Rediff.com« Back to articlePrint this article

Why India needs a Data Protection Law

November 26, 2018 13:45 IST

'It's looking odds-on there won't be a data protection law before this edition of the Lok Sabha is dissolved.'
'This limbo has enabled all sorts of businesses that would be illegal in countries that do have data protection laws,' notes Devangshu Datta.

Illustration: Uttam Ghosh

Illustration: Uttam Ghosh/Rediff.com

Two years after the lunacy of demonetisation, the government is still brazenly defending that monstrous policy action. It says demonetisation helped in digitisation and formalisation of the economy.

Even if those were useful goals, was the payoff worth 100-odd lives?

Of course, formalisation and digitisation weren't supposedly the original objectives.

Those buzzwords started being thrown around only when it became obvious that most of the cancelled notes would return.

Moreover, if the government had actually been serious about digitisation, it would have spent the past two years putting in place an ecosystem to promote and support that digitisation.

 

Instead, we live in a country where a data protection law still doesn't exist.

Large chunks of India continue to be hobbled in terms of the physical infrastructure required to support digitisation.

India has among the world's slowest 4G data transfer speeds -- about a third lower than the global average.

It also has one of the highest rates of mandated shutdowns.

There is an Internet shutdown somewhere in India every third day or so.

Local administrations and the law enforcement machinery respond to any hint of potential law and order disruption by cutting off data networks.

These blame for these issues can be laid squarely at the government's door.

It has displayed no urgency whatsoever in drafting a data protection Bill, and by following it up by using its parliamentary majority and whatever equity it may possess, to pass such a Bill.

Instead, it chose to waste a great deal of time arguing that privacy was not a fundamental right.

Nor has the government cracked the whip, or considered deploying a carrot and stick policy to encourage telecom service providers to build faster networks, with higher capacity.

It could, for instance, have offered better spectrum licensing terms for networks with higher speeds, and at the same time, it could have threatened service providers with punishments if they didn't meet minimum standards.

Where the attitude of the administration in relations to shutdowns is concerned, the less said the better.

Network shutdowns are ridiculously easy to mandate in the prevalent culture and deployed as a default option, rather than a last resort.

As a result of this lackadaisical attitude, it's looking odds-on that there won't be a data protection law on the statute books before this edition of the Lok Sabha is dissolved.

A draft might be ready by the Winter Session of Parliament, but that session is bound to be marked by massive disruptions and dominated by the fallout of the five assembly elections scheduled in the next few weeks.

The Budget Session will be even worse in terms of noise-to-work ratio because the general election will be looming ever closer.

If those two windows are missed, we'll have to wait until the next government is installed before a data protection Bill is tabled.

That implies another eight months, at the very least, of limbo, when it comes to data protection.

That limbo has enabled all sorts of businesses that would be illegal in countries that do have data protection laws.

India's politicians have made a great deal of noise about Facebook and Cambridge Analytica misusing data.

The fact is, homegrown data mining outfits -- 'Jhumritilaiya Analytica' and 'Kakinada Analytica' if you like -- have misused Indian data to a far greater extent.

The ongoing series of elections campaigns will be based on heavy-duty data mining.

There are multiple outfits blatantly offering data, linking voter IDs to Aadhaar numbers, mobile numbers, credit card and debit card usage, and social media accounts.

For a small fee -- about Rs 10 per voter seems to be the going rate -- they will push out messages designed to micro-target and influence voters.

During a recent media investigation, some of these 'miners' made tall claims about swinging 5% to 6% of voters through their messaging.

Tall claims aside, mining data of this type should be illegal.

Yet, it may not be.

Political parties seem to have plenty of money to burn two years down the line.

These outfits will pick up clients, collect fees, exert their 'influence' for what it's worth, and disappear before there is a data protection law.

Was this the sort of digitisation demonetisation was supposed to empower?

Devangshu Datta
Source: source image