Daily Current Affairs – 28th January, 2016

Daily Current Affairs – 28th January, 2016

Ensuring privacy in a digital age

Convention 108, 1981: The European Council signed the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data

What about it—

The first legally binding international treaty dealing with privacy and data protection

28 January-The day has since been celebrated as Data Protection Day in Europe and as International Data Privacy Day around the world

Data Privacy—

Internet and Mobile Association of India Report-India has around 400 million Internet users treating Internet essentially as a data ecosystem where every node is engaged in generation, transmission, consumption and storage of data

Real Issue- Absence of measures that

  • Safeguard the privacy of this data
  • Regulates data retention by platforms collecting it

Resulting in—

  • Zero awareness regarding how their personally identifiable information is collected, stored, used and shared
  • Large scale sensitive data collection and storage due to governance-driven digitization (Aadhaar, digital lockers, and direct account transfers) but with a toothless Information Technology Act which has limited scope to penalize government agencies for breach of data privacy (only legal instrument available to citizens against contravention of their privacy in the data ecosystem)

2013– Maharashtra government simply lost the personal data of 300,000 Aadhaar card applicants

Need of the hour—

  • A comprehensive legislation that provides for a right to privacy as a fundamental entitlement to citizens for which the groundwork has already been laid in 2012 by a Justice A.P. Shah-headed group of experts constituted by the Planning Commission.
  • The commission had proposed a set of national privacy principles that would place an obligation on data controllers to put in placesafeguards and procedures that would enable and ensure protection of privacy rights
    • Notice (to be given to users while collecting data);
    • Choice and consent (of users while collecting data from them);
    • Collection limitation (to keep user data collected at the minimum necessary);
    • Purpose limitation (to keep the purpose as adequately defined and narrow as possible);
    • Access and correction (for end users to correct or delete their personal data as may be necessary);
    • Disclosure of information (private data should not be disclosed without explicit consent of end user);
    • Security (defining responsibility to ensure technical, administrative and physical safeguards for data collected);
    • Openness (informing end users of possible collection and utilization of personal data);
    • Accountability (institutionalize accountability for adherence to these principles)

 

The proposed framework—

  • Technology neutral
  • Compliant with international standards already in place to protect user privacy
  • Should recognize the multiple dimensions of privacy
  • Establish a national ethos for privacy protection
  • Flexible to address emerging concerns
  • Should contain horizontal applicability with both the public and private sectors bought under the purview of privacy legislation

In the time being—

It is necessary to adopt mechanisms ensure compliance towards use of Privacy Enhancing Technologies (PET)—

  • Processes and tools that allow end users to safeguard the privacy of their personally identifiable information that they willingly provide to government agencies and other service providers
  • PETs put the end user in control over what information to share, with whom to share and a clear knowledge of the recipients of this information
  • Usage of data encryption and mandating multi-factor authentication for access to end user data can be examples of other PETs that can be implemented by service providers and government agencies alike

-Aligning our technology laws with the evolving Internet landscape

-User privacy concerns and secure designing should be integrated in the charters of respective standard-setting organizations

-Government should seek ‘active user education’ that makes them aware of their choices

-Lengthy and complex privacy policies that practically hand over control of user data to the platforms collecting it need to be replaced with ones that are user friendly in draft and execution.

Share this post