With the increasing contribution of the ICT sector to India’s GDP, the country needs a coherent and comprehensive method to policymaking in technology backed by a strong data protection law. As the debate over data protection heats up, The Dialogue, a Delhi based think-tank working on the intersection of technology, society and public-policy, organised a Stakeholder Consultation titled “Enabling a Progressive Privacy Regime: Discussing the Road Ahead” on the 5th of August at Constitution Club of India.
The consultation witnessed around more than eighty participants including stakeholders from the industry, academia, government, civil-society, bilateral, multilateral organisations, research institutions and the media, with the objective of driving efforts to ensure that India has a progressive data protection law that is rights-based and protects the digital rights of the citizens. The consultation was held in two sessions, where the first theme was focussed at global technology development on privacy and data protection, while the second theme was centred around privacy and security aspects of digital payments.
In the first session, the participants touched upon the need to evolve privacy laws and policy in the age of emerging tech like 5G, artificial intelligence and geospatial technologies; due process of law being an integral part of the PDP Bill; and need for adequate checks and balances, along with factors of reciprocity and adequacy with laws of other nations as an important element of the upcoming law. Discussions also pertained on the need to clearly define ownership of an individual’s data, with the need to incorporate provisions around right to forget, right to erase data and purpose limitation. Moreover, disclosure and possible transfer mechanism of information from a corporation or an individual to another corporation and/or individual and differentiation of information in various classes was also discussed.
In the second session, the debates revolved around biometrically authenticated payments; the privacy and security perspective in payments; data localisation and the need for privacy-by-design. Participants discussed the best practices while dealing with privacy concerns, which are, first, to understand what is privacy by design; second, to realise how to achieve both privacy protection and innovation in a product; and third, role of organisation in the context of privacy and helping develop innovation to further the economy. A common sentiment that was shared among the stakeholders was the need for impact analysis of data localisation along with the cost-benefit analysis, as the repercussions of data localisation on the economy and the ICT sector were highlighted. It was also brought to the attention that fraud detection techniques could be impacted, that could jeopardise security and privacy of user data. Concern about start-ups facing the heat of limiting cross border data flows were also shared in the discussion, along potential reciprocal policies in the future that could affect Indian business functionality abroad.
At the same time however, law enforcement was mentioned as a critical area of collaboration between the government and data fiduciaries and it was implied that legitimate requests of data access for investigation must be adhered to. Such demands must be made through a due process of law which has appropriate checks and balances, it was highlighted. Security is a non-negotiable while India now needs a new model for legitimate data access that could meet its law enforcement requirements. A common way forward towards this could be multilateral data frameworks or bilateral agreements on data sharing based on parameters around adequacy and reciprocity.