Across every industry, leaders and technologists are facing an increasingly complex world. A new world defined by digital diffusion and ensconced in data security concerns —and now laced with regulation that protects personal data of individuals.
In a world deeply influenced by rapid technology evolution, challenges come along as a bona fide add-on. With India moving towards digitisation, the need for a comprehensive data protection law was acknowledged by the government through the Draft Data Protection Bill, which was introduced in July 2018. On December 4, the Union Cabinet cleared the Personal Data Protection Bill (PDPB).
With technology influencing every facet of life around us, and the quantum of personal information being shared online or offline, it has become essential, and at the same time crucial, to strike a balance between the cultural revolution brought about by this very digital transformation and the associated implications of personal data protection. With most organisations on a digitisation spree, PDPB is a valuable step towards a sustainable solution that would aid India in strengthening its personal data security concerns and position, as well as empower and equip individuals to manage their personal data.
PDPB will serve as a model for ensuring that Indian citizens have autonomy in the digital economy. It will also permit them to regain control over their personal data.
Personal data breaches have emerged as one of the most presiding categories of security incidents across the globe. With a recent ‘surveillance’ incident on the Facebook-owned messaging platform WhatsApp — which involved the compromise of privacy data of many individuals via a third-party spyware —there are strong reasons for the Indian government to take significant decisions regarding matters pertaining to the protection of personal data of Indian citizens. The wave of such breaches continues, as the volume of personal data available online grows exponentially.
As the future comes with exciting technological possibilities, the same technology also helps us create safer methods, helping us to eliminate vulnerabilities — the brighter side of the ‘technology wedge’, as it were. Disruptive technologies, such quantum computing, blockchain used in financial technology, or artificial intelligence (AI) being used in every kind of industry, could address and solve some of the human errors that create problems in technology today. Machine learning increases the capacity to make innumerable inferences about individual consumers and their choices. Marketing and promotional companies now have the capability to predict what television shows viewers will want to watch and what brand consumers will want to spend most on.
We have been often concerned about technology reducing security of online transactions, or compromising privacy. Yet technology also has the capability to create a safer digital world when used with the right mix of data protection control requirements. This is the beginning of the era of enabling the confluence of security in the middle of the congregation of a digital explosion.
PDPB focuses on this mix, and seeks to establish an overarching data privacy framework by standardising collection, usage, storage and transmission of personal data, ensuring adequate protection of personal data. The Bill also establishes an independent authority, the Data Protection Authority of India (DPAI), which will be empowered to oversee the enforcement of the law.
The introduction of such a stringent privacy watchdog in India will be revolutionary with far-reaching consequences, as it will change the way privacy is perceived and practised in Indian businesses. The proposed Bill applies to both government and private entities established in India as well as abroad (extra-territorial applicability). Non-compliance to the regulation may lead to both financial penalties and personal liability.
PDPB also proposes amendments to address the inadequacies in the Aadhar Act, 2016, which has been the subject of many recent debates on the various avenues one needs to take to improve data protection. The Bill, when implemented, will require enterprises and companies to review their policies regarding data protection and processing, and require them to revisit their information technology (IT) design, technology usage and infrastructure to comply with the Bill’s requirements.
The primary focus would be on balancing the need to enhance technological progress and the adoption of personal data protection requirements to ensure compliance. This will not only improve individuals’ trust with such enterprises, but it will also help India gain and establish better trust on the larger global trade landscape.
The writer is Advisory Leader, EY India