Taking part in a session on 'Building a Data Privacy Ecosystem in India' at a virtual event organised by the Internet and Mobile Association of India, Rajeev Chandrashekar said that publishers and intermediaries must realise that there will be disruptions coming their way soon via legislation and that it is time that they changed their business models.
Anybody doing business with India and dealing with Indian consumers must comply with Indian laws, Rajya Sabha MP Rajeev Chandrasekhar said on Friday.
Taking part in a session on 'Building a Data Privacy Ecosystem in India' at a virtual event organised by the Internet and Mobile Association of India, Rajeev Chandrashekar said that publishers and intermediaries must realise that there will be disruptions coming their way via legislation soon.
"The legislation will affect those who are monetising data of the users. They should start looking at a new revenue model and diversify it rather than depend on monetising consumer data. It represents a need to change the business model," he said.
In this regard, the BJP national spokesman highlighted the significance of the Narendra Modi government's Data Protection Bill.
He said, "Internet was designed to be a seamless network of computers communicating with each other. It was never meant to be as we see today -- islands of commercial exploitation. The backstory of the Data Protection Bill is a 10-year effort by many to bring individual privacy in the digital domain to the forefront. I brought a bill in 2010. The reason was Aadhaar. It was done with good intentions, but there was no respect for the donor of the data. Many people went to court, and in 2016, the Supreme Court ruled that under Article 21, privacy is also a fundamental right for the people of India. Privacy is no longer something that the government of India or anyone else is giving as a favour."
"To ensure there is a legislative framework and architecture that captures the dos and don'ts of privacy as the fundamental right means to everybody on the Internet, including intermediaries and publishers, the government then set out to do the Data Protection Bill. Data Protection Bill operationalises and legislates how the fundamental right to privacy will be operated through law. Every Fundamental Right in Constitution has exceptions; no rights are absolute. Data Protection Bill delivers the legislative constructs to the right to privacy," the Rajya Sabha MP said.
The Data Protection Bill has been referred to the Joint Parliamentary Committee, which is evaluating the bill.
Rajeev Chandrasekhar noted that there are certain basic principles that apply to any intermediary who is collecting information from the users for delivering services or content:
1) They will have to seek consent from the user before collecting data.
2) Data that is consented to by users will be used for a specific purpose. Up to now, anybody collecting data from users is unfettered about what they can do with the data.
3) Whether the data that the intermediary collects is being stored.
4) Third-party publishers giving data to different firms who use it for their own purposes. that model will be under threat with the Data Protection Bill. That model will come under threat with Data Protection Bill. A behemoth like Google is now giving the commitment to stop tracking consumer behaviour without the users' consent and use it for commercial purposes.
As for how the Narendra Modi government intends to address compliance-related issues, Rajeev Chandrasekhar said that the government does not want to make it difficult to do business and bury them under the weight of compliance and being frightened.
"People do not have awareness. Currently, any consumer of any platform can assert their right to privacy. It is very surprising why people are taking litigating more to protect their data. Privacy is being breached daily today. The basic idea of the government is while the right to privacy is a fundamental right and the Data Protection Bill brings a balance between the rights and obligations of consumers and the business, we also do not want to make it difficult to do business, bury them under the weight of compliance and being frightened," he said.
"Of course, the consumer wants to assert his or her right, and that government will protect that right legislatively. But we also, especially under this government and prime minister, have put so much effort into startups and Digital India. We want to balance compliance requirements to be as painless for those are who complying with the law. The government's idea is to set up a data protection authority, a regulator of sorts led by qualified people who understand the digital domain. This is not about policing the business. This is a fresh mindset in the government to have a regulator as being an enabler rather than a policeman," Rajeev Chandrasekhar added.
The Rajya Sabha MP said that the data protection authority is going to be India's test for a modern, world-class digital domain regulator.
"We need something that is supportive of business and of course protects the interests of the consumer. Otherwise, any bill, however well-drafted, will be killed at the altar of poor regulation. We need a world-class institution which will be a data protection authority," he said.
On whether Indian financial data should be stored on local servers, Rajeev Chandrasekhar said that this issue of data localisation is a debate that has two sides.
"On one hand there's data sovereignty which would deal with whether the protection of Indian data is extended to beyond our geography. Then, on the flip side, entrepreneurs want the choice to store data. They don't want to be told that they have to store data here. The compromise answer here is that you mirror the data here and make sure that those who collect data in India, whether they are in a foreign jurisdiction, sign up to say that they are compliant with Indian law. We can't have something that is being seen with Twitter today."
Watch this interaction below: