The Aatmnirbhar Digital India Foundation (ADIF), an industry body representing India’s digital and technology startups, deliberated on the need for stringent data privacy norms in a digital world.
Post pandemic, usage of digital tools especially Whatsapp has increased manifold for communicating and business needs. This makes need for data privacy norms critical as users are in the dark regarding what personal data is being collected by social media companies and with whom all this data is being shared.
In line with ADIF’s objective of playing a role in policy framework, the panel brainstormed on the topic – ‘Data Privacy: The Way Forward for India’. The esteemed panel constituted of Rama Vedashree, CEO, Data Security Council of India, Vishal Gondal, Founder & CEO, Goqii, Aadya Misra, Founder of Data & Privacy Hub and GDPR Expert @ Spice Route Legal and Ajay Data, Secretary General, ADIF.
The panel deliberated on the need for a clear distinction for personal data which should be considered private and sensitive and should not be allowed to be shared with third parties. The recent case being of Whatsapp where it is forcing users to accept new privacy policy and it appears the consent to sharing user data with other Facebook companies has made a precondition for availing WhatsApp service. This has also led to Competition Commission of India (CCI) ordering an investigation into WhatsApp’s new privacy policy for breaching The Competition Act, 2002.
Rama Vedashree, CEO, Data Security Council of India: “Privacy has been declared as a fundamental right. This increases the obligation of the tech provider, whether it is a startup or a big company or a Government agency. Right now, there is a trust deficit among consumers which can be solved only if there is transparency about what is being done with user data.” She also added “Unlike Europe, Japan and many other countries India still does not have a comprehensive data protection legislation. Even though many of our startups are serving the global markets and making products for the world, our Digital startups face barriers in accessing global markets since we are not considered as an ‘adequate’ nation in the absence of data protection laws.”
Vishal Gondal, Founder and CEO, Goqii: COVID has accelerated the adoption of digital health – healthcare data has become the most valuable form of data in the world, and this has led to it being used and misused. There are many beneficial uses for this data from an AI perspective. However, it is also clear that healthcare data can be misused by threat actors, creating huge security risks for India. In the absence of strict laws around data privacy, like in the US and Europe – I’m worried about where Indian user data is being exported to and whether it is being misused. There has to be an urgent intervention on this.”
Aadya Misra, Founder of Data & Privacy Hub and GDPR Expert @ Spice Route Legal said , “Speaking on the matter of impact of GDPR on cross border data transfer, Aadya, GDPR Expert at Spice Route Legal said that we are seeing a significant increase in compliance obligations on Indian companies – both from a technical security safeguard perspective and through contractual measures. For our startups who are already servicing global markets, compliance to Data Protection Laws will not be an issue once they are passed.”
Ajay Data, ADIF Secretary General Ajay Data: “ The data protection norms in India need to be at par with global standards. Transparency and trust are two biggest facets here with respect to customers who should be made aware of what personal data is being collected and with whom all this data is being shared. We request the government to fasten the Data Protection legislation”
India is riding on a digital wave with over 500 million internet users. This growth has however come in the absence of strong legal frameworks to protect data and the privacy of the users. This regulatory vacuum works in favor of some larger companies and helps them use this data to solidify their monopolies. The worry is by the time stronger data protection laws are put in place it could then be impossible for newer companies to compete with the bigtechs. This would be disastrous for our startup ecosystem.
The deliberations revolved around the need for government’s intervention to ensure the data of Indian users are protected. Users in India will have no other option other than sharing their data with Facebook and other group platforms. However, the app’s policies on data-sharing will not be changed for users in Europe. The big question remains is why the privacy of Indian users is any less important than European users. Indian users have a right to be treated at par with their global counterparts.