Brainstorm Think

The Unique Challenge of a Data Protection Law

A data protection law must grapple both with the needs of the present and the possibilities of the future. We cannot remain stuck in the past.

This is the closing post in our Brainstorm discussion on ‘The Future of Data Protection in India’. Earlier posts: Intro123456, 7.

We started this Brainstorm still reeling from the sweet rush of the Supreme Court decision declaring privacy as a fundamental right in India. This was followed by the encouraging news of an Expert Committee working on a new data protection law. Things seemed to be moving in the right direction: individuals would be vested with certain rights with respect to their data, and there would be certainty in terms of what data collectors could and could not do with this data. But the past few months have shown that this is no easy task.

One of the objectives of any law is to legislate for the future: to ensure that the law is durable and stands the test of time. With data protection, we are witnessing a situation where our needs are in the present and there is no guarantee that they will remain the same in the future. We are grappling with defining the problems we face and brainstorming about possible solutions at the same time, with understandably mediocre results.

Take the ongoing Aadhaar case in the Supreme Court and the recent revelations of the data harvesting from Facebook by Cambridge Analytica. There is an urgent need for clarity on both fronts, and yet, none is likely to be available anytime soon. These two cases reflect several of the challenges highlighted by our participants over the past few months of our discussion. They showcase the fragility of consent in the data rich world of today. They show that the scope for data protection is vast and there are people from all walks of life who will be affected by it. They stress the need to equip individuals with rights to their data that they can understand and exercise. And enveloping all this is the realisation that any regulation of the field must not be dogmatic and rigid, but instead be in the form of an enabling institution that endures.

The task might seem impossible but we can take heart from knowing we are on the right path. The conversations we have had on this forum are a testament to this.

Here are all the posts from the discussion so far:

The Future of Data Protection in India – Ajay Patri and Manasa Venkataraman

Listen to the People – Malavika Raghavan

Moving Beyond Consent – Rahul Matthan

Regulation with a Light Touch – Saurabh Chandra

Towards Data Disarmament – Nikhil Pahwa

A Time for Vigilance – Manasa Venkataraman and Ajay Patri

Not Just a Bunch of Rules – Saurabh Chandra

Before the Horse Bolts – Malavika Raghavan

A big thank you to all our participants for their time and their insights.

About the author

Manasa Venkataraman

Manasa is a Research Associate at the Takshashila Institution. She is a graduate of Government Law College, Mumbai and transitioned to public policy after working as a corporate lawyer in Mumbai. She works on issues at the intersection of technology, law and policy, with a specific focus on privacy and data protection.