Note4Students
From UPSC perspective, the following things are important :
Prelims level: NA
Mains level: Data privacy and digital governance in India
Context
- 2023 promises to be a landmark year for technology and digitisation in India. The Union Budget indicates growing prioritisation of these areas. For instance, the Digital India programme has been allotted Rs 4,795.24 crore, the allocation to the Ministry of Electronics and IT has nearly doubled, and there is a 1,000 per cent increase in the funding for the Artificial Intelligence and Digital Intelligence Unit. But something crucial is amiss.
Crack Prelims 2023! Talk to our Rankers
What is the issue?
- Budget has deep discord between pace of the digitisation and legal policy: Many of the initiatives announced with the budget reinforce the deep discord between the pace of digitisation efforts, and the implementation of effective legal frameworks to strengthen privacy and cybersecurity.
What is Anonymised data?
- Anonymised data includes data that does not contain Personally Identifiable Information (PII) like name, age, phone number, address, etc., or data from which PII has been removed.
Analysis: Privacy deficit in India
- New National Data Governance Policy: A new National Data Governance Policy is going to be introduced to enable access to anonymised data. However, several studies have demonstrated the ease with which anonymised data can be reverse-engineered to identify individuals. Current anonymisation techniques are inadequate and do not guarantee privacy protection.
- For instance: A study in 2019 was able to accurately reidentify 99.98 per cent of Americans in an anonymised dataset, including information held by the US government on more than 11 million people.
- Shortfall in Draft Digital Data Protection Bill, 2022: The current Draft Digital Data Protection Bill, 2022, falls short and fails to incorporate safeguards from previous rounds of consultations and even earlier iterations of the Bill.
- For instance: The 2021 draft imposed a penalty for the intentional reidentification of an individual’s anonymized personal information. This provision has been done away with, amplifying concerns around insufficient limitations and safeguards for privacy.
- No effective legislative safeguards to prevent access to personal information: The budget also proposes privacy-invasive changes to the Income Tax search and seizure provisions in view of the increased use of technology and digitization. IT officials could seek the assistance of experts to access digital devices and encrypted data. Such broad authorizations are bound to increase the scope for arbitrariness and misuse.
What issues need to be addressed for expanding the scope of DigiLocker?
- The budget proposes expanding the scope of DigiLocker. For this measure to truly serve the objective of “Trust Based Governance”, two issues need to be addressed:
- Strengthening of the cybersecurity infrastructure: Strengthening of the cybersecurity infrastructure, including implementation of the long-awaited National Cyber Security Strategy, to inspire people’s trust, and potentially avert situations like the one in 2020 where 3.8 crore DigiLocker accounts were compromised.
- Preventing scope creep of Aadhaar: Prevent the continuing scope creep of Aadhaar, which is increasingly being made mandatory not only to avail services and benefits but also to exercise fundamental rights such as voting. The negative human rights impact of the forced, widespread use of Aadhaar has been well-documented.
Did you know?
- DigiLocker, a government-run cloud-based platform for storing, sharing, and verifying documents and certificates, to make it a one-stop solution of reconciliation and updating of identity and addresses with Aadhaar as foundational identity.
Conclusion
- The World Economic Forum’s Global Cybersecurity Outlook 2023 finds that data privacy and cybersecurity regulations are effective for reducing cyber risks. Many new laws have been assured this year on data protection, telecom, internet governance and cybersecurity. As the country kickstarts its G20 presidency and prepares to be a leader in this space, we would do well to prioritise the development of exemplary, rights-respecting privacy and cybersecurity regimes.
Mains question
Q. For the potential of anonymised data to be unleashed without jeopardising people’s privacy, India first needs a robust data protection law. Discuss.
Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024