India already has a billion people on a biometric database; it will soon have close to 500 million people using smartphones by 2020. Once on the mobile, these apps begin to study users (albeit without revealing individual identities), which makes it possible for data scientists (employed by these app companies) to study consumer behavior and preferences. All of us click on “I Agree” without reading the legal contract that binds the two parties when downloading the app. “You”, the user, allows the company that owns the app to use the data in your mobile and data generated from the app itself.
Is data the new deity?
Data is consumed by the minute in every action, reaction, event, process or decision we express. From checking traffics patterns when you commute to looking up for a good meal, we have a data-driven life both at home and work. Almost every software or application you come across hoards a bag of data. But the rapid growth of data brings in certain concerns such as how data is gathered, whether it is secure, how it is being used, and ultimately, how will you be affected by it.
Given the rising internet penetration and growing emphasis on Digital India, it is imperative to protect the sanctity of data generated by the citizens. The Supreme Court of India on July 19, 2018 stated that the right to privacy cannot be an absolute right and that the state may have some power to put reasonable restrictions. A nine-judge Constitution bench, headed by Chief Justice JS Khehar, is revisiting the question of privacy 55 years after the Supreme Court decided that it is not a basic right for citizens.
Data and the law in India
Presently, the Indian Information Technology Act, 2000 (IT Act) prescribes rules for possessing, dealing, or handling sensitive personal data. It also prescribes provisions for compensation for failure to protect such sensitive personal data. In addition, the disclosure of personal information in breach of lawful contract is punishable with imprisonment or with a fine or both. Since startups mostly handle a good amount of personal and sensitive personal data, it is essential that they comply with the provisions of the IT Act, along with any other relevant sectoral law that may be applicable to them.
Recently, the draft Personal Data Protection Bill, 2018 (Draft Bill) has been submitted by the Srikrishna Committee to the Government for consideration. The Draft Bill mandates several additional obligations for entities engaged in the processing of personal data and is expected to increase the cost of compliance substantially. The bill prescribes penalties as high as Rs 15 crores or 4 percent of the total worldwide turnover (whichever is higher), in case of certain non-compliance.
With huge data comes huge responsibility
Several organisations are working towards creating a responsible environment where data is collected, stored, managed and processed effectively. Any person, business, system, sensor, and machine that interacts with data has the obligation to handle it responsibly. Some of the world’s largest enterprises trust IBM as a steward of their most valuable data. Working with certain principles and practices, here is how IBM handles data responsibly:
1. Data ownership and privacy
IBM creates a system of best practices that guide the secure and ethical management of data. IBM client agreements are transparent, they employ industry-leading security practices to restrict access to authorized users and safeguard the data. With regard to privacy, IBM does not follow a single approach, rather it complies with the EU’s General Data Protection Regulation. In order to facilitate cross-border data flows, IBM also supports and facilitates the recognition of privacy regimes globally.
2. Data flows and access
IBM strongly believes that clients, not governments should determine where they store their data and how it’s processed. They significantly invest in cloud data centres around the world to provide flexibility to clients on where to store and process their data. Storing or processing data within national boundaries does not necessarily make it safe from hackers or cyber criminals. IBM limits data localisation requirements and supports digital trade agreements that enable and facilitate the cross-border flow of data. IBM works closely with the government and their clients to ensure that data is protected in a balanced manner, with the law enforcement obliged to conduct lawful investigations in case of criminal activity.
3. Data security and trust
A global leader in enterprise security, IBM upholds a unique perspective regarding the rapid growth of threats in the open marketplace and public domain. There is a need to strike a critical balance among security, privacy and freedom, while maintaining trust and addressing the collective needs of business, academia, government, and civil society. IBM believes in public-private partnerships to increase cyber security awareness and collaborates with the government, business and academia to prevent and manage attacks better through real-time sharing of actionable cyber threat information.
4. Data and artificial intelligence
IBM has a long history of pioneering AI technology and the work they do for their clients has taught them that these augmented capabilities can represent a positive and transforming force for businesses, governments, institutions and individuals alike. The organisation supports transparency and data governance policies that ensure that people understand the algorithm behind how an AI system works. Instead of penalising automation or innovation, IBM works with policymakers and clients to ensure that the workforce is equipped with the required skills to partner and work with AI systems effectively.
5. Data skills and new collar jobs
With a transformation in technological and business shifts, the way we work and drive productivity, economic growth and job creation has significantly changed. IBM is leading efforts to ensure that the workforce worldwide is prepared for this wave of change. They work with policymakers to modernise education systems to highlight in-demands skills rather than specific degrees.
A new era of data responsibility
The data economy is evolving rapidly and paving the way for exciting new technologies that is transforming the way we live and work. Given the diversity that data offers, it can be harnessed properly only if handled responsibly. The government is also taking efforts to consider the views of the public on the Data Protection Law and has extended the deadline for public comments on the draft policy to September 30, 2018.
IBM is encouraging this cause and has gone beyond the scope to identify and adhere to certain data principles and practises that lead to societal value and progress.