New Niti Framework May Help Improve Data Protection Standards in India

CIOReviewIndia Team | Tuesday, 15 September 2020, 09:11 IST

datasecurityThis is the age when Indians are consuming more data than previous days with the easily accessible smartphones, internet penetration, and reduced data charges. Conversely, while doing so, Indians are generating and sharing more data about themselves than previous days. The sharing includes – ‘Who They Are’, ‘How Much Do They Earn’, ‘Where Do They Spend’. These data are crucial for corporations in selling products and services, and help individuals in securing a loan or insurance.

The government think-tank, Niti Aayog, in the previous month, said, “The Data Empowerment and Protection Architecture (DEPA) seeks to accelerate financial inclusion by advocating sharing of data by users for their good, on their terms. Even if initially adopted for financial services, DEPA has the potential to be adapted to more domains.”

DEPA counters a lot of present thinking ways about data sharing and data protection in the global arena. It includes the European philosophy, which is geared towards data protection for users, even making business innovations open. DEPA says, “This approach would be counterproductive for India, a developing country. A case in point is street vendors. Today, they are unable to prove their creditworthiness to access a bank loan. But what if they could use mobile payment systems to show daily cash flows, which gets them an online loan?”

On the opposite of European philosophy is the American way, inclined towards tech businesses and innovations, at the same time striking with questions on the power of the data users and their responsible usage. DEPA tells the solution as – exposure of who has access to data and by making user consent the key.

With a new set of entities, DEPA wants to manage user consent, calling it account aggregators, acting as the intermediaries between information providers like banks and information users like robot advisors. On one side, account aggregators will manage data flow from users to the other they will not be having access to user data. However, DEPA doesn’t cover any misuse of data by the giver (banks) or receiver (robot advisor).

There is a trading between efficiency and innovation going on in the world with risk of misuse of data, security, and privacy violations.

Like for a mobile application which is rewarding its user for paying credit card bills, it does take consent for scanning email and fetching the outstanding bill, however, when it starts compiling the individual transactions, does it sell information to others?

What happens when data is stolen during a data breach? Last year, in the United States, in an advanced tech market, there were 1,473 instances of data breaches, as per the Identity Theft Resource Centre (US – Non-Profit). It exposed almost 164 million sensitive records and 705 million non-sensitive records.

It is urgent to get greater right for India, to fare well in controlling data breaches.

A study in last year, conducted across 17 geographies by Ponemon Institute for IBM Security tells India will be the fourth-worst in time taken for identifying and contain a data breach. A data breach in India in general lay exposed for 313 days.

Almost all the countries tell that data sharing has driven economic growth and innovation. Like for Chinese superapps WeChat and Alipay, which are dependent on extensive data sharing in the ecosystem, in the United States, large banks are mining data-sharing deals with other companies. In Africa, fintech innovations have occurred as a result of data sharing.

Not allowing private sector drive the technology, some governments have sought to impose standards, even cooperation, using regulations and frameworks. Like the European Union (EU) passed a Payment Services Directive (PSD2) for harmonizing payments regulations in the EU countries, which will give customers a huge control on their banking data.

Different regions approach for data protection in different manners. It depends on the requirements and dominant worldview.

In India, the Information Technology Act 2000 offered some data protection, the government’s own experience in digital technology in the last decade forged this framework. This started with Aadhaar in 2010, after which came eKYC in 2012, enabling the digital share of data from the Aadhaar database, allowing banks and telecom companies to onboard customers faster, though raising questions on data security and protection.

Though data protection frameworks look similar, the functioning depends on the technical, legal, and institutional capacities of different countries. The lower consumer education rate in India exposed problems related to money transfer, as most users approach with greater caution. UPI users have been trapped in scams for example.

Located in the United Kingdom, Comparitech, a professional consumer website, analyzed data protection laws and institutions for several countries, where most countries were short of acceptable standards. The total score of India showed ‘systemic failure in safeguard maintenance’.

Don't Miss ( 1-5 of 25 )