Dear
Nikhil Pahwa ,
Just
read your following article :
Indian govt seeks inputs from ISPs for
blocking Instagram, Facebook, Whatsapp, Telegram
Move
You have raised relevant concerns re the impact of such a move on India’s
reputation abroad
But
, neither can we ignore the concerns expressed by Shri Ravi Shankar Prasadji ,
in light of various recent “ massive data leaks “ ( Eg : Timehop
> 21 million users / Yahoo > 3 Billion
users / Equifax > 145 million users /
Facebook > 20 million users etc )
May
be what we need is not blocking but what I have suggested in my yesterday’s
blog below ( sent as email to Shri Prasadji ) :
A Matter of Motive
Today’s papers are full of
reports re Government cancelling its plan to create a “ Social
Media Monitor Hub “
Reason ?
In the eyes of the public ,
government’s motives were suspect
Motive was :
“ According to the RFP
document , a TECHNOLOGY PLATFORM was needed to collect digital media
chatter from all coresocial media platforms as
well as digital platforms such as news, blogs
The platform was expected to
provide AUTOMATED REPORTS , TECTICAL INSIGHTS and COMPREHENSIVE WORK-FLOWS to
initiate engagement across digital channels “
No wonder , during the
hearing, Justice D Y Chandrachud had noted:
“ If the government is
seeking to monitor every single tweet and WhatsApp message that is sent , we
will be moving towards becoming a surveillance state “
But would public oppose with
my following suggestion ? :
Declare motive as follows :
Government wants to,
# Protect the
RIGHT to PRIVACY of its citizens , under the proposed “ Data
Protection Law
“
, by creating a platform where Indian citizens can VOLUNTARILY upload
/ store their
PERSONAL
/ PRIVATE data, which will remain in the SAFE CUSTODY of
Data Protection
Authority
[ DPA ]
DPA
will be a CONSTITUTIONAL and STATUTORY authority , in the same
manner as the
Election
Commission and its Chief will report to the President of India
This
will ensure its total independence from all other wings of the
government
By
relevant clauses of the proposed Data Protection Law , DPA cannot share any
data of
any
citizen who has registered on the Data Custody Platform ,
with any government
department
or agency
This
will ensure that the government cannot turn into a “ Surveillance
State “
# Enable its
citizens to avail of the online services of web sites / mobile apps etc ,
without
worrying
about any misuse of their Personal / Private Data by these Data Fiduciaries
# Sue those
Data Fiduciaries , on behalf of the citizens , in case of any such misuse
# Extend the
principle of “ Data Ownership “ by enabling its citizens
to SELL their Private
Data
( what is ownership without being able to sell what you own
? )
I am sure citizens would
welcome any such VOLUNTARY MECHANISM and enthusiastically support
it
=============================
Here is the context :
Say 1
billion Indian citizens have given their “ Consent “ [ - without
any appreciation of what it could mean to their Personal Data misuse ], to
some 200 web sites ( Data Fiduciaries ) , by
registering on those web sites and saying,
“ I accept the TERMS
and CONDITIONS “ .
Sometimes , not even
that much !
That adds up to 200 Billion
individual “ Ghost Contracts “
There is no way for an
individual citizen to come to know , “ which “
fiduciary has misused “ what “ personal data , of “who “
, and “ when “ .
No way ( time – money wise )
for an individual to launch a court case
But , under proposed Data Protection Law , government has an
opportunity to “ turn the tables “ !
==========================
By launching a “ Data
Custody Platform “ , to be called ;
which will work as follows :
# Indian
citizens will voluntarily upload their Personal Data on this platform at 4
levels ,
as
described at :
# No
Indian Citizen will need to fill up REGISTRATION forms on web sites of
fiduciaries
# Web
sites of all fiduciaries , will enter into individual CONTRACTS with DPA ( so
200
contracts
in place of 200 billion contracts ! )
# Whenever
, any Indian citizen wants to use the online services of any fiduciary web
site,
he will simply click :
“Log
me in with www.IndiaDataCustodian.gov.in “
# Fiduciary
web site will have a protocol with Data Custody web site , under which the
Data
Custody web site will merely “ Authenticate “ the genuineness of the user ,
WITHOUT
sharing any data of that user
There
will be no “ mirroring “ / “ cloud storage “ / “ cross-border migration “ of
data
All
data will always stay safe and secure on the LOCAL SERVER of Custody Web site
# On
Custody Web site , there will be following provisions :
· Registering
Indian Citizen, can select which ( level ) of his personal data can be sold ( -
which will always and only be in an “ anonymized “ form ) .
Of
course , the selling price will be decided by the Custody Web site , with
provision for “ Surge Pricing “ as explained in ,
· He
can also decide / select ( from appropriate drop lists ) , which ( level ) of
his personal data , can be allowed to be authenticated ( by Custody Web site )
to which fiduciary web site
· He
can edit his personal data at any time ( but at least , once a year )
· He
can edit his “ Authentication Selection “ at any time
· He
can “ De-activate “ his data for any given period
· If
DPA receives any compensation from any fiduciary for any misuse of data ( eg :
proposed 4 % of annual revenue – as in GDPR ) , it will be shared equally among
ALL the registered users . This will act as a positive INCENTIVE for Indian
citizens to come forward to register on Custody Web Site
· If
an Indian citizen is NOT registered on Custody Web site , DPA will not fight
his case in case of any misuse of data that he has directly given to any
fiduciary . He will have to fight his own case , based on what “ consent “ he
has given to it
· Custody
Web site shall employ appropriate software to scour the entire web and compile
all “ Web based Interactions / Engagements “ of the registered users
By registering , the user
gives his consent in this regards but on clear understanding that this will not
be shared with any other party / agency but only for the explicit purpose of
generating DEMOGRAPHIC / SOCIAL / ECONOMIC ( but not Political ) profiles of
the Indian citizens , for common use by anyone
· Since
all E Commerce web sites are covered by my suggestion , there will
be no need for a separate provision ( for Data Localization ) under the draft E
Com Policy
· Any
fiduciary web site that is unwilling to enter into an agreement with the DPA (
as outlined above ) ,shall be stopped from operating in India ( - and that
covers Google / Amazon etc )
*
For each registered user , on Custody Web Site , there will be a password
protected page , where he can see his " Earnings History " along with
amounts deposited from time to time , in his Jan Dhan Bank account
I urge the Central Government
to publish my suggestion and invite comments from the Data Principals and Data
Fiduciaries
O4 Aug 2018
www.hemenparekh.in /
blogs
with
regards,
hemen
parekh
No comments:
Post a Comment