Data Privacy,Data Security,Digitization,India,

Making Digital India A Safer India in 2019

As India gets digitized, there is an urgent need for it to be made digitally safe as well. And, some of the developments in 2018 in this regard need to be solidified and evolved in 2019.

Digital India is a campaign launched by the Government of India to ensure the government's services are made available to citizens electronically by improved online infrastructure and by increasing Internet connectivity or by making the country digitally empowered in the field of technology. The initiative includes plans to connect rural areas with high-speed internet networks, with the development of secure and stable digital infrastructure and delivering government services digitally along with universal digital literacy for the citizens.

Notwithstanding the government plans and initiatives, the private businesses and companies in India are on their own path and trajectory to digitize the country. Reliance Jio’s data services-led mobile operations launch in September 2016, and its acquisition of 100 million subscribers in less than 6 months (a record period of time), and Google’s Railway Station WiFi project that has serviced more than 175 million unique users (as per Google’s public figures and Convergence Catalyst estimates) are good examples of the pent-up demand for digital technologies and services adoption and the private players’ ability and willingness to cater to that demand in India.

India’s internet subscriber base has grown rapidly in the recent years to reach close to 500 million subscribers, from 84 Mn in 2012. And, is expected to cross 850 million subscribers by 2025, surpassing the combined population of G7 countries. As per industry reports, India consumed 22% of world’s mobile data between April and June 2018. And, as per COAI, Indian mobile telecom operators handle more data traffic than their Chinese and US counterparts put together. This is the true-blue digitization of the country and evolution of Digital India.

All this adoption and usage of digital technologies and services also leads to generation of various data attributes for every user, that can be collated and processed leading to provide improved and differentiated offerings by various companies and business entities, along with generating to new monetization and business models. Every individual consumer/citizen has attributes that can be labeled, identified, processed and profiled. And, digital technologies, primarily led by Advanced Analytics, Machine Learning (ML) and Artificial Intelligence (AI) can generate tremendous value out of such attributes. And, like all technologies, these too can go overboard and turn disastrous if not contained within certain boundaries. We have witnessed multiple examples of data breaches, leaks, hostile access and manipulations across the world and in India. As India gets digitized, there is an urgent need for it to be made digitally safe as well. And, some of the developments in 2018 in this regard need to be solidified and evolved in 2019:

  • Data Protection Bill 2018 Needs to Be Made Into A Law: In July 2018, a 10-member experts committee led by Justice B.N. Srikrishna developed the draft version of Data Protection Bill 2018 and provided it to the Indian government. This bill is a great start in the right direction towards data privacy and regulation in India. India’s Data Protection Bill closely follows and is in line with Eurpoe’s GDPR, and it goes on to charter a well thought-out framework, covering exhaustive touchpoints. This bill needs to be passed as a law by the government in 2019, with a provision for continual updation.
  • Education and Awareness of Citizens Regarding Data Privacy, Protection, Rights and Consent: In the context of collation and usage by various companies and business entities, data has multiple forms – collected, compiled, derived, generated, profiled, etc. – and, an average citizen is fairly under-educated on all the forms and their potential use. The draft Data Protection Bill 2018 makes “Data privacy a fundamental right of every citizen”. As empowering as this is, there is an urgent need for adequately educating, at a mass level, the average users on the need for data privacy, protection, their rights and consent scenarios and withdrawal mechanisms.
  • Data Localization: Data localization is a global phenomenon. Many sovereigns and national governments have implemented or are in the process of implementing data localization laws, including the top four countries by population – China, India, US & Indonesia. In a scenario, where collation, quantum and processing of an individual’s data is being sought by almost every company in every industry, the state needs to take the responsibility for securing the data of its citizens. And, local hosting and processing of such data is a step in the direction of data privacy and regulation.
  • Confusion of Multiple Policies and Agencies Need to be Neutralized: India has a problem of multiple policies and agencies recommending and driving regulations when it comes to data privacy, protection and localization. Recently, four key pronouncements (in quick succession) were pronounced for Data Localization alone including recommendations by the Reserve Bank of India (RBI), the committee of experts led by justice B.N. Srikrishna, the draft e-commerce policy and the draft report of the cloud policy panel. Also multiple government agencies including RBI, MeITY, TRAI, UIDAI, CCI, etc., are driving various aspects of recommendations and regulations. And, some of these are overlapping, over-reaching and competing. This confusion needs to be neutralized and a single, centralized authority needs to be established.
  • Continuous Fine-Tuning and Implementation of Frameworks: The science, techniques and technologies of accessing and deriving value from various data attributes and the associated breaches and leaks are still in evolutionary phase and are changing every few months. In such a scenario, policies, regulations and frameworks that are developed to protect the data need to be continually updated and fine-tuned to keep in line with the evolution of technologies.

This Analyst Note has been published as an Op-Ed in MoneyControl on 21st December, 2018.