Dear
Friends,
To
day’s papers carry your ( TRAI ) recommendations in respect of Data Privacy Law
( proposed )
In
this regard, you might want to look up my following mail
Warm
Regards,
Hemen
Parekh / Mumbai
+91
98675 50808
Sent: 16 July 2018 09:02
To: Cabinet Ministers; 'assocham@nic.in'; 'ficci@ficci.com'; 'info@cii.com'; BJP National Executive; Rajyasabha; Loksabha1; Loksabha2; 'supremecourt@nic.in'; SupremeBarAssociation
Cc: 'ssbhalla@gmail.com'; 'bibek.debroy@gov.in'; 'ashima@igidr.ac.in'; 'rr1@nipfp.org.in'; 'ratanp.watal@gov.in'; 'ceo-niti@nic.in'; Indian Think Tanks; 'Gurudatt Kundapurkar'; 'Haridas Shenoy'; 'Pradeep Talpade'; 'amit.doshi@dbcorp.in'; 'amitabh.kant@nic.in'; 'admin@narendramodi.in'; BJP-Dept-Heads; 'Indrajit Sethi'; 'vch-niti@gov.in'; nandan.nilekani@nic.in; 'bnsrikrishna@gmail.com'; 'secy-dot@nic.in'; ceo@uidai.gov.in; 'ajay@deity.gov.in'; 'akumar@del2.vsnl.net.in'; 'moona@iitk.ac.in'; 'grai@deity.gov.in'; 'director@iimidr.ac.in'; 'arghya.sengupta@gmail.com'
Subject: REQUEST FOR RE-LOOK [ RFR ]
Data Privacy Law :
a Pandora’s Box ?
I got that feeling after reading the following :
Extract :
Crimes :
Include obtaining, transfer, disclosure
and sale of personal and sensitive data, if it
causes harm to the person whose data it is (data principal), and
re-identification and processing of previously de-identified personal data.
[ How a citizen will ever get to know that someone to
whom he gave personal data , has caused him harm , through misuse of data ?
How must this aggrieved citizen go about
to “ prove “ that a “ harm “ has been caused to him by such misuse ? Would he even remember to whom did he give what personal data – and for what legitimate “ use “ ?
By filing court cases against 200 search
engines / mobile apps / e-com sites / govt agencies ? ]
Punishment :
For “ intentional or reckless behaviour ” that leads to the crimes, which it wants
to be made cognisable and non-bailable.
In case the crime has been committed by a
company or body corporate, including government departments, the responsibility
would lie with the person in charge of conducting the company’s business or the
head of a government department.
[ If such a “ transfer / sale / disclosure “ of personal
data cannot be proved to have caused “ harm “, will that
behaviour not
be “ intentional or reckless “ ? ]
Compensation :
To be paid to “ data principals “ in case any harm is caused to them for infringement.
[ Who decides what was
the “ quantum “ of harm and what is
the commensurate “ quantum “ of compensation ?
Won’t this differ from one case to another ? ]
Absolves :
The in-charge of all
responsibility if he or she shows that the
crime was committed without his/her knowledge or that all reasonable efforts
had been taken to prevent the crime from being committed.
[ All data flows from one
computer to another computer or even to some other
internet-connected
device , such as a car / refrigerator / smart watch / TV etc .
Most of
the time such transfers are happening round the clock, with no one watching /
no one
knowing / no one asking for any permission from anyone !
According to one expert
, by 2022 , there will be 50 internet connected
devices in each
home ( IoT – Internet of Things ) – each sending out a
lot of your personal / private
data, to their
respective manufacturers / ISPs / Operating Systems )
Will anyone know what device is sending out which information to whom and when ? ]
Data collected under
Aadhaar :
Would be out of the scope
and purview of the proposed law.
This recommendation may
not find favour with those who have opposed the unique identification system on
the ground that the collection and dissemination of Aadhaar data leaves
citizens vulnerable.
[ What about
Aadhar-linked data collected by government agencies for hundreds of
Direct Benefit Schemes , which it has shared
with Banks and Financial Institutions ? ]
Registration :
All data collectors would have to get
registered with the DPA.
[ Each and every business establishment which is selling
any product or service , online
( includes all search
engines / e-com sites / mobile apps ), will need to register .
Soon that will cover 50 million MSME of India !
Would this cover all FOREIGN data collectors as well over which Indian Laws have
no
jurisdiction ?
Is this , at all practical / feasible ? ]
Data Ombudsman :
To adjudicate complaints
between “ data principals “ and “ data fiduciaries “
Appeals against orders of
the data ombudsman will be made to an appellate tribunal.
The Supreme Court will hear appeals against
orders of this appellate tribunal.
[ How many years will it
take for the complaint to travel from Ombudsman to
Appellate
tribunal to Supreme Court ?
My guess :
15 years ]
Could we have anticipated these “ questions “ while drafting the Law ?
And found some practical “ answers “ to those questions before opening up the
Pandora’s Box ?
Possibly , if the policy makers :
and the members of SriKrishna Committee :
had carefully read my following emails – especially my
oft-repeated suggestion to induct some IT technocrats (eg: Nandan Nilekani / nandan.nilekani@nic.in ) in the
Committee
There is a possibility that the Hon Judges of the
Supreme Court found time to read my emails – in which case , they might ask
these questions to the Government advocate , when the first case reaches its
doors !
No comments:
Post a Comment