Wishing you all a very Happy Diwali! It is the festival that celebrates the victory of good over bad and the triumph of light over darkness. We need that so bad in cyberspace, right?!
Of late, data breaches have gone beyond just making headlines by grabbing the attention of stakeholders. The sheer frequency of breaches and hacks is reinforcing the notion that breaches are an acceptable norm, further eroding trust in current data protection models.
Let’s shift our attention briefly to what happened in Brussels late last month. Tim Cook’s remarks at the International Conference of Data Protection and Privacy Commissioners criticizing the “data-industrial complex” tried to further distance Apple from the typical Silicon Valley tag of “innovation over privacy.” Sundar Pichai and Mark Zuckerberg, too, made electronic appearances at the conference, reiterating their commitment to the cause of data privacy though not at bluntly as Apple. Satya Nadella also highlighted Microsoft’s policy of not using personal data to make profits.
I would argue, however, the industry has only itself to blame: Its refusal to self-discipline its data-use practices over the years is now receiving pushback globally and forcing regulators to take a heavy-handed approach to bring some order. Make no mistake, the data economy’s value delivery has been phenomenal and there’s only one way forward. But the question remains: How do we preserve users’ digital rights above the baseline on ethics, security and privacy, while not creating entry and market barriers for research and innovation?
Indian IT and Law Minister Ravi Shankar Prasad has on numerous occasions emphasized the need to carefully walk the privacy-versus-innovation line, endorsing the use of anonymized data for public and private good. The Indian government acknowledges privacy as a constitutional fundamental human right and is trying to formulate laws to preserve those rights while harmonizing the data ecosystem in order to make India competitive globally. Simultaneously, the government is trying to ensure that rules and regulations do not become a barrier of any sort that stifles domestic industry, especially startups that are working on data-centric innovations.
At the India Data Leadership Summit hosted by Data Security Council of India in New Delhi last week, IT Secretary of India Ajay Sawhney shared his department’s efforts to review comments on the consultation and revise the draft data protection bill as early as possible. India, in its draft law, has aimed for an “adequacy” approach (inspired by the EU) for regulating cross-border data flows.
In parallel, the U.S. is pushing for Asia Pacific Economic Cooperation Cross-Border Privacy Rules adoption in the region with recent endorsements from Australia, Japan, South Korea and Singapore. It is positioned as an alternative to the EU’s approach and as more business friendly. This will be particularly interesting to see how it unfolds with global trade wars intensifying and data transfer rules being negotiated in international trade agreements, particularly in the APAC Regional Comprehensive Economic Partnership e-commerce policy draft. All this, plus the emergence of policy measures on mandated data localization, which is being debated heavily in India.
Finally, I'm excited about the upcoming India Legal Summit and Awards 2018: Data Protection and Privacy, 4th edition. If you're in the region, it will take place 7 Dec. at Le-Meriden, New Delhi. More details can be found here.
I’ll leave it at that because there’s a lot of content in our newsletter for you to chew on.
If you want to comment on this post, you need to login.