What is the issue?
- Union government has appointed a committee headed by Sri Krishna to draft a uniform data protection law.
- It has released a white paper as part of its mandate. Click here to read its highlights.
- However, there are concerns over India’s dependence on imported digital technologies.
What are the challenges with data protection in India?
- Major players in the digital economy are based in abroad and export data to other jurisdictions, which is difficult to regulate.
- For eg. Operating system designed in US and a mobile phone manufactured in china cannot be regulated by single uniform data protection law.
- India cannot afford to maintain data centres for a regulated data usage and sharing, since it require huge investments.
- State and central governments will also need to spend substantial amounts on physically securing these installations.
- India is better off relying on servers located elsewhere, while gaining in connectivity and access to high-quality digital products.
What are the concerns with Uniform data protection law?
- Data protection policies – There cannot be single data protection policy like followed in Aadhaar act due to presence of hundreds of private players.
- In Aadhaar case, UIDAI is the only custodian of data and secure lines that store and transport them.
- Sensitive personal data – the definition of “sensitive” information needs to be re-evaluated in the light of India’s socio-economic context.
- Manufacturer’s policy - Few Chinese smart phone manufacturers acknowledges it may transfer the data of users to locations with no data protection laws at all.
- End User License Agreement merely suggests it will provide “similar and adequate” levels of protection as the country of origin.
- But how would Indian regulators ensure that the data of citizens is treated uniformly is a threat here.
What are the areas data protection law needs to concentrate?
- Current data protection rules under the Information Technology Act urgently need an update and should reflect modern trends.
- India should enact safeguards for data collected through known points of vulnerability in its digital economy like phone’s camera software, public Wi-Fi spots,etc.
- India’s data protection laws should not foreclose options for its own software developers who need country and community specific data as they build products tailored for the digital economy.
- A modest solution could be to allow companies to pursue independent data protection policies (guided by baseline norms), but monitor their enforcement through a national, multi-stakeholder agency.
Source: The Hindu
