Data flows away from ordinary citizens, to those who collect and may misuse it. My Data Privacy and Protection Bill, unlike the govt's, places the individual at the core.
Data, we are told with tiresome frequency, is the new oil. Well, this oil flows only in one direction — from every one of us ordinary citizens into the hands of those who receive, collect, manipulate and use (or misuse) it.
August 24 marked a year since the Supreme Court’s landmark judgment recognising the right to privacy of every individual as a fundamental right under the Constitution of India. We often take our privacy for granted; however, in an age when nearly 2.5 quintillion bytes of data is generated every day, the right to privacy has large implications, particularly on the manner in which the state and others collect and use our data. Whether it is submitting a form for a college application or downloading the latest app for our phone, we unknowingly share information about ourselves with a wide range of entities, without realising the repercussions involved. Cambridge Analytica’s website rightly said “Data drives all we do”, and the scandal which was exposed, revealed how they manipulated data to influence the commercial and political choices of common citizens.
That scandal is one among many worrying signals about the extent to which vested interests are willing to go, to mine the “new oil” of the 21st century. India has undertaken an ambitious project to create the world’s largest biometric database in the form of Aadhaar, ostensibly to regulate the transfer of benefits from government to needy citizens. However, the numerous instances of data leaks in relation to Aadhaar reveal the state’s callous attitude to data protection, while it aggressively pursues the sync-ing of Aadhaar numbers with essential services which have nothing to do with the government, from our mobile phones to our private bank accounts. In the absence of a robust data protection framework, we Indians are all sitting ducks in the world of data fraud and misuse.
This month, I finally introduced the Data Privacy and Protection Bill, 2017 in the Lok Sabha, more than a year after I’d first submitted the Bill to Parliament. (Unfortunately, multiple disruptions prevented me from introducing the Bill earlier.) The introduction was preceded by the release of the Draft Personal Data Protection Bill, 2018, drafted by the Justice B N Srikrishna Committee, which is likely to be adopted by the government as their official Bill. Through the process of public consultation, which has recently been opened on the Draft Bill, we now have an opportunity to contrast and highlight the provisions in the two bills. There are fundamental differences between the two.
A plain reading of my individual-centric Bill confirms that it is built on a strong foundation of the Right to Privacy, as laid down by the Supreme Court. My Bill vests in you, the individual, the right over your personal data, thereby protecting its misuse by both the state as well as private players. Your rights over your data implies that it cannot be handled in any manner in the absence of consent.
However, today, consent has become a matter of formality, where we click a button without consciously reading, let alone genuinely agreeing, to the terms and conditions. For consent to be effective, it must be unambiguous, free, voluntary, affirmative, revocable and obtained prior to its usage to a specific and easily comprehensible contract. To ensure consent remains effective, the data must be destroyed after the purpose is served. Despite this, there is a skewed power equation between the data processor and the individual, which any good data privacy law must redress.
The government’s draft Bill grants “the right to be forgotten” but deceptively defines it as disallowing further disclosure of data. It seems that the government wants to revamp the globally accepted meaning of “forgotten” to “limited recollection”. Through this, the government is merely posing as an upholder of privacy, unlike my Bill which has a leak-proof right to privacy through the incorporation of the right to erasure or the right to be forgotten.
Data, we are told with tiresome frequency, is the new oil. Well, this oil flows only in one direction — from every one of us ordinary citizens into the hands of those who receive, collect, manipulate and use (or misuse) it.
August 24 marked a year since the Supreme Court’s landmark judgment recognising the right to privacy of every individual as a fundamental right under the Constitution of India. We often take our privacy for granted; however, in an age when nearly 2.5 quintillion bytes of data is generated every day, the right to privacy has large implications, particularly on the manner in which the state and others collect and use our data. Whether it is submitting a form for a college application or downloading the latest app for our phone, we unknowingly share information about ourselves with a wide range of entities, without realising the repercussions involved. Cambridge Analytica’s website rightly said “Data drives all we do”, and the scandal which was exposed, revealed how they manipulated data to influence the commercial and political choices of common citizens.
That scandal is one among many worrying signals about the extent to which vested interests are willing to go, to mine the “new oil” of the 21st century. India has undertaken an ambitious project to create the world’s largest biometric database in the form of Aadhaar, ostensibly to regulate the transfer of benefits from government to needy citizens. However, the numerous instances of data leaks in relation to Aadhaar reveal the state’s callous attitude to data protection, while it aggressively pursues the sync-ing of Aadhaar numbers with essential services which have nothing to do with the government, from our mobile phones to our private bank accounts. In the absence of a robust data protection framework, we Indians are all sitting ducks in the world of data fraud and misuse.
This month, I finally introduced the Data Privacy and Protection Bill, 2017 in the Lok Sabha, more than a year after I’d first submitted the Bill to Parliament. (Unfortunately, multiple disruptions prevented me from introducing the Bill earlier.) The introduction was preceded by the release of the Draft Personal Data Protection Bill, 2018, drafted by the Justice B N Srikrishna Committee, which is likely to be adopted by the government as their official Bill. Through the process of public consultation, which has recently been opened on the Draft Bill, we now have an opportunity to contrast and highlight the provisions in the two bills. There are fundamental differences between the two.
A plain reading of my individual-centric Bill confirms that it is built on a strong foundation of the Right to Privacy, as laid down by the Supreme Court. My Bill vests in you, the individual, the right over your personal data, thereby protecting its misuse by both the state as well as private players. Your rights over your data implies that it cannot be handled in any manner in the absence of consent.
However, today, consent has become a matter of formality, where we click a button without consciously reading, let alone genuinely agreeing, to the terms and conditions. For consent to be effective, it must be unambiguous, free, voluntary, affirmative, revocable and obtained prior to its usage to a specific and easily comprehensible contract. To ensure consent remains effective, the data must be destroyed after the purpose is served. Despite this, there is a skewed power equation between the data processor and the individual, which any good data privacy law must redress.
The government’s draft Bill grants “the right to be forgotten” but deceptively defines it as disallowing further disclosure of data. It seems that the government wants to revamp the globally accepted meaning of “forgotten” to “limited recollection”. Through this, the government is merely posing as an upholder of privacy, unlike my Bill which has a leak-proof right to privacy through the incorporation of the right to erasure or the right to be forgotten.
Moreover, your ow
Source: https://indianexpress.com/article/opinion/to-plug-the-data-spill-5323759/