Reported By:
| Edited By: Anurag K Agarwal |Source: DNA |Updated: Jul 02, 2018, 06:15 AM IST
Last week, a month ended since the enforcement of General Data Protection Regulation (GDPR) in the European Union (EU). According to media reports, there has been an unprecedented rise in the number of complaints filed regarding data violation by companies in Europe and elsewhere in the world, which are doing business with the EU. It is not surprising as the GDPR, which came into effect on May 25 this year, has wide ranging implications for businesses all over the world and thereby giving the people in the EU a lot more control on their personal data, which cannot be shared directly or indirectly without their consent. There are implications for Indian businesses also.
One of the most important features of this regulation is that the default for any data which is available with any business entity is that it cannot be shared. Sharing is possible only with express consent of the owner of that data. The business entities are expected to take all precautions and take utmost care so that the data is not shared in any manner whatsoever by automatic electronic means or by using consent obtained in an oblique manner. As far as India is concerned, data protection law is either totally absent or hardly has any effective control over unauthorised sharing. It is a good move that Indian companies doing business with Europe are putting things in place regarding data protection and that it will also have a salutary impact on data concerning Indians.
All of this appears to be very good on paper as the black-letter law, however, its enforcement is extremely difficult in a world interconnected through the Web where data can seamlessly flow in a matter of seconds. The ability of data mining and big data crunching has made it so easy to analyse data either for good or for bad, which depends on how and for what purpose it is used. Importantly, India has also been working in this direction in a proactive manner with the support of the judiciary so that at least the primary data regarding every citizen of the country, which is collected in the form of Unique Identification – better known as Aadhar – cannot be shared without express consent.
Towards the end of the last month, on June 22, the US Supreme Court has also held in a landmark judgment – Carpenter vs United States – that the government cannot access data from cell phone companies without a warrant from a judicial forum. But everything cannot be controlled by the courts. With the tariff war going on between the EU, the US, China and the rest of the world, it has also become important to protect data, which a quarter of a century ago was supposed to be almost free-flowing without major implications of violation. However, privacy norms have been fairly high in the developed world. An example can be cited of the practise in most of western universities of communicating the exam grades directly to the student without them being shared with the entire class in a common communication.
Transgressing geographical boundaries with the formation of the World Trade Organisation (WTO) in 1995 became easier and legally permissible. The main purpose of free movement of goods and people across borders has been hindered with protectionist measures. The way internet and e-commerce have developed in the last two decades or so, personal data has become extremely important, and, privacy of individuals needs to be protected by the State, particularly in democratic countries committed to the rule of law. It can easily be breached using new tools of accessing data, and, in the tariff war between developed countries personal data of individuals – even of emerging economies like India – can be misused to get an edge in electronic warfare. Bitter acrimony may result in damage to data systems by hacking the financial institutions and security establishments directly and also the consumers' data to cripple the common man, who is most vulnerable as too much personal information becomes available in the digital space.
It is not conducive for global peace and trade that the tariff war goes on along with a war on hacking and illegal use of personal data, however, it is next to impossible to enforce it as it is very well known that hackers and others in this field of retrieving data and misusing it are typically miles ahead of law enforcement agencies and it takes a while for these establishments to catch up with them.
The process of lawmaking and continuous improvement with effective and realistic enforcement is the key to a more data protected world. We need to do it in India urgently.
The author is a professor at IIM-A, akagarwal@iima.ac.in
