Views of Kris Gopalakrishna…on Privacy…2 Leveraging data for the benefit of the individuals

(This is in continuation of the previous article)

The next two comments of Shri Kris Gopalakrishna that we would like to analyze is

2. “India has a huge opportunity to leverage data in every aspect: data will be very important in providing credit, better banking services, healthcare, education, retail and ecommerce.”

3. “Everywhere, the efficiency can be improved, services levels enhanced. It is not just the companies benefitting, the individual also benefits,”

These comments reflect the potential for corporate benefit such as credit rating, health insurance etc which are projected to be beneficial to the individual because of better efficiency.

Ever since e-Governance and E Banking concepts became a reality in India, we the Citizens and the Consumers have been held the promise of “Economy through Digitization”. But in practice such economies have never been realized. At one time we had free Banking. Now we need to pay for ATM services and also for physical visits to the branches. There are charges for NEFT transfers (May be it is removed now). The annual ledger charges have now become service charges and the Government benefits on these through Service tax and GST. As a result, E Banking has become more expensive than non e-Banking. Similarly, E Governance has become more expensive than non e-Banking. Over and above this, fraud risks are to be borne by customers. Even Cyber Insurance cost is hoisted on the consumers.

This “Higher Efficiency and benefit to the consumer” is therefore a scam that IT companies promote. Less said about it better it is.

Let us therefore forget this benefit coming to consumers out of Big Data Governance. The fact is that eventually, commercial companies will make more money, consumers will pay for more security. There could be of course new services and convenience but it is a trade off with additional cost

we can also look at another comment made by Mr Kris that is related to the above.

4. In the physical world, property rights have been clearly established. I think, over time, property rights will be clearly established in the online world.”

We have debated this at length earlier. GDPR has not adopted the “Property” concept. California Consumer Privacy Act has adopted the “Property Concept”. In India DISHA (proposed) endorsed the property concept of personal data but PDPA rejected it and brought in a superior concept of “Data Trusteeship”.

The concept adopted by PDPA is globally unique though many in the industry may not appreciate its value and by ignorance degrade it to the GDPR concept of “Personal data being a transferable Right”.

This is one area where I would wish the KGC does not err. I urge each of the members of the committee to go through the discussions presented at naavi.org on the concept of “Data Fiduciary-Data Principal relationship” and how it differs from “Data Controller-Data Subject relationship”.

Initially, I had also preferred the “Property” concept at one level and a separate intermediary of “Data Trusts”, but Justice Srikrishna was more innovative and suggested something better in the concept and merged the concept of Data Trusts into the concept of Data Controller and created the “Data Fiduciary”.

This innovation needs to be preserved as it has the potential to be one of the most innovative concepts in Data Protection regulations across the globe.

While leveraging the benefits of the Personal data aggregation, the KGC should ensure that “Data Laundering” through “Mergers and Acquisitions” as we have pointed out in the case of TransUnion taking over CIBIL.

Similar corporate re-structuring tactics may be used to defeat the some of the provisions of Data Protection such as Data Sovereignty and cross border restriction of personal data transfer.

We need to watch if these contentious issues will be addressed by the committee with National Interest in mind.

Personally, I have an apprehension that the strong industry lobby that opposed Data Localization in PDPA will, through NASSCOM and other industry members of the committee try to dilute the Data Sovereignty principle and the Data Localization requirements. Taking a conspiratorial speculative outlook, I even have a thought in the corner of my mind that this committee has been formed only with the idea of killing the Data Localization concept strongly promoted by Justice Srikrishna committee. I hope Mr Kris will realize this in due course and does not allow such manipulation.

I hope the minutes of meeting of this committee would be available under RTI for the public to ensure that no such deviations of purpose occur.

In fact, these are the days when Legislative proceedings are broadcast in realtime and we are asking Supreme Court to conduct hearings with a real time video broadcast to the public. It is therefore time to consider that committees such as these also should consider public broadcast of their proceedings. This will ensure transparency to the operations of the committee.

Will the Chairman consider video  broadcasting of proceedings in real time?

(Continued)

Naavi

This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.