TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout


Hello, fellow privacy professionals!

Privacy and data protection are dominating tech policy discourse, not just in India and not just on social media. The draft data protection bill by the Srikrishna Committee is being heavily discussed, analyzed and scrutinized by the local and global pundits, whether focusing on rights of individuals, sovereignty and national interests, innovation and startup growth, trade and foreign policy, or surveillance concerns and societal awareness. Data localization has engulfed recent discussions and debates, with draft provisions of the Indian law requiring all data fiduciaries (read: controllers) to store a copy of data being processed on Indian soil. There’s more — the central government will define what constitutes “critical personal data” that shall only be processed on a server or data center located in India. The debates on data localization are yet to graduate from why and why not to what if, and what if not. And akin to the GDPR, it appears that consent management is a subject that can never have a pragmatic solution. 

The good news? The last date to submit feedback has been extended to 30 Sept. by the Ministry of Electronics and Information Technology. The discourse is heavily dominated by the legal community and lacks effective participation by technology professionals, and I am using this opportunity to urge all techies engaged in this space to voice their views and opinions to build a well-balanced law.

The recent data breaches that made headlines — British Airways and Freshmenu — have once again reinvigorated discussions on necessity and proportionately of timely reporting to data subjects to (a.) honor users' rights of getting informed; and (b.) ensuring users aren’t drowned with frivolous notifications that could result in such alerts losing relevance if they are too frequent. This is one area that warrants immediate attention from all stakeholders to develop global standards for governments and businesses to build standard operating procedures and data breach management practices.

Until next time, Namaste!


If you want to comment on this post, you need to login.