[Answered] India has an opportunity to emerge as a global leader in data protection, especially for developing countries facing similar challenges and opportunities. Discuss.

Over the years, rapid technological advances have led to large volumes of data which is at risk of increasing cyber-crimes. With penetration of Aadhaar, risk related to data has increased. To safeguard Indian citizen’s interest, the government has introduced ‘Personal Data Protection Bill, 2019’. For India this is an important step towards building the significant base of ‘trusted’ digital India and emerge as a global leader in data protection.

Opportunities regarding data protection in India:

1. Data protection law: India has introduced a Personal Data Protection Bill recently. As countries look up to India to replicate its technology-driven growth story, the country’s data protection framework, can potentially offer a legislative model that others can follow-one that addresses individual privacy needs while leveraging data for development and innovation.
2. Strong IT sector: India’s potential to lead the world into a digital economy making use of its existing strengths in information technology. India is the hub of software engineers and is exporter of IT services to the world. Thus, India can use its IT strength for data protection.
3. Demographic dividend: India has one of the youngest populations in the world. Thus, to reap this demographic dividend it is important to protect individual’s privacy and data.
4. Empowerment: India is aiming to become a digital economy. It also focuses on empowerment based on data-driven access to services and benefits for example through cash transfers. Thus, it provides an opportunity for India to frame comprehensive and inclusive data protection rules.
5. Privacy as a fundamental right: In 2017, the Supreme Court in Puttaswamy case ruled that privacy is a constitutional right of Indian citizens. This allows the judiciary to safeguard citizen’s interests and set an example to be followed by others.

Challenges regarding data protection in India:

1. Infrastructure issues: Infrastructure in India for sufficient data collection and management is lacking.
2. Jurisdiction: Major players in India’s digital economy are not only based abroad, but also export data to other jurisdictions.
3. Increasing Cybercrime:Cyber-crime, hacking into people’s bank accounts and stealing their money, or defrauding people in a myriad of ways is becoming a trend now. This increasing trend of cybercrime needs a proper set of codes and rules.
4. Surveillance: A stringent data protection framework can lead to state of surveillance and over-regulation.
5. Digital illiteracy: Most of the Indian citizens are digitally illiterate. Their data is at risk always, as they don’t understand the nuances of the digital world. According to an ASER study conducted in 2018 only 21.3% of the students have access to computers in their schools.

Way forward: A data protection framework in India must be based on the following seven principles:

1. Technology agnosticism: The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance.
2. Holistic application: The law must apply to both private sector entities and government. Differential obligations may be carved out in the law for certain legitimate state aims.
3. Informed consent: Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful.
4. Data minimization: Data that is processed ought to be minimal and necessary for the purposes for which such data is sought and other compatible purposes.
5. Controller accountability: The data controller shall be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data.
6. Structured enforcement: Enforcement must be by a high-powered statutory authority with sufficient capacity. This must coexist with appropriately decentralized enforcement mechanisms.
7. Deterrent penalties: Penalties on wrongful processing must be adequate to ensure deterrence.

Data protection is a must in the age of digital era. With the right to privacy being a fundamental right and the recent rise in risks to privacy of the individuals, data protection law is need of the hour. The state must prevent and investigate digital crimes, prevent misuse of data and encourage data security through legislation. It is important to examine and put into place a robust regime for data protection.