Data protection is the process of safeguarding the crucial information from corruption, compromise or loss. Every Individual’s Data should be protected and should not be allowed normally to be disseminated without his consent as it may expose the individual to risks and threats from unwanted quarters.
Why Data Protection is Needed
Instances of data privacy violations, identity theft and personal information misuse have led to increased monitoring and consumer pressure to prevent disclosure or compromise of personally identifiable and sensitive information.
A case in point is the recent case where a researcher linked to Cambridge Analytica (CA), a political consulting firm had accessed details of 50 million Facebook users. The data was shared with Cambridge Analytica, which used online data to reach voters on social media with personalized messages and swayed 2016 US elections.
According to a report Demystifying the EU General Data Protection Regulation, by Pwc, “As per estimates, there have been more than 575 reported data breaches which have exposed more than 13 million records in eight months in 2016.” In the backdrop of increasing concerns over data thefts and mishandling of sensitive information the government of various countries are formulating new policies to contain data leaks. The recent development is General Data Protection Regulation (GDPR) by European Union.
Respecting the Individual’s Data Privacy, Telecommunication Regulatory Authority of India (TRAI) suggests ‘Data security breaches may take place in-spite of adoption of best practices/ necessary measures taken by the data controllers and processors. Sharing of information concerning to data security breaches should be encouraged and incentivized to prevent/mitigate such occurrences in future.”
A single company may possess the personal information data of millions of its customers. It needs to keep the data private so that customers’ identities stay as safe and protected as possible, and the company’s reputation remains untarnished. With the recent incidents of data breaches, data privacy has become a more important concern now than before.
|
Group Discussion Topics & Tips: Learn the Facts
|
What’s is Personal Data
The Personal Data has a broad meaning. It includes from an individual's name to his/her location to an online identifier like IP address, browser cookies that can track web activity. An individual's physical, physiological, genetic, mental, economic, cultural or social identity is his/her personal date which should be protected.
The individual expects that if a data collector, whether a business or a government agency, wants to use this data, it should obtain consent in a clear and accessible way. At present while entering the agreement drafted by the company, if you go through it, you will find it extremely ambiguous. It should be specific and clearly articulated in language that people can understand. All individuals have a lot at stake when it comes to data privacy. The more it is shared, the more exposed is an individual to number of risks.
Data Privacy and its Importance
Data privacy relates to how a piece of information or data should be handled based on its relative importance. For instance, you likely wouldn’t mind sharing your name with a stranger in the process of introducing yourself, but there’s other information you wouldn’t share, at least not until you become more acquainted with that person. Open a new bank account, though, and you’ll probably be asked to share a tremendous amount of personal information beyond your name.
In the digital age, we typically apply the concept of data privacy to critical personal information, also known as personally identifiable information (PII) and personal health information (PHI). This can include Social Security numbers, health and medical records, financial data, including bank account and credit card numbers, and even basic, but still sensitive, information, such as full names, addresses and birthdates.
For a business, data privacy goes beyond the PII of its employees and customers. It also includes the information that helps the company operate, whether it’s proprietary research and development data or financial information that shows how it’s spending and investing its money.
Data privacy is very important. It’s why people put locks on filing cabinets and rent safety deposit boxes at their banks. But as more of our data becomes digitized, and we share more information online, data privacy is taking on greater importance.
Data Breaches: Incidents
Recent Data Breaches by top Service providers like Facebook, Twitter among others have raised the question whether the personal data of an individual is safe? The Cambidge Analytica scandal wherein data of tens of millions of Facebook users was leaked and was allegedly misused by Cambridge Analytica, a data mining firm linked to Donald Trump's 2016 presidential campaign created furore across the world including India which is one of the countries with highest number of Facebook users. For days after the Cambridge Analytica scandal broke, Mark Zuckerberg and Sheryl Sandberg, the only public faces of the company were silent and unavailable to the media and users. This led to rampant speculation about the company's culpability and leading to a DeleteFacebook Movement by many users. The movement garnered support by tech leaders like Steve Wozniak.
The revelation exposed the vulnerability of user data and shook the confidence of Facebook users, many of whom threatened to wipe out their accounts as part of a mass exodus.
Positives: Steps to Protect Data Privacy
GDPR in EU: Strict Step to Protect Data Privacy
What is the GDPR?
The General Data Protection Regulation (GDPR) is a Europe-wide law for Data protection. After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016 and has become effective from 25 May 2018. According to the website eugdpr.org, the EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.
Why It is Created
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). As it comes on the heels of Cambridge Analytica scandal, the GDPR will give an individual the right to find out whether, where and for what purpose their personal data is being processed.
The General Data Protection Regulation (GDPR) is a replacement to the Data Protection Directive 95/46/EC and was designed to integrate the various data privacy laws across Europe, to guard and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
GDPR Impact
Until the implementation of GDPR, Data Protection regulations in EU were not that stringent. Fines for breach of policies were restricted and enforcement actions irregular. GDPR implementation is set to fix these loopholes. Key features of the GDPR are:
Justify the Data Use
Individuals are entitled to have their personal data erased or not disseminated further, including potentially halting third parties from processing the data. They can choose to move their data and can object to having it processed for direct marketing purposes. The companies wishing to use your data will have to justify why they want to know it.
Extended Reach
The GDPR now covers ‘all organizations offering goods and services to EU residents and organizations that monitor the (online) behavior of EU residents’. This extended reach now covers majority of the organizations and hence is more effective.
Real Reputational Risk
With GDPR, the enforcement actions will be more frequent and hence will be brought to light much sooner. The risk of reputational damage will therefore become more visible and real.
Hefty Fines
Failure to comply with the GDPR also comes with a hefty penalty. Companies that violate the new rules can be fined up to 4 percent of their annual global turnover or 20 million euros (nearly $25 million), whichever is greater. Hence implementation of GDPR within organizations will be more effective.
TRAI to Protect Personal Data in India
- Telecommunication Authority of India (TRAI) has recommended measures to protect Data Privacy of the individuals. Constitution of Data Protection Authority of India is also in the offing.
- The Srikrishna Committee is to submit report on data privacy. This may become the ground to frame the tough law on data protection.TRAI is of the view that the data is collected by private as well as government entities. Therefore, the data protection framework should be equally applicable to both the government as well as private entities
- TRAI has recommended that there must be a recognition that while data controllers may indeed collect and process personal data, this must be subject to various conditions and obligations – including importantly, securing explicit consent of the individual, using the personal data only for identified purposes.
- The entity that has control over personal data would be responsible for compliance with data protection norms.
- The Authority has recommended that all entities in the digital eco-system, which control or process the data, should be restrained from using metadata to identify the individual users.
- For this purpose, the government should notify the policy framework for regulation of Devices, Operating Systems, Browsers, and Applications.”
- TRAI further recommends that in order to ensure sufficient choices to the users of digital services, granularities in the consent mechanism should be built-in by the service providers.
- A framework on the basis of the Electronic Consent Framework developed by MEITY and the master direction for data fiduciary (account aggregator) issued by Reserve Bank of India, should be notified for the telecommunication sector also. It should have provisions for revoking the consent, at a later date, by users.
- To ensure the privacy of users, National Policy for encryption of personal data, generated and collected in the digital eco-system, should be notified by the Government at the earliest.”
- “For ensuring the security of the personal data and privacy of telecommunication consumers, personal data of telecommunication consumers should be encrypted during the motion as well as during the storage in the digital ecosystem.
- “Decryption should be permitted on a need basis by authorized entities in accordance to consent of the consumer or as per requirement of the law.”
Constraints to Protect Data Privacy in India
- India has no Data Protection Authority to secure data privacy
- Supreme Court has been raising questions about the steps by the Government to protect privacy of Data
- The Report of Srikrishna Committee on Data Protection is delayed
- It is not clear whether the Government would make a tough law like GDPR on Data protection or it will have loop holes which may allow the service providers to escape
Read Latest GD Topics:
- Demonetisation: Success & failures
- Social Media: A boon or a bane for society and individuals
- Cashless Economy: Is Society ready for transformation?
- GST: Will economy grow faster with reduced rates of Goods & Services Tax?
- Walmart and Flipkart Deal: Impact on Indian Economy
- Impact of Technology on Jobs: Will Automation & Artificial Intelligence reduce or increase Jobs?
- Linking of Aadhaar: Is making Aaadhar mandatory a good idea?
- Crypto Currency: A bright future or just a fad?
- Make in India: The idea will make India a manufacturing hub
- Beti Bachao Beti Padhao: Will it abolish the orthodox mindset?
