Union government has appointed a committee headed by Sri Krishna to draft a uniform data protection law.
It has released a white paper as part of its mandate. Click here to read its highlights.
However, there are concerns over India’s dependence on imported digital technologies.
What are the challenges with data protection in India?
Major players in the digital economy are based in abroad and export data to other jurisdictions, which is difficult to regulate.
For eg. Operating system designed in US and a mobile phone manufactured in china cannot be regulated by single uniform data protection law.
India cannot afford to maintain data centres for a regulated data usage and sharing, since it require huge investments.
State and central governments will also need to spend substantial amounts on physically securing these installations.
India is better off relying on servers located elsewhere, while gaining in connectivity and access to high-quality digital products.
What are the concerns with Uniform data protection law?
Data protection policies – There cannot be single data protection policy like followed in Aadhaar act due to presence of hundreds of private players.
In Aadhaar case, UIDAI is the only custodian of data and secure lines that store and transport them.
Sensitive personal data – the definition of “sensitive” information needs to be re-evaluated in the light of India’s socio-economic context.
Manufacturer’s policy - Few Chinese smart phone manufacturers acknowledges it may transfer the data of users to locations with no data protection laws at all.
End User License Agreement merely suggests it will provide “similar and adequate” levels of protection as the country of origin.
But how would Indian regulators ensure that the data of citizens is treated uniformly is a threat here.
What are the areas data protection law needs to concentrate?
Current data protection rules under the Information Technology Act urgently need an update and should reflect modern trends.
India should enact safeguards for data collected through known points of vulnerability in its digital economy like phone’s camera software, public Wi-Fi spots,etc.
India’s data protection laws should not foreclose options for its own software developers who need country and community specific data as they build products tailored for the digital economy.
A modest solution could be to allow companies to pursue independent data protection policies (guided by baseline norms), but monitor their enforcement through a national, multi-stakeholder agency.
