Research & Opinion
Data Privacy Day: Raising Awareness, Promoting Privacy Practices And Fixing Accountability; What Top Experts Say Is Need Of The Hour
NEW DELHI: Whether you are at work, at a hospital, ordering food, in a shopping arcade, on a travel website, or just leisurely scrolling the internet – every second your personal data is being processed. Individuals are typically unaware of the hazards associated with personal data privacy and their rights in this regard.
Data Privacy Day (DPD) is observed on January 28 all around the world. The goal of the day is to raise awareness about privacy and to promote privacy practices and ideas. It urges everyone to take responsibility for their privacy to foster a culture of privacy.
The420.in spoke to the country’s top experts to know the importance of data privacy in India and what is the need of the hour.
Cyber Law Expert, Karnika Seth – Data protection and privacy in India has witnessed many ripples in the dynamics of tech laws. While the personal data protection act is underway, few provisions of the new Intermediary guidelines of 2021 have been challenged in Indian courts to be ultra vires. Be it the Pegasus incidents or RBI mandate disallowing storage of card data on servers of e-commerce companies, Indian laws will call for a stricter regime to protect the data and privacy of its citizens.
Traceability of data and user accounts and data localisation requirements are under scrutiny. The new 2021 intermediary guidelines impose due diligence requirements on intermediaries to implement traceability of content origination while the PDP bill and the new National Strategy Blockchain report by MEITY discuss data localisation issues and concerns.
The overall landscape of evolving tech law seems positive as more stringent measures will be introduced to protect the fundamental right to privacy of citizens as recognised in the Justice KS Puttaswamy v UOI judgement by the Hon’ble Supreme Court of India.
Naavi, Data Protection and Data Governance Consultant: As the world rallies around International Privacy Day, India waits for the Data Protection Act to be passed by the Parliament.
Data Privacy legislation is a complex legislation with an impact on multiple stakeholders and has to maintain harmony between different segments and rights.
The Right to Security which translates into the duty of the Government and the Right to carry on a business that translates into legitimate interest needs to be accommodated in the law along with the Right to Privacy.
We need to take note that some regulators recently have used their powers to pass strictures against their own Parliament and take decisions that seriously set back the security of the state.
All of us in India must not make such mistakes and keep our balanced view in ensuring that our new data protection law gets voluntary support from all segments of society.
We are glad to note that the new version of the Indian Data Protection legislation attempts to bring about this harmonious relationship between the individual, the Business and the Law Enforcement.
Let us welcome DPA 2021 to usher in a new era of Data Privacy in India.
Dinesh O. Bareja, chief operating officer, Open Security Alliance: Government needs to enact Data Protection and Privacy laws without engaging in more discussion. These bills have been hanging fire for years now.
Privacy and iData Protection, are both well thought out practices and are the subject of widely enacted laws across the world.
India’s proposed bills have localized best practice guidance and the continuous discussions keep throwing up new definitions and suggestions due to which the original proposals are history.
Corporate India is presently in love with Privacy even if their Information Security may be (un)managed and their data protection controls may be messy. There is a lot of noise on Privacy in all professional forums ever since the bill was proposed and professionals as well as global organizations have been calling a proposed bill and Act. Due to this many organisations have started on a Privacy journey following a mish mash of GDPR, PDPB and whatever their consultant advises. That there is a lack of maturity or understanding is evident from the appointment of DPOs, CPOs which is by way of adding to the designations of a CISO / CIO / CTO / CRO !
Bottom line is that it is heartening to see the interest and activity in the privacy domain when most of the same organisations show scant respect for PII. For example, personally speaking, I registered on the website of a big name investment company and was shocked when they started sending me sales messages on WhatsApp. Or my doctor manages his appointments with this “to-be unicorn” who started sending me unsolicited sales messages which stopped when I protested strongly.
Jaspreet Singh, Partner & National Leader – Client and Markets (Trust and Transformation), Grant Thornton: Moving to a cashless economy amalgamated with the pandemic has forced the world to show its seriousness towards the fundamental right to privacy. When the world is moving swiftly towards improving the quality of life and instilling a sense of safety for its citizens – can India be far left behind?
The world’s fastest-growing economy will lay down its most comprehensive bill – The Indian Data Privacy Bill which will legalise privacy, penalise its offender, ensure significant reduction of fraud and misuse of data, generate centralised data repository, and most importantly empower its citizens by making them aware of the power of their consent. This bill will put an end to the rampant misuse of citizens personal details by other countries and force data controllers and processors to localise data, significantly minimise the amount of unnecessary data collected, generate employment and make us better equipped for the upcoming Data War.
The protection of data of the citizens and the legalization of the privacy framework is long due and so is the seriousness of foreign entities towards data privacy in India. With the astounding growth in technology and ruling the world with our technological supremacy, we need to take the first step towards the challenge of managing the data of a vastly populated democracy. It is time to end the exploitation of social media, marketing platforms and all those entities who flagrantly violate the concept of ‘Internet Freedom’ in the guise of consent.
Cyber Law Expert, Nisheeth Dixit : Economic activities in this digital age are largely data-centric and therefore certain issues like Data Democracy, Data Localization and Cross Border Flow of Data should be dealt with as subjects of National Strategy.
The major challenges in Data Privacy are:
(a) How our data is being used, shared, protected? (b)Who is accountable for its misuse? (c) Breach Disclosure Dilemmas (d) Non-compliances of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 read with Sec 43 A IT Act 2000(ITAA2008) by Body Corporates.
Need of the hour: India, home to one-sixth of the global population and one of the fastest-growing economies, must adopt an effective yet realistic Data Protection Framework covering the next-generation technologies (like IoT, AI and Big Data) with effective grievance redressal mechanism. It is important that a state also protects its Data Sovereignty.
Sundar Balasubramanian, Managing Director, India, and SAARC, Check Point Software Technologies: Toward the end of 2021, Check Point Research noted that cyber-attacks against corporate networks had increased by a staggering 50% on the previous year.
The education and research sector was the hardest hit, averaging 1,605 attacks per week, with government organizations, communications companies, and internet service providers close behind. Even attacks on the healthcare sector were up 71% on pre-pandemic levels, showing nothing is off-limits to threat actors.
In our 2022 Security Report, we also noted that email had become an increasingly popular vector for distributing malware throughout the pandemic, now accounting for 84% of malware distribution. Beyond the corporate world, it was also clear that large-scale attacks on critical infrastructure, such as the Colonial Pipeline incident, had a very real impact on people’s day-to-day lives, even threatening their physical sense of security.
Data Privacy Day, or Data Protection Day as it’s known in Europe, is the perfect time for individuals and businesses to evaluate their data hygiene and security protocols to ensure their data is kept as safe and secure as possible.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube