Data Privacy Day is a great reminder about the value of privacy: Sreenidhi Srinivasan, Principal Associate, Ikigai Law
On World Data Privacy day, Sreenidhi Srinivasan, Principal Associate, Ikigai Law, says, "Individuals must be aware of their rights".
In a short but incisive interaction, Sreenidhi Srinivasan, Principal Associate, Ikigai Law, has revealed what World Data Protection Day is all about for both individuals and corporates while voicing her thoughts and concerns on the Data Privacy Bill, what it lacks and whether the expansion of scope into non-personal data coverage is a good idea or not. Here are edited excerpts of the interaction with HT Tech.
Q. 1 What significance do you attach to the World Data Privacy Day?
It's a great reminder about the value of privacy! For companies - to make privacy conscious choices when developing products. And for individuals - to be aware of their rights.
Q.2 Data Protection Bill - how do you see it?
The bill draws from core privacy principles accepted globally- privacy 'by design', minimising the amount of data collected, informed consent, and accountability. It also provides for the setting up of a data protection regulator. The law is mostly principle-based. And the real meat of implementation will depend on how the regulator interprets the principles, develops codes of practice and regulations, and enforces compliance. A lot rides on the regulator- and the focus should be on building a robust, effective regulator.
At the same time, the bill suggested by the joint Parliamentary panel expands the scope of the law to cover non-personal data (anonymised data, business insights). This expansion is concerning. While 'personal data' is about individuals' privacy, non-personal data governance has an economic rationale. Combining the two could dilute both objectives.
Q.3 What are some of the things you would have liked to be added to the Data Protection Bill?
First, since the government itself collects and uses a lot of data, more narrowly tailored exceptions for government bodies could have strengthened privacy. Second, the bill treads into business proprietary data- for eg., it asks businesses to disclose fairness of algorithms, it does not allow businesses to deny data portability requests based on trade secret considerations. Some clarity on how such disclosures interact with IP rights would be useful. Third, the genesis of this law is rooted in privacy. Expanding it to include non-personal data could dilute this objective.