Decoding Data Protection Laws for a Seamless Future


Supporting the Digital India is the call of the day. Still, we have to be cautious as we go about it. It is common knowledge now that 14 lakh Aadhar records were leaked in Jharkhand including biometric details. Not only Aadhar, some 3.2 million debit cards had been compromised in multiple banks in India in October, 2016. ASSOCHAM reports 67% mobile frauds. The system seems to be porous.
What with debit cards being slowly getting replaced with Aadhar based payment systems in the near future, cyber crime has increased manifold post-demonetization. This poses serious threats for Aadhar based payment authentications.

Apart from the positives of Aadhar, it is also raising red flags. To be holistically successful, it has to support the entire payment ecosystem. We are making Aadhar mandatory for everything without ensuring its security. As it is meant to  create cascading ancillary industries, we need to create a complete security framework before rolling it out. One of the associated industry is biometric records. There have been reports of data leakages at the state level. With a billion Indians possessing Aadhar card, data theft can spiral into a big crisis, something akin to the recent crisis in UK – just today the UK health services were targeted and hacked. The reports suggest that the concerned authorities had completely ignored several warnings for many months.

The urgent need to develop Aadhar enabled mobile phones has to be addressed indigenously; in other words, Apple and Samsung may not be able to pitch in effectively as they can’t empathize the pain points and understand and dynamics of the country. The solution has to be made in India by Indian companies. Multiple vernacular languages have to be included to support the different geographies as well.
In the near future, most wars will be fought in cyber space. This will necessitate the need of strong and effective data security. It is, perhaps, for this reason that China has ensured all the servers to be kept within their geographical area. Even Russia is clear about this mandate. A lack of such security can create havoc and serious breaches. Just consider that, recently, the Indian Army was hacked. Even dating sites, such as Ashley Madison, were hacked compromising the personal data of about 1.5 million Indians.

This brings us to the important issue of Trust versus Jurisprudence and treatment of Retrospective data lying in servers beyond the confines of the nation. Even if we manage to pass a Bill mandating all the data to be kept in servers within India, more steps will still be needed to ensure safety. The next question that arises is about the data that has already been exchanged outside the borders. Do we go about hunting for retrospective data? Is there even a possible chance of doing that? We  hope our private service providers will keep tons of data they have access to safe. An  attempt to safeguard the data has to be done instead of leaving it to Murphy’s Law – anything that can go wrong, will go wrong. The good news is that there are ways to secure even the most impossible retrospective data lying abroad. I, along with other stakeholder citizens, am personally willing to work with the Government and industry bodies like CII and NASSCOM. But, a larger public interest is also needed.

Another challenge lies embedded in the terms and conditions of popular apps like, Whatsapp, Truecaller, who also make it clear that all data shared with them can be used in public domain. That, actually, is their business model. This points to a need for sensitization about clear data logs. This will help keep track of the future amendments that might be made by such sites. Government audit of these logs for the largely popular apps is a must.

In this new age, terrorism is not just stone pelting. Many parts of India are moving into cyber radicalization especially in the northern areas. To top it all, now there are sites that are offering cyber crime as a service. The cyber crime space is turning into an industry. Mobile crimes are growing exponentially, but we hardly have policy regulating it.

The Government needs to curb all this by enforcing a stringent law made only for such crimes. The prevailing IT Law hardly addresses the issue of cyber security. The Indian Government has to be cognizant of the difference between the two, to protect the citizens.

There is no digital policy supporting the PM’s clarion call for digital initiatives. It seems that there is a big dearth of thought leadership. We have Aadhar Act and IT Act but no cyber laws. And, it is a gaping hole that can only lead to digital chaos in the near future. Policy preparedness on war footing needs to be carried out.

There has to be increase in the national IPR (Intellectual Property Rights) awareness as well. A statutory body should be setup constituting the industry stalwarts. As there is a direct correlation between patent filing and patent examiners, we need more patent examiners so that more patents can get processed.
Interestingly, India is the 7th largest patent filer in the world. While 85% of China files for IPR, in India it as low as 27%. A main contributor for this is that China works to a target, India does not. For instance, China has 10 thousand patent examiners compared to a paltry 450 patent examiners back home.
The Indian pendency of grants is likely to come down to 3 years which will, in turn, result in an increased commercialization of ideas for the economic growth and increased trade internationally. This, indeed, is good news.

We desperately need a balanced IPR system. The requirement of novelty from hardware needs to be done away with immediately. Instead, there should be novelty only in software, as in other countries. A case in point is Alice Corp. Pty. Ltd. v. CLS Bank Int’l., 134 S. Ct. 2347, 2355 (2014). The US Supreme Court held that “specific hardware” consisting of a “data processing unit,” a “communications controller,” and a “data storage unit” were “purely functional and generic”.

Some important objectives have to be kept in mind if we are to safeguard the IPR:
*    Creativity – protection to the creator as well as created material;
*    Copying – control of piracy and counterfeiting that are fast becoming an epidemic;
*    Enforcement – laying down measures to enforce the IPR as was demonstrated in the recent case of
the famous Math’s author, R. S. Aggarwal, who received Rs 10 crores in damages to his IP.

Another never ending challenge is the Section 3(K) of the Patent Act which is a black hole at this point. This Section bars patent eligibility of some inventions. The existing rule to file for a patent software with a novel hardware is a decadent policy. The Government should minimize the complexity of the Section 3(K). This will take the patent system to new heights and provide a lot of relief to the Indian IT companies. However, an encouraging aspect is that it is now training school children in IPR together with National Research Development Corporation (NRDC). This is a commendable action plan that is being implemented in phases.

On the positive side, an entirely new industry in technology driven citizen services is coming forth, constituting a whopping $1.2T worth of products and services. The crying need of the hour is citizen participation. The Government should identify large verticals and enable and empower the new generation of opportunity seekers. The rest will be done by the dynamic youth and the free market forces of laissez-faire.

The value of IPR is in monetization. Data is the future oil of the world. The question is – how does the IPR policy handle the situation? The opportunity window is already upon us. To cite a quick example in this context,  Reliance Jio is banking on data (oil of the modern age) to create a space for itself in the already established mobile data space.

The main challenge lies in the changing paradigm of technology. Agility will be key. The responsibility lies with the citizens and not only the government.
 P.s. These are author’s personal views.