11 October, 2019: Indian Institute of Management Bangalore (IIMB), in association with the Federation of Indian Chambers of Commerce and Industry (FICCI), hosted a one-day conference on ‘Digital Data Privacy, Protection and Monetization Models’ at IIMB on October 10, 2019.
Welcoming the speakers and audience, Prof. A. Damodaran, Faculty from the Economics and Social Sciences area at IIMB, and DPIIT Chair Professor on IPR, said: “The conference aims to propose policy guidelines on data flows and explore the design of a new data economy for India. It delves into the requirements for a Digital and IPR infrastructure for India that can lead to the emergence of a robust data economy in the country. The conference will also discuss corporate strategies and responses to controls and regulations on data.”
Industry leaders and policymakers addressed issues like the legal framework of Data Protection Data/Cyber Security and Privacy in India, Digital India and Design of Data Protection Ecosystems, Network Technologies, IPRs and Data Monetization Models, Corporate India: Coping Mechanisms and Strategies, and Assessing Preparedness: Towards an Indian Model of Data-Driven Economic System.
Key speakers included Bhavna Sangwan, Amazon, Rama Vedashree, CEO, Data Security Council of India, Bikash Barai, Co-founder, FireCompass, Pratap Reddy, IPS, ADGP, Karnataka, Ravichandran R, IRS, Principal Director of Income Tax (Investigation), Bengaluru, Venkatesh Murthy, Director, DSCI, Bangalore, Gopal Mulagund, Director, Database Security Development, Oracle, Dr. Rohini Srivathsa, CTO & Strategy Lead, Microsoft, Satish K Sreenivasaiah, Head of Product Trustworthy CoE at TCS Components Engineering Group (CEG), Saurabh Agarwal, Senior Product Manager, LinkedIn, L. Ravichandran, President and COO, Tech Mahindra, Ravi Gandhi, CRO, Airtel, Lakshminarayanan R., Director & Head – IP & Innovation, Samsung R&D Institute Speaker from Realtor Sector (TBI), Professors A. Damodaran, Anil Suraj and Sankarshan Basu among others.
In his introductory remarks, Ullas Kamath, Chairman, FICCI KSC & Joint Managing Director, Jyothy Laboratories Limited, said: “Data is becoming crucial to public and government. India must play a pivotal role in the deliberations on a secure India and a responsive governance structure. The focus of today’s conference is on the possible trade-offs amongst aspects like Data Protection, Privacy and rapidly growing digitally-driven economic systems that have been key priorities for India in the preceding three years. We hope this conference provides us answers to questions in and around the subjects in the light of the privacy laws envisaged.”
Jairam Ramesh underlines importance of Privacy legislation
Recalling the Supreme Court observations in the Puttasawamy judgement that right to privacy is a Fundamental Right and the contours of the Srikrishna Commission Report on Privacy, Jairam Ramesh , Member of Parliament (Rajya Sabha) and former Union Minister, underlined the importance of India’s Privacy legislation in clearly bringing out the dimensions of use and misuse of personal data, the access of state to personal data keeping in view the possible role of big data in accentuating digital divide. He stated that he looked towards the recommendations of the conference for raising the same in Parliament.
From TRAI chief
In his special address on video, Ram Sevak Sharma, Chairman, TRAI, emphasized the need to address key issues on data privacy, data protection including consent and the need for accountability in cases of misuse. “I have spent over four decades in the government sector and I have witnessed a vast change in this system. We need to thank Mr. Nandan Nilekani for introducing Aadhar, which has brought in a modern data privacy regime in India. Earlier, there was no urge for data protection and privacy amongst the masses but with the introduction of Adhaar, the need is being felt amongst the public. Unfortunately, the law hasn’t been introduced yet and we still need an overall privacy law in our country. The Aadhaar Bill limits the usage of data and it can be shared only with consent.”
Prof. G. Raghuram, Director, IIMB, said: “The Indian market has tremendous growth potential in the data market. We are swiftly evolving from a knowledge economy to a data-driven economy. In less than a decade, technology has disrupted the landscape in healthcare, transportation and banking. India has data, huge market opportunities and immense talent and it is up to us to decide out what we want to do with it. In the long run we need to come up with a strict privacy law.”
Expert panels
The panel on legal dimensions of privacy discussed Constitutional right vs privacy as personal resource, national prerogative vs personal consent and more. The panel on Data Security: The Cyber Security dimensions gave an overview of the state of preparedness in India, data and privacy breach costs, ethical hacking and risk assessment, cyber security and due diligence in mergers and acquisitions. The one on Network Technologies, IPRs and Data Monetization Models elaborated on IPR implications of Blockchains as open, distributed ledgers on IPRs, IPR-driven data monetization models, while the one on Corporate India: Coping Mechanisms and Strategies looked to answer questions on data provisioning costs, economies of altered portability options with reference to cloud-based services, quality IP generation, incremental costing of compliance, and global monetizing of private data. The final session assessed preparedness towards an Indian model of data-driven economic systems.
Prof. Damodaran, who presented the varying business models associated with Data Monetization in the third substantive session, in his concluding remarks, observed: “The conference has put together policy guidelines on data flows, new data economy for India and privacy from the public goods angle. With the support of FICCI, we would like to take this agenda forward to make a difference to Digital and IPR infrastructure for India that can lead to the emergence of a robust data economy in the country.”
Outcomes
The conference recommendations touched upon the following aspects:
-
India’s Privacy Bill needs to be in tune with digital business enterprise business models that are emerging in the world. The new avenues for digital enterprises are: professional data brokerages that provide exchange functions for digital data creators, processors and analytical companies. Such enterprises will face immense difficulties if the right to withdraw consent for the use of personal (including sensitive personal data) are exercised without any sunset clauses.
-
Data Management literacy program needs to be initiated to inculcate quality awareness for customers (or data principals) so that rights are exercised effectively and prudently.
-
The Bill, in its present shape, is overtly regulatory with no emphasis on development dimensions . The need to maintain threshold cyber security standards by localized servers needs to be incorporated as one of the development functions of the Act. Similar standards should obtain for “Privacy of Design” measures proposed for companies/organizations coming under the purview of the Act, in order to ensure that the privacy is protected in letter and spirit.