Data Privacy or Information Privacy is a branch of Information Technology that deals with the proper collection, storage, usage, and disposal of data. With the ever-growing use of data in the internet, and now IoT, world, especially with data sharing with third parties and potential misuses of individual data, the focus around data privacy and security has exponentially increased over the years. 66% of the countries worldwide have some form of the data privacy legislation in place, the most famous being GDPR (General Data Protection Regulation) which deals with data protection and privacy in the EU (European Union) region.
There are a lot of local laws and regulations that dictate the data privacy rights of an individual or a consumer. For an individual, the universal principals guiding data privacy, based on the Records, Computers and Rights of Citizens (07/01/1973) report, are
- For all data collected, there should be a stated purpose.
- Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual.
- Records kept on an individual should be accurate and up to date.
- There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting.
- Data should be deleted when it is no longer needed for the stated purpose.
- Transmission of personal information to locations where “equivalent” personal data protection cannot be assured is prohibited.
- Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion).
Most of these are true even today. A new concept of “Right to be forgotten” has emerged in the internet world. With the internet, no data is ever lost and can be easy found with internet searches. The “Right to be forgotten” is an individual’s right to vanish, partially or completely, from the internet – not being present in any internet search results.
Just as Individuals, Organizations’ data privacy rights are guided by local laws and regulations. This becomes increasingly difficult for organizations that operate in multiple jurisdictions or geographies. Organizations also have an additional layer of data privacy requirements of the customers who they are serving. Organizations partner with each other to cross-sell or up-sell services and they share their customers’ data – what data and how much can they share is dictated by various consumer data protection rules (see GDPR).
Countries are continuously working on their data privacy and protection laws to keep them up to date with technological changes and massive data gathering and mining methods, along with multi-party data sharing, even anonymously. Two of the most exciting bills to watch out for are
- The USA – A bill was presented in February 2020 as the Data Protection Act of 2020, which aims to create a Data Protection Agency in the United States to oversee and enforce federal privacy mandates.
- India – A bill was presented on December 11, 2019, as the Personal Data Protection Bill, 2019, which seeks to provide for the protection of personal data of individuals, and establishes a Data Protection Authority for the same.
You would think why are these two important.
Currently, GDPR is the gold standard for data privacy and protection for individuals.
We also know that the USA maintains its lead as the most technologically innovative country in the world. At the same time, some of the largest USA firms earn almost all of their revenues mining or selling user data.
On the other side, India is the biggest open market with over half a billion internet users in a developing nation. Developing nations are currently caught in the middle, where they want to provide better data privacy and protection rules but don’t want to lose opportunities that stricter laws may lead to.
This test that the two nations face and the decisions they take may shape the future of data privacy and protection rules for a lot of other nations, both in the developed and developing countries spectrum.