Google, Facebook nervous over new data-privacy laws in India
India is fast careening into the digital age, but its laws and regulations are dated and unsuited to the times, thereby raising concerns about privacy. In a bid to modernize them, former Supreme Court judge B.N. Srikrishna is heading a committee to draft new data-privacy laws to regulate the behavior of tech giants, and the move has the likes of Google and Facebook worried.
The committee was constituted after a landmark Supreme Court judgement
The 10-member committee headed by Srikrishna was constituted after the Supreme Court, in August 2017, declared the right to privacy to be a fundamental right. The apex court further recognized the complexities in data protection, and instructed the government to formulate and enact a comprehensive data protection law. After almost a year, the committee is slated to submit its draft this week.
India's ascent into the digital age
India's ascent into the digital age is pretty visible when one looks at numbers. The number of smartphone users in India has seen an unprecedented rise - from 25 million in 2012 to 370 million in 2017-end. It's a similar trajectory for internet users, whose numbers rose from around 50 million in 2008 to over 481 million by 2017.
India's entry into the digital age hasn't been smooth, though
However, this ascent, which has produced an enormous amount of data, hasn't come without its problems. There have been several instances of data breaches in India's ambitious Aadhaar project, which has recorded biometric details of, and assigned unique IDs to 1.1 billion Indians. Additionally, privacy concerns have also been growing on the back of international incidents of data misuse by tech giants like Facebook.
Current data-privacy laws in India are narrow in scope
As of now, the primary statutes governing data privacy in India are the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. However, they're narrow and only regulate the processing of "sensitive personal data or information" (SDPI) like passwords, financial information etc. Non-sensitive personal information is subject to little or no regulation.
Currently, Indian users' data is collected unhindered and unregulated
Most major foreign tech companies, and hundreds of indigenous tech start-ups in India currently collect, aggregate, store, and process massive amounts of data of Indian users, completely unregulated and unhindered. This kind of data is collected through mobile app permissions and via websites which demand access to details like contact lists, location, messages, media files and call information to 'enhance' users' experiences.
The Srikrishna committee seeks to curb unhindered data collection practices
The framework Srikrishna is working on aims to curb such practices. It seeks to detail several specifics including defining what fair use is, deciding whether tech giants can transfer data across international borders, and designing an effective enforcement mechanism. However, Srikrishna said that India would walk the "middle path" between the US' laissez-faire approach and the EU's more stringent data-privacy laws.
