Regulation of Public Data
- 23 Jul 2020
- 7 min read
This article is based on “A new tryst with destiny: Birth of a data democracy” which was published in LiveMint on 20/07/2020. This article deals with the need to regulate the use of private and non private public data.
In this digital age, data is a valuable resource that should not be left unregulated for private corporations to exploit it. In this context, Data democracy becomes very important, which envisages that there should be parity in access to data for private/commercial usage and analysis.
Democratization of Data will allow information to be accessible to the average end user. It describes a methodological framework of values and actions that benefit and minimize any harm to the public or the typical user.
However, in the absence of a concrete data protection law in India, the goal of becoming a data democracy will remain a distant dream.
Thus, there is a need for suitable legislation which will ensure that common people who own this data should directly or indirectly get value for this resource.
Principles of Data Democracy
A Data Democracy can be broken down into six principles:
- The average end user can access information in any digital format.
- Citizens should be able to gather and analyze data or engage in self-service without requiring any outside help.
- Individual private data needs to be protected on the lines of General Data Protection Regulation (GDPR).
- There is a need to ensure Data Quality.
- Technologies that play an important part in empowering nontechnical people in a Data Democracy should be made accessible to them.
Need For Data Protection And Regulation
- Protection of Data: In Puttaswamy Case (2017), the Supreme Court declared privacy a fundamental right. This set the government in motion to take steps to bring a new data protection legislation for the country.
- Treating Data as Resource: Despite being economically poor, India is a data-rich country. It has been analysed that an individual’s data in India is far more valuable than their current material worth (of about $2,000 per capita).
- This mismatch in potential and reality provides an opportunity for an individual to monetize their data.
- Data generated by the public has to be protected and cannot be harvested for free—as it is at present.
- Potential Market Of Data: Already a third of the population is using smartphones—which has 10x power when generating data. This segment will only grow exponentially creating probably the largest market for data in the world.
- Usage Of Data Without Individual Consent: It is a precondition for companies to mine the data. At the moment platforms such as Google and Facebook harvest this personal data, mostly without consent, to establish a behavioural matrix to sell or promote products and causes.
- Leveraging Contactless Infrastructure: The building blocks for a scalable model to harvest mass data of Indians rapidly expand their digital footprint—especially in the aftermath of Covid-19. India can leverage the contactless behaviour that is already in place.
- Aadhaar provided the idea of a unique identity to over 1 billion people in India.
- Inter-operable payments mechanism, such as the Unified Payments Interface, or UPI, to give a new definition to financial transactions.
- Consent to Use Personal Data: There is a need for the legal architecture that provides data privacy protection and thereby propels governance towards data democracy.
- In this context, the recommendations of Justice BN Srikrishna constituted for data privacy are hugely significant.
- Such a law is very critical in defining the digital future of India, one in which the individual will be the centre.
Data Protection Framework
A committee headed by retired Supreme Court Judge Justice BN Srikrishna has submitted its report on "Data Protection Framework" to the Government.
- Data Protection Authority: The data protection law will set up a Data Protection Authority (DPA), which will be an independent regulatory body responsible for the enforcement and effective implementation of the law.
- Personal Data: The law will cover processing of personal data by both public and private entities.The law will have jurisdiction over the processing of personal data if such data has been used, shared, disclosed, collected or otherwise processed in India.
- Data Storage: The Bill lays out provisions on data storage, making it mandatory for a copy of personal data to be stored in India.
- Appellate Tribunal: The Central Government shall establish an appellate tribunal or grant powers to an existing appellate tribunal to hear and dispose of any appeal against an order of the DPA.
- Penalties: Penalties may be imposed for violations of the data protection law. The penalties imposed would be an amount up to the fixed upper limit or a percentage of the total worldwide turnover of the preceding financial year, whichever is higher.
Like the spread of democracy in the 20th century helped to bring a paradigm shift in governance all across the globe, heralding of a ‘data democracy’ is necessary in this digital age of the 21st century.
Drishti Mains Question
In the digital age, a democracy is incomplete without democratisation of data. Comment.
This editorial “On the loose: On West Bengal Governor” was published in The Hindu on July 22nd, 2020. Watch this on our Youtube channel now.