In this digital age of a virtually connected world, data can travel around in a jiffy and any wrong usage can bring untold difficulties to individuals and society. The government has the responsibility of regulating the environment in which data is fed, stored, transmitted and used. It has to define boundaries, institute checks and balances, prescribe penalties, while simultaneously ensuring that the transmission of data does not choke exchange because of too many controls. It has to strike the right balance. The Personal Data Protection (PDP) Bill is an effort in that direction. A panel discussion was organised by the Centre for Public Policy Research (CPPR) and Chinmaya Vishwavidyapeeth (CVV) on “Data Security for a Digital Century” on 27th February 2020.
Dr. D. Dhanuraj, Director of CPPR opined that the priority of the government is security and technology rather than privacy using simple word statistics from the bill. He then explained the basic themes of the discussion.
1. Standards used for regulating Cross Border Data Transfer
2. Standards used when governments outsource their data processing work
3. Capacity of the individuals to contest with big service providers in dispute resolution systems
4. Compatibility of the Bill provisions with the advancement of technology
Dr. Nagaraj Neerchal, Professor of Statistics, and Vice Chancellor of CVV, sought more clarity in the definitions used in the bill, and added that confidential methods have to be in place so that even the data collector does not have access to the data, whereas, the data should be available to publish without revealing the identity.
Dr. D. Dhanuraj further reminded about the turn taking place in data in the past few years and about India being one of the largest internet using population and the delegation of massive power in the hands of the government counters the necessity and proportionality as defined by the Justice Puttaswami judgement.
Shri K. M. Gopakumar, legal adviser of Third World Network, asserted that the European and Californian models of data protection can be looked into and went on to speak about the deficiency of the bill such as, (1) Access and Benefit Sharing of data not being looked into, (2) Transfer of data across the border, except critical data and (3) Centralisation of data which could be very dangerous.
Shri Prasanth Sugathan, a volunteer legal director at Software Legal Centre, raised concerns over the selling of data to various companies by the government and the importance of selecting the data protection authorities, with the Data Protection Authority becoming an entirely government body. Also, a conflict of interest is created when the government, which is an interested party in data usage, becomes the Data Protection Authority.
Shri Samjad Moopan, Technology Evangelist, CoFounder, Spiraldesk talked about start-up culture and the informal economy being affected and concluded with a suggestion to GDPR.
Shri Nithin Ramakrishnan, Assistant Professor, CVV, said the focus of the PDP bill 2019 is the promotion of digital economy rather than data protection. He further elucidated how the trust-based relationship envisaged between the data principal and the fiduciary is not thoroughly reflected in the bill and sought to improvise the trust-based relationships.
Shri Dharmita Prasad Senior research associate, Jindal Global Law School, said that the definition of critical data is not proper and the procedures in case of a breach of data are not defined. The procedures for correction or penalisation should be short, simple, time bound and effective.
Shri S. Navamohana Krishnan, student of CVV, presented the CVV memorandum of suggestions and recommendations to the joint parliamentary committee and sought comments.
The discussion threw light on important issues and the participants suggested various measures that would improve the content and intent of the Bill. As Artificial Intelligence applications develop and information age matures, the PDP Bill would be the foundation which determines right and wrong usage of data. The wheels of data would be the wheels of commerce. The pivot would be data security.