Data Protection - Technology and Privacy : Important Topics for UPSC Exams
A global data analytics company Cambridge Analytica was involved in the data breach regarding the Facebook user’s details . This was used to build psychological profiles of more than 50 million individuals during US presidential elections. Data of more than 5 lakh Indian citizens was also compromised.
What are the implications
- Individual users are increasingly viewed as legitimate targets for mining personal and metadata. As elsewhere, data mined from Indian users of social media analysed in bulk can provide an intimate psychological profile including ideological preferences that together help campaign managers target communications and forecast voter behaviour.
- Risks to the very health of democracy stem from the dominance of social media platforms, which not only deliver personalised content to users, but in many cases privilege content based on engagement rather than quality. This limits users’ access to information, which in turn leads to political polarisation and the spread of fake news.
- Monopoly nature of certain big tech giants can further compound the concerns.
- This can threaten the very fabric of democracy through foreign interference in domestic elections as is alleged to be happened in USA.
Challenges with data protection in India
- Data centers of the major tech giants are situated outside India and hence outside the ambit of Indian jurisdiction.
- India lacks a dedicated institutional and legislative infrastructure to tackle such issues.
Existing provisions to deal with such issues
- Data protection laws are virtually non-existent in India.
- Existing regulatory framework under the Information Technology Act, 2000, only identifies six types of “sensitive personal data” and requires entities handling such data to have “reasonable security practices and procedures” in place before collecting the information.
- There are loopholes in the sense that contracting parties can agree on their own rules governing the use of such data, and what security standards or privacy policies are applied
In 2017 that the Ministry of Electronics and Information Technology released a White Paper by a committee of experts led by former Supreme Court judge, Justice B.N. Srikrishna, on a data protection framework for India.
The committee identified seven key principles for the data protection law:
- Technology agnostics
- Holistic application
- Informed consent
- Data minimization
- Controller accountability
- Structured enforcement
- Deterrent penalties
- Protection of sensitive personal data
It envisions three main objectives of a data protection authority: monitor, investigate and enforce the laws; set the standards; and generate awareness in an increasingly digitised society.
- It is time for technology companies like Facebook to take the onus of creating awareness about data protection upon themselves.
- While regulators in the US, China and the EU have put in place laws to address concerns around privacy and data protection, India has so far taken a piecemeal approach
- Consumers on their part should be wary of sharing information online. Even harmless looking mobile applications are able to collect large amounts of data
- Government should ask these tech giants to set up their data centres in India.
- The principles laid down by Justice BN Srikrishna committee are forward looking and there is a need to frame a comprehensive legislation mandating collector responsibility and also specifying penal provisions in case of data breaches.
- This becomes all the way necessary when privacy has been declared one of the fundamental right
MODEL QUESTIONS :
1. B.N Srikrishna committee recently seen in news is related to?
(a) Electricity tariff regulation
(b) Panchayati raj
(c) Ganga desiltation
(d) Data protection
Correct Answer: d
1. The evolving technology is increasing threatening the personal space and sometimes even without our knowledge. Corroborate the statement. How can this threat posed by rapid technological advancement be allayed?
2. India does not have a legal architecture to deal with data theft and compromise issues. Do you agree. What are the challenges regarding data protection and how can they be addressed?