Premium
This is an archive article published on December 19, 2022
Premium

Opinion Where Draft Data Bill falls short: The need for digital nationalism

There is a lack of awareness and sensitivity among Indians about data privacy. Therefore, more than personal data, there is a greater need to safeguard national interests through data sovereignty, nationalism and localisation of non-personal data

India has resisted the attempt by developed countries at international fora to bring in the seamless flow of data to facilitate the competitiveness of their corporations. The “free flow of data” will create an asymmetric relationship between firms in developed and developing countries, putting the latter at a disadvantage.India has resisted the attempt by developed countries at international fora to bring in the seamless flow of data to facilitate the competitiveness of their corporations. The “free flow of data” will create an asymmetric relationship between firms in developed and developing countries, putting the latter at a disadvantage.

Ashwani Mahajan

December 19, 2022 04:24 PM IST First published on: Dec 19, 2022 at 07:51 AM IST

India is at the cusp of making history. It is, perhaps, a defining moment in the country’s trajectory to take the leadership role in Industrial Revolution 4.0. We need to take control of the data and information emerging out of Indian consumers and help younger minds to process it and develop artificial intelligence, internet of things, and robotics while respecting individual privacy. The fresh draft of the Digital Personal Data Protection Bill, 2022, released by the Ministry of Electronics and Information Technology (MeitY), appears to be well intended and in the correct direction.

It is crisp, to the point and easy to read. It is the first attempt to define who can possess data — the Data Fiduciary — and what their legal obligations are. It doesn’t get into issues such as critical and non-crucial data. There is a very simple definition of personal and non-personal data. And above all, the new draft is neither a copy nor an adaptation of Anglo-Saxon laws, like the EU’s General Data Protection Regulations or the CLOUD Act. It is designed for India’s requirements.

Advertisement
Express View | Revised Personal Data Protection Bill: One step forward, one step back

The draft, however, does require fine-tuning, including determining the quantum of penalties, whose upper ceiling has been fixed at Rs 500 crore — there are global examples, where the penalties are determined ad valorem, as a percentage of their global revenues. In addition, there is still no clarity on the role and structure of the data protection board — if it will be a regulator or adjudicator — or how will it function independently, since there is no appellate authority.

People concerned about data sovereignty have long been advocating the housing of servers within India. Although the word “sovereign” is missing from the text of the Bill, the draft appears far too focused on individuals’ privacy issues (for personal data).

It is clear that during Industrial Revolution 4.0, there can’t be a handful of (global) corporations accumulating data — through ethical and unethical means — and controlling its flow to push their own products and services. In many cases, they can manipulate the minds of consumers. Big data companies, search engines, geo-mapping players, healthcare service providers, insurance companies, financial institutions, and e-commerce players along with other entertainment apps, are accumulating data and often taking it to foreign lands. We are clueless about how they use this data and what products are made out of it. To curb these tendencies, there is an urgent need for data nationalism and localisation.

Advertisement
Also in Express Opinion | The era of free data is over — the law is coming for Big Tech

India has resisted the attempt by developed countries at international fora to bring in the seamless flow of data to facilitate the competitiveness of their corporations. The “free flow of data” will create an asymmetric relationship between firms in developed and developing countries, putting the latter at a disadvantage. Hence, strongly worded legislation is needed to protect India’s interests.

The United Nations Conference on Trade and Development (UNCTAD) Trade and Development Report (2018) says, “it is important for the countries to control their data and be able to use/share their data and regulate its flow.” The same report concludes: “The bottom line is that the potential for development provided by digital technologies can be easily eclipsed if developing countries are not given the flexibility and policy space to design their economic and industrial policies and national regulatory frameworks to promote digital infrastructure and digital capacities.”

It is in India’s interests that monopolies are reined in. PM Narendra Modi has consistently professed aspiration for more inclusive and participatory economies. He articulated the same sentiment as India took over the G20 presidency. This sentiment should inform data laws as well. India needs to assert its sovereign right over (non-personal) data emerging out of Indian citizens and make it obligatory to share products with Indian players — small e-commerce firms, start-ups, government agencies and the general public and researchers. It is through this route that we can become a digital superpower.

Chapter 4 of the draft Bill deals with the transfer of data outside the country. It reads: “The Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.” These words may make the job of trade negotiators difficult when free trade agreements with the US, EU and the UK are yet to be concluded. In this context, India must continue to stand its ground on e-commerce at various WTO ministerials.

It would have been much better if the law didn’t leave important matters — such as the obligations of data fiduciary once the data moves to foreign shores — open to interpretation. The draft talks about consent, deemed consent, and has provisions for withdrawal of consent — this is largely for personal data. As of now, there is little clarity about how personal data can be converted into non-personal data. One just has to remove the identification labels to make information non-personal.

There is a lack of awareness and sensitivity among Indians about data privacy. Therefore, more than personal data, there is a greater need to safeguard national interests through data sovereignty, nationalism and localisation of non-personal data.

The draft law must be appreciated for keeping the government at a distance, seeking exemptions for it only in specific cases related to national security, maintaining public order or investigations. But it needs stronger provisions on the sovereign ownership of non-personal data.

The writer is professor, PGDAV College, University of Delhi

© The Indian Express Pvt Ltd
newsguard-logo
Latest Comment
Post Comment
Read Comments