Privacy is finally getting the public attention it deserves in India. Spearheading this is the gatekeeper of all things telecommunicative, the Trai, which has laid down a core principle on digital data protection, coming in the wake of the Supreme Court’s ruling on privacy being a fundamental right.
Consumers have been now pronounced as owners of their data. Telecom and internet service providers, mobile device-makers and other intermediaries transmitting, storing, controlling and processing consumers’ information have been rightly deemed “mere custodians and do not have primary rights over this data”.
Effectively, the user is the copyright holder of his content and data no matter what the platform or the service provider is. With such great power — the right of choice, consent and the right to be forgotten (the erasure of personal data concerning the use without undue delay) — comes great responsibility.
This requires India to enact its own data protection law, and set up an independent regulator to monitor the use of data and hold data-collectors to account.
The Justice Srikrishna committee, looking into data protection, will soon finalise the framework for legislative action. It should be in general conformity with the EU’s General Data Protection Regime that imposes debilitating (and, thus, deterring) fines on companies collecting or using personal data without the consent of users.
The writ applies to controllers and processors too, thereby making data security also their responsibility. But laws are limp if law enforcement is lax. A decade ago, resistance to the telemarketing onslaught forced Trai to start a ‘Do Not Call’ registry that was a disaster.
So, a data protection law must be accompanied by capacity building — vast skilling and technical competencies — to safeguard users’ interests.
No comments:
Post a Comment