Commentary
Find our newspaper columns, blogs, and other commentary pieces in this section. Our research focuses on Advanced Biology, High-Tech Geopolitics, Strategic Studies, Indo-Pacific Studies & Economic Policy
Token Security or Tokenized Security
There is a need to protect the data belonging to individuals in these situations, providing the government with two possible policy options: it can choose to either overhaul the Aadhaar architecture completely, or it can build in additional security measures to ensure that individual data is not compromised.
Uninventing Aadhaar is not a practical proposal. It would have to include repealing the statute on Aadhaar, disbanding the database already created, and figuring out alternative means of delivering the services that are now dependent on Aadhaar. A more sustainable way forward is to better secure Aadhaar. This will involve not only the secure collection and storage of personal data but also a safe regulation of the manner in which third parties use it for authentication.
Read more here.
What the GDPR Means for India
As the GDPR seeks to protect data users in Europe (and regions where the EU laws apply), it might not really make a difference to data users in India. However, this law extends to both citizens as well as non-citizens within the boundaries of the continent. So, if you have plans to travel to Europe, you have the added advantage of being covered by the protections under the GDPR as soon as you land there.On the other hand, the GDPR requires companies all over the world to comply with its provisions if they provide any goods or services anywhere in Europe, or in any manner monitor the behaviour of any individuals in Europe. This means that some Indian sectors such as information technology, the outsourcing industry, and pharmaceuticals might be hit by the GDPR. As the penalty for a contravention is up to 4% of the annual turnover of the company, this is not a trivial obligation for affected Indian data controllers.
The Devil in the Details
A week ago, the Justice Srikrishna Committee released a draft Personal Data Protection Bill and a Report to go with it. This is another step in the progress that has been made in the past year to create a data protection framework for India. It started with the Supreme Court judgement that recognised privacy as a fundamental right. This was followed by the constitution of the Justice Srikrishna Committee, the release of a White Paper, and public consultations on the recommendations made under it.The Bill and the Report, which had been expected for the better part of six months, have already attracted a flurry of critical commentary. While there are elements of these documents which are welcome, there are also serious concerns that require further attention.One of the positive aspects of the proposed law is its attention to detail. It is comprehensive and ticks most of the boxes that a data protection law ought to have. It vests individuals with certain rights with respect to their personal data, imposes obligations on entities that collect and process such data, and envisages a regulatory infrastructure that is supposed to facilitate the ecosystem within which data is collected, processed, and transferred. The Bill is also applicable to State entities, which is an upgrade over the status quo.Read more here.