India urgently needs strict data protection law: Experts
New Delhi, May 25: Leading experts stated that a stringent data protection law is urgently needed in India to address the mounting concerns over privacy of citizens as the country is moving in a big way towards digital governance.
The experts, at a discussion on data protection, pitched for setting up of a regulator or an adjudication mechanism to deal with cases relating to issues of privacy and data harvesting.
Chinmayi Arun, executive director, Centre for Communication Governance at National Law University, Delhi, said the storage, aggregation and processing of data have been on the rise and there needs to be a mechanism to deal with their misuse.
The panel discussion was part of a series of talks on digital technologies and their impact on society, human psyche and economies, organised with active involvement of former foreign secretary Shyam Saran.
Ananth Padmanabhan, fellow at Carnegie India, cautioned against data being "siloed" with particular companies. "Look at the number of acquisitions Google, Amazon, Facebook, Microsoft and Apple have done in this space in the last 5-6 years.
What could happen over time is that, all this important and exciting data, particularly in the key sectors of education, mobility, healthcare, agriculture and so on could get siloed with particular companies," he said. There has been a growing concern in India over the safety of the Aadhaar database.
The Supreme Court is also examining issues relating to various aspects of Aadhaar. Supreme Court advocate Vrinda Bhandari asserted that a data protection law was the need of the hour and the government must bring it soon.
"We have for these many years been in a sort of vacuum where no efficient law for data protection is a big problem. So one aspect is to have a law that would define what our rights are, what the responsibilities are.
"Also, seek to answer some very complex questions like ownership of data, who is the custodian of data and then to set up a regulator or some sort of adjudication mechanism," she said.
Justice B N Srikrishna, who heads a committee tasked to frame new data protection norms for India, said: "We are in the stage of digital economy, digital governance, and digital storage of all knowledge... Digital footprints are everywhere. The digital footprints will identify you... Is it good, is it bad that is the debate."
UIDAI Chairman J Satyanarayana, speaking at the event hosted by India International Centre in collaboration with Niti Aayog and Centre for Policy Research, said technology has brought about a sea change in governance and asserted that the Aadhaar database is secured by design.
Advocate Bhandari said: "One of the things to do is to, within the law, maintain flexible principles so that any regulator will be able to catch up with technology. We have to then work on things like consumer education."
She noted that following the Cambridge Analytica episode, people are now questioning who has access to their data, what are their rights and what are these Facebook consent policies that they are signing.
On the issue of data breach, Bhandari said from the point of the data subject, it would be the primary data collector who should be liable for a breach even if it has occurred after it was shared with successive entities. Concurring with Bhandari's view, Arun said the company that collects data has to be held liable to what happens with the data.
"If it chooses to enter into contracts with unreliable third parties, that should not become the citizen's or the consumer's problem," she said. As data theft becomes the buzzword, recent revelations on the issue have forced people to re-examine their everyday social media browsing habits, particularly on Facebook.
It started in mid-March with international media reports claiming that the profiles of 50 million Facebook users were harvested by UK-based data analytics firm Cambridge Analytica to influence the US presidential election and the pro-Brexit campaign as well as polls in other countries.
Beyond the global impact of the biggest-ever data breaches and the social media behemoth Facebook, the scandal brought to the fore the shortcomings of India's laws to deal with ever advancing issues of online privacy and data theft in the country.