Data regulation on the horizon: Do you agree?

Image: Shutterstock

My data. Your data. Whose data?

Data: Grounding for understanding; Reusable goods; Stable object; An economic asset; A public good.

The once-humble data today denotes all of the above and much more. Activated across contexts and aggregated with others, ever-growing in quantity, range and value with implications across the social, economic, political and technological fabric. The complexity with not only humans meeting, working, playing, shopping and interacting online leaving gigabytes of data crumbs but potentially machines in an IoT-enabled world.

Data is not a neutral field. Governance is imperative.

The Union Cabinet, headed by Prime Minister Narendra Modi, approved the Personal Data Protection Bill last week. The Bill contains the framework on the collection, storage and processing of personal data, consent of individuals, penalties and compensation, code of conduct, and an enforcement model.

The three key differences from the original draft are:

While some believe the physical location is not relevant in the cyber world, others argue that the issue has implications on the access of, the ability to profit from, the ability to tax and the issue of ownership of that precious commodity called data.

Those in favour of data localisation include companies like Paytm and Reliance Jio and countries like Russia and China who all share a common argument for privacy and security having little teeth without localisation.

Those against data localisation include the civil society groups who fear open-ended exceptions to the government giving it unprecedented surveillance powers. Big tech and their industry bodies are the others citing issues of fractured internet diluting the core of a globalised competitive internet market place. Others fear such protectionism may backfire India’s tech start-up ecosystem, eyeing global growth, as also the ITeS biggies like TCS, Wipro who process foreign data in India.

Large tech companies—Google, Mastercard, Facebook, Visa, Amazon—are all going to be affected as the bill may mean changing their business models and making it more costly to operate, due to data localisation requirements and cross-border data transfer restrictions. The reason for the reported discontentment with the bill by ecommerce and social media companies globally is a contentious one between India and the US trade negotiation talks.

As per a comparison by PRS Legislative, while EU nations, Australia and Canada all have their digital user data privacy laws in place, none of these requires local storage of data.

As per the UK-based research firm’s recent Comparitech report, India is the third biggest surveillance state, ranking behind China and Russia. Also on the privacy index, India scores 2.4 out of 5, reflecting a “systemic failure to maintain safeguards”.

Besides the risk of data leakage, as has happened in the past, this poses one mega risk. Social media companies will now have legitimately more identity access, thereby targeting users with impeccable precision. Verified address and phone numbers overlapped on an individual’s physical movements, combined with action and behaviour on the platform, is the perfect holy grail for a social media company, which will now be enriched with a new depth of meaning. The privacy bill may ironically end up delivering just the opposite of its core objective.

No other country has the real-name verification. South Korea attempted it but it was stuck down as being in violation of the constitution. A similar playbook may play out in the Indian context, where this may be seen to violate the Aadhaar ruling, where Justice A K Sikri struck out the required linking of mobile numbers to Aadhar.

Even former SC Judge B N Srikrishna—under whom the expert group prepared The Personal Data Protection Bill, 2018—counts the overall bill issue to be “too serious and too complicated” and “prefers it going to a select committee” for review first.

Unregulated and arbitrary use of personal data raises concerns regarding the privacy and autonomy of an individual. The right to privacy has now been famously recognised in India as a fundamental right protected by the constitution as per a 2017 Supreme Court decision.

In an age of digitisation, data is the most important asset in the arsenal of a company. Irrespective of the positions on the matter, data is at the heart of lending unprecedented influence to the impulses and behaviour patterns of individuals and as a collective.

At $200 billion-sized digital economy, India is too lucrative to ignore for world tech giants. The swords are out over the core commodity: Data.

The Indian government, meanwhile, is taking recourse in asserting sovereignty and leadership with a billion-plus people consumption market, as also due to the possible vulnerability of data exploiting or colonising fears.

Beyond all this is also the opportunity for the Indian government to chart a new course as different from the US, the European and Chinese model; to create a global statesman position for New Delhi. Something which the new India is proud to assert under the leadership of Prime Minister Narendra Modi.

Striking the right balance between effective data privacy, security and innovation is the key to help expand the economic opportunity for India.

The writer is an Executive-in-Residence at the Indian School of Business (ISB) besides being a global CEO coach.