The Unique Challenge of a Data Protection Law

We started this Brainstorm still reeling from the sweet rush of the Supreme Court decision declaring privacy as a fundamental right in India. This was followed by the encouraging news of an Expert Committee working on a new data protection law. Things seemed to be moving in the right direction: individuals would be vested with certain rights with respect to their data, and there would be certainty in terms of what data collectors could and could not do with this data. But the past few months have shown that this is no easy task.

One of the objectives of any law is to legislate for the future: to ensure that the law is durable and stands the test of time. With data protection, we are witnessing a situation where our needs are in the present and there is no guarantee that they will remain the same in the future. We are grappling with defining the problems we face and brainstorming about possible solutions at the same time, with understandably mediocre results.

Take the ongoing Aadhaar case in the Supreme Court and the recent revelations of the data harvesting from Facebook by Cambridge Analytica. There is an urgent need for clarity on both fronts, and yet, none is likely to be available anytime soon. These two cases reflect several of the challenges highlighted by our participants over the past few months of our discussion. They showcase the fragility of consent in the data rich world of today. They show that the scope for data protection is vast and there are people from all walks of life who will be affected by it. They stress the need to equip individuals with rights to their data that they can understand and exercise. And enveloping all this is the realisation that any regulation of the field must not be dogmatic and rigid, but instead be in the form of an enabling institution that endures.

Read more here.