Towards a regulated data economy: Getting the implementation right

September, 26, 2018, New Delhi

Mr. Varun Kapoor Indore was speaking at the roundtable titled ‘Towards a regulated data economy: Getting the implementation right’ organised by Cuts International in association with The Dialogue. He pointed out that the Grievance redressal system should be accessible to people. And a correct mechanism and process pipeline has to be identified. There could be Helpline numbers, chatbots, emails etc put in place to enhance the efficiency of grievances redressal mechanism. Only after that, the criminal enforcement part of the bill should come into play.

It was suggested that some inspiration could be taken from the mechanisms under the Consumer Protection Act, 1986 and the impending Consumer Protection Bill, 2018 wherein consumer courts have the rights of civil courts but are not necessarily bound by their procedures.

Mr DK Sarin, Electronic & Computer Software Export Promotion Council, India added that we are moving away from the oil economy to a data economy, and therefore we need to be aware of the emerging technologies which present newer challenges and will impact The Draft Personal Data Protection Bill, 2018.

Mr. Gautam Vohra, Hike rightly pointed out the importance of understanding the consent architecture and taking the consent at the right stage – whether it’s at data collection stage or before processing data. He indicated that there was lack of clarity and great deal of confusion on the scope of processing as it includes ‘collection’ within its meaning, as per the Bill.

Charu Chadha, Facebook outlined how consent forms are being designed keeping user’s interface and user experience in mind. She elaborated how Facebook has incorporated graphical presentation to walk through privacy settings that allows new users to access the consent document. And the language of their privacy setting has been simplified for the users.

Rahul Sharma, Founder, The Perspective spoke about consent and product liability. He said that the focus of consent taking should not be shifted to user, because if the technology overburdens the user, they give it up. Moreover, organizations should be more open and transparent with their policies. The implications of equating consent forms with a Product liability on the data fiduciary might raise the cost of services was discussed. Wherein Pranav Mehra, Snapdeal pointed out that the product liability in The Bill does not clearly give a distinction between provider of services and provider of product. He also spoke about data audits and data scores. He mentioned that such scores would lead to subjectivity and might not be the best mechanism to inform users of the data protection tools employed by data fiduciaries.

As regards data localisation and restriction on cross border data flow, Divya Dwivedi, UKIBC raised the issue of equivalence between EU GDPR and the Bill and emphasised the need to have a cost benefit analysis in order to understand the points of divergences and similarities between the two legislations.

On Data Localization, Tridivesh Singh Maini – Assistant Professor, Jindal University aptly pointed out that a bottom up approach would make sense instead of going top bottom. He illustrated his point by mentioning the fact that Telangana has expressed an opposing view of data localization and more states, districts, SMEs and startups should be allowed to voice their opinion and decide the data localization requirements. He added that identifying important local stakeholders in domestic issues is equally important as doing so during foreign issues and the same is an important facet of Cooperative federalism.

A lot of interesting insights were generated from the discourse. The event featured speakers that ranged from law enforcement, government stakeholders, internet companies, public policy think tanks and global business strategy firms.

The Roundtable discussed and discerned the fundamentals of data driven ecosystem, intent and aspirations of the stakeholders’ vis-a-vie the proposed legal framework, regulatory and institutional architecture, and implementation thereof.