When there is an "unexpected" cause to cheer in one sphere, it invariably spreads to others as well
The summer months of April, May and June in India usually mean scorching temperatures of 40 C or more in most parts of the country, coupled with summer vacations, awesome mangoes, water chilled in mudpots and traditional cooling drinks like khus and aam panna. This year, mercifully, the temperatures have been down — with unseasonal rains in some places … not that it has stopped us from devouring our mangoes!
Since this has put me in good cheer, I tend to look at the world around me in a positive light. And this holds for the view via the privacy lens as well.
A few days ago, well-known Indian Saas company Zoho launched its privacy-first browser, Ulaa. It comes with built-in ad-blockers and end-to-end encryption. In a country that doesn’t see new browsers being launched in the first place, having a privacy-focused one is exciting news. To me, it signals a whole new dimension centered around the user and concerned about privacy. In a country of 1.4 billion digital netizens, this is impactful, to say the least.
There has been some action on the artificial intelligence governance front as well, in sync with all the action around it in the rest of the world. The Indian Council of Medical Research, a nodal body for medicine in India, came out with a series of guidelines last month. The guidelines aim to serve the concerns about the ethical challenges in the use of AI in biomedical research and health care.
We are also beginning to see concerns bubbling up in the platforms space. It is the same familiar narrative of "big" platforms using access to vast troves of consumer data to further their own interests over those of their members, backed by their proprietary algorithms.
For example, there is a duopoly in the food-delivery business in India between two players: Swiggy and Zomato. The National Restaurants Association of India raised concerns about the two using customer data to set up and promote their own branded cloud kitchens with algorithm management. Further, the two have been accused of not sharing customer data with their restaurant partners, citing privacy reasons, although both platforms take consent from their users to share data with restaurant partners.
However, there have been some positive developments as well.
The Open Network for Digital Commerce, set up as part of India's Digital Common Infrastructure to facilitate commerce, recently reported high sign-up and transaction numbers. The ONDC requires sellers to be transparent and disclose their algorithms. The ONDC also conducts audits to ensure platforms remain transparent.
In another development, there has been talk of expanding the definition of a "related-party transaction" between entities to cover data. Meaning, data shared between companies with major or minor stakes in each other should be reported as related-party transactions. This puts a completely different spin on how data is viewed.
In another welcome development, Chief Justice of India Dhananjaya Y Chandrachud recently announced steps are being taken to include data privacy and security in the court system. A committee is in the process of developing a national model for data security and privacy.
Of course, the many "misses" continue in the absence of a data privacy law.
For example, the Union Cabinet approved a National Medical Devices Policy. While the policy covers a host of points pertaining to medical devices, it is completely silent on the security and privacy of patient data.
Telengana, a state in the south, announced it is setting up facial recognition to mark attendance of students. This is yet another instance of facial recognition systems being rolled out without any heed to the privacy of individuals concerned.
Similarly, in Mumbai — a city whose local trains are its lifeline, carrying 400,000 passengers a day — the railways launched an initiative where ticket checkers on trains carry body cameras to ensure transparency in the ticketing system. The fear is of the misuse of these cameras for surveillance and other purposes.
Meanwhile, cyberattacks have sharply escalated. According to a report by security company Indusface, more than 500 million cyberattacks were blocked in the first quarter of 2023, out of a billion attacks globally. According to another report by cybersecurity firm Checkpoint, talks of cyberattacks increased by 18% during this period, against 7% globally.
Finally, can any note on India conclude without talk of India’s Digital Personal Data Protection Bill? Well, the news remains the same: the bill will be introduced in the monsoon session of Parliament in July and August. This was what the Indian government told the Supreme Court during the hearing of a case against WhatsApp about its privacy policy. Interestingly, the court postponed the hearing of the case to August, post this commitment.
So, as the mango season starts to ebb this year, it looks like we can cheer ourselves with news of the long awaited law.
Cheers,
Shivangi
