By Atanu Biswas
After nearly four years of stirring and after going through multiple iterations, including a review by a Joint Committee of Parliament (JPC), the government has now withdrawn the Personal Data Protection Bill, 2019. It, however, is considering presenting a new Bill that fits into the “comprehensive legal framework”. The earlier bill certainly faced major pushback from a range of stakeholders including some big tech companies and activists. Some big techs, in particular, questioned the provision of data localisation within the Bill.
In 2018, a panel led by retired Supreme Court judge Justice BN Srikrishna drew up a draft version of a Bill. The 2019 Bill, however, diverged from the 2018 draft in some aspects. Then, 81 amendments were proposed and 12 recommendations were made. These included expanding the scope of the proposed law to cover discussions on non-personal data.
Data, the anatomically fully functional android of Star Trek, was self-aware, sapient, sentient, and strived for his own humanity. ‘Data’ in today’s world is already ‘big’, and ever-expanding-the once-in-a-century pandemic in between might have increased our digital dependence significantly, thus yielding more and more data. It’s widely perceived that the Fourth Industrial Revolution would be driven by data. Consequently, the world got busy regulating the usage, storage, and propriety of data. The background of data protection law is quite intriguing.
In 2009, European Consumer Commissioner, Meglena Kuneva, defined personal data “the new oil of the Internet and the new currency of the digital world.” Then, as data continued to take control of every bit of our lifestyles, the World Economic Forum (WEF) launched a project entitled Rethinking Personal Data in 2010, with the aim to deepen the collective understanding of how a principled, collaborative, and balanced personal data ecosystem can evolve. Subsequently, a 2011 WEF report titled Personal Data: The Emergence of a New Asset Class perceived that personal data represents a post-industrial opportunity. “Utilising a ubiquitous communications infrastructure, the personal data opportunity will emerge in a world where nearly everyone and everything are connected in real time. That will require a highly reliable, secure and available infrastructure at its core and robust innovation at the edge,” the report says amid the ever-increasing and increasingly complex domain of data.
Attempts to protect data and control its ownership have been increasing all over the world. The European Union has come up with its General Data Protection Regulation (GDPR) in 2018, with its primary aim of enhancing individuals’ control and rights over their personal data and simplifying the regulatory environment for international business. The UK, in fact, retained the law despite untying the knot with the EU. The GDPR became a model for countries such as Turkey, Japan, Brazil, South Korea, South Africa, and even California in the US. China’s Personal Information Protection Law went into effect in November 2021.
The 2011 WEF report argued that a massively increased amount of personal data “is generating a new wave of opportunity for economic and societal value creation.” In fact, in 2020 the Chinese Communist Party’s (CCP) Central Committee and State Council added data to land, labour, capital, and technology as a new factor of production in its ‘field-based allocation system and mechanism’. Interestingly, in the 2020 American docudrama film The Social Dilemma, a former Google employee says, “We could tax data collection and processing the same way that you, for example, pay your water bill by monitoring the amount of water that you use.” Proposals of implementing a data tax have recently emerged in different corners of the globe. A Data Exchange is now operational in Shanghai, where data are sold as goods are sold in hypermarkets.
“Yet, we can’t just hit the ‘pause button’ and let these issues sort themselves out. Building the legal, cultural, technological and economic infrastructure to enable the development of a balanced personal data ecosystem is vitally important to improving the state of the world,” the 2011 WEF report opined. Thus, we certainly need a concrete law as soon as possible. But, how would India’s new Personal Data Protection Bill be? The principles of privacy with respect to the Supreme Court guidelines based on the 2017 landmark judgment on privacy, i.e. Justice K.S. Puttaswamy vs Union of India, is required to be maintained, for sure. And some key modifications and recommendations of the earlier bill would also likely be taken care of. However, with the ever-changing pattern, purview, domain, demand, and scope of data, the quantum, dynamics, and discoveries of both the hidden opportunities and dangers of personal data are bound to change in near future. The changing pattern would also change dynamically. Any personal data protection law should incorporate the flexibility to make the required amendments continually without much hassle. It’s never easy though. Hope our law would do that in the best possible way.
The Star Trek character, Data, tends to be more human-like. An emotion chip is added to him. A personal data protection bill certainly needs that kind of human chip, in the ambit of its legal framework, of course. Let’s wait for the Bill in its new avatar, in the near future.
The writer is Professor of statistics Indian Statistical Institute, Kolkata