As an individual, who is closely associated with IT Service Industry, the one aspect which has always troubled me was the way people shared their personal information on internet, especially on social, search, business and entertainment platforms. That most of these avenues stored and retrieved data of Indian citizens in faraway geo-locations, typically in their home countries made this repertoire of data a potential candidate for future threats and exploitation.

The recent Facebook–Cambridge Analytica fiasco where the social media giant along with its ally had harvested data of millions of Indians, and that too without their knowledge, to help certain elements during elections is a case in point. This scandal shook various government agencies including security bureaus out of complacency. 

Such was the magnitude of the scandal that many heads came under the chopping block and Facebook and its allies had to apologise for its actions. It was not just about one entity. Online giants like Google, Twitter and Amazon were some of the other major companies which held unprecedented control over such information. It was a recipe for disaster.

Even before the scandal erupted several government outfits such as Reserve Bank of India had demanded complete localisation of payment systems data within the Indian geographical location and its use restricted to running of business and nothing else. Post revelation and weeks after the scandal came to light, the Indian government quickly came into action and drafted “Data Protection Bill” under the aegis of Supreme Court judge Shri B.N Srikrishna which incidentally was not approved and postponed during the inter-ministerial meeting. 

The said bill essentially laid down the framework for restricting such entities from exploiting personal information. The government wanted to make sure that Facebook–Cambridge Analytica like fiasco didn’t happen again. At the time of writing this blog post the bill is yet to be tabled. However, Modi government has already given its approval which is aptly termed “The Personal Data Protection Bill, 2018”.

So, what does this bill plan to achieve. Broadly, the bill aims to achieve two goals – data localisation of Indian citizens and restrict its usage by the companies who gather such information. However, the government has gone a step further and branched off such data into two categories, namely;

1. Critical & Sensitive – The bill defines this kind of personal data belonging to a class which covers the following – passwords, banking data, health data, biometric details and orientation of different types.  
2. General – Data which does not belong to the above category falls under General category.

Interestingly, the said bill proposes to allow MNC’s or internet companies to process sensitive information outside India. However there is a catch. It needs explicit permission from the concerned individual. On the other hand critical data must be stored and processed in India. The latter pool of information will be subject to regular monitoring and assessment, and depending on the outcome new additions or redundant clauses may be tweaked accordingly.

Personally, I feel this bill will go a long way in building trust between companies and government and also between consumers and data collectors. On the flip side, excessive regulation or rigid conformity may result in frequent delays and create bottlenecks which in turn may turn many companies wary. I also believe, that for the greater cause, this bill needs to be approved quickly. It’s just a matter of few days!

Addendum –

Unlike EU’s 2017 General Data Protection Regulation (GDPR), this bill goes a step further and therefore not only offers a framework to manage individual data information but also protects the country from 5th generation warfare and retaliation techniques.

Author [ Pankaj Jaiswal ] is Managing Director of Dotcom Services India Pvt Ltd (https://www.worldindia.com) & Netlynx Technologies Pvt Ltd (https://www.netlynx.com). He also hold Management Roles in Netlynx Inc , USA  (https://www.netlynxinc.com) & Netlynx Tech, Canada (https://www.netlynx.ca).