of this, and most importantly, how do we get out of this.