Greetings, and namaste!
As I sit down to write my first message as the country leader for India, I think back on my first six months working with the IAPP in this role. A lot has happened in privacy since I began, and time has flown swiftly. My counterpart, See Khiang Koh from Singapore, wrote an elaborate introductory note a fortnight back highlighting various developments that have happened and will happen in Singapore and elsewhere.
Our march toward a data-driven world has ensured that privacy and data protection are and will be of paramount importance. And the action is continuously increasing — there hasn’t been any dull period for data privacy advocates and professionals in last few years, unlike sporting fans who now await a major event after the World Cup and Wimbledon concluded this past week. A rising number of conferences, events, roundtables and discussions in privacy forums over email, WhatsApp and Telegram groups is an indicator of where the profession is heading. The data privacy profession is also expected to branch out into numerous specialized domains as advancement gains depth, which is also reflected in our certifications — the IAPP started with a single certification (CIPP), and now we have geography-specific CIPP specializations and focused programs, such as CIPM and CIPT. The role of DPOs and CPOs are also maturing within organizations.
India, too, features advancing dialogues on the subject. After Facebook-Cambridge Analytica garnered global attention, it became part of a political slugfest between the two leading political parties in India, resulting in the government summoning Mark Zuckerberg, demanding an explanation on what happened and how to ensure it doesn’t happen in Indian elections.
On the legal front, the expert committee led by Justice Srikrishna is in the final stages of drafting a comprehensive data protection law for India. It is expected to translate the "right to privacy," now recognized as a fundamental right under the constitution following last year’s historic Supreme Court judgment, into the digital realm – upholding rights of users and balancing data processing and use.
Following the EU's and Japan's joint declaration on "reciprocal adequacy," cross recognizing respective data protection regimes as adequate for data protection to facilitate easier cross-border data flows between businesses of both the regions, the Indian industry, especially the outsourcing sector, expects similar mutually accepted agreements under the India-EU Broad-based Trade and Investment Agreement, which has been hanging in the lurch for more than a decade. This forms an important part of Justice Srikrishna’s work, as the committee continues to formulate important provisions surrounding data flows and data localization. Meanwhile, the Telecom Regulatory Authority of India recently released its Recommendations on Privacy, Security and Ownership of the Data in the Telecom Sector, highlighting that end users, not businesses, are the rightful owners of personal information, and entities processing them are mere custodians. It also recommends privacy-by-design and data-minimization principles to be practiced by all entities operating in digital space.
I’ll end this note hoping to meet you in Singapore next week at the IAPP Asia Privacy Forum. We'll have exciting keynotes, interesting deliberations, and enjoyable networking awaiting us. See you!
If you want to comment on this post, you need to login.