DailyPost 2741
THE INDIAN DATA PROTECTION ENIGMA
While the companies which are making trillions of dollars out of our data, use it in the best possible manner, for themselves and might be for mankind too, having complete control over their data turf. The governments with best of their efforts and their electorate or the population too are at the receiving end. It too took ages for the governments to understand the game of data, more so what is called as the personally identifiable data or personal data , of which the person who creates is the owner, but unfortunately, he does not even have an inventory of it.
That this data is being exploited in multifarious ways amounts to an outright onslaught on privacy was realized pretty late in the country, after a well fought out legal battle. It took another half a decade to come to a legal enactment titled The Personal Data Protection Act, 2023 was enacted in August last year. It is not known as what amount of time would it take make the rules, without which the Act cannot be acted upon. The callousness we show for data protection and privacy and cult like faith the IT behemoths display for their data, makes us the believe that we don’t share the same mental frame of the digital world.
The Act deals with the processing of digital personal data that recognizes the right of individuals and the need to process such data for lawful purposes. The aim of providing the ownership to the individual is of paramount legal importance. Unauthorized processing is also dealt with clarity. The processing part covers every activity of related to data. The Act thus is all comprehensive at least on the face, how it can put into practice is the main catch. The rights provided to the individual starts from consent.
He has rights to access, correct, update and erase data. The Data Principal, that is the individual, can ask for a summary of all data collected and shared. There are safeguards for children’s data and there is also provision for nomination. If each of these were to happen for every individual and every activity, connected to every company one interacts with and the government, it would need a massive digital infra to support this, in every enterprise. Will the ERPs / Software / Databases in question be enabled for this purpose? How will standardization and uniformity come into the picture? Anything not fully automated will not deliver any results, leave aside the desired ones. The humungous nature of enforcement throws up an insurmountable challenge. It seems to be wild goose chase as it stands now. Data would continue to remain in the rarefied digital atmosphere, at least in the foreseeable future.
WILL DIGITAL LAW AND DIGITAL TECHNOLOGY EVER GET SYNTHESIZE?
Sanjay Sahay