Blog

Saturday 7 December 2019

Data Division Debate

In how many ways can you divide data ?

That is the question

Context :

Panel to ready white paper on non-personal data post talks

Data Protection Bill talks of following “ types of data “ :

[ A ] “ Umbrella Group “ consisting of data from which a person can be identified

[ B ] “ Sensitive Personal Data “ consisting of financial , health, sexual orientation,

biometric, genetic, transgender status, caste, religious belief, passwords etc

[ C ] “ Critical Personal Data “ such as military/national security data [ to be defined ]

[ D ] “ Non-Personal Data “

[ E ] “ Anonymized Personal Data “

======================================================

Neat ? Hardly !

I urge the officers who drafted this bill to label “ which data is what type “ in the following tabulation

==================================================

Srl No	Data	A	B	C	D	E
1	Who I am ( name / gendre )
2	Where and when, I was born / who were my parents
3	Where I grew up / where I live currently
4	Do I live in a rented place or in an owned flat
5	What Schools / Colleges I attended ( - and degrees I acquired )
6	What Companies I worked for and salaries I got
7	How I travel to work ( own vehicle or public transport )
8	Where I go for my holidays / what books I read
9	Who I married and who are my children ( - and how many )
10	If divorced , how much alimony I pay and to whom
11	Where I invest my money ( Banks – Funds – Equity etc )
12	How much I have borrowed from whom and for how long
13	My Credit ranking ( including my spending history / card wise – wallet wise )
14	What are my eating ( food ) preferences and the restaurants I visit
15	What I do for entertainment ( Music / Movies / Videos ) [ life-long cultural activity history ]
16	What clothes I wear and how often do I buy
17	Who are my friends and how often I phone / text them / meet them
18	What ailments I suffer from and what medicines I take ( complete life-long medical history )
19	What minor offences ( traffic ) or crimes that I have committed
20	What elections I have contested ( won and lost )
21	Who are my doctors / lawyers / brokers / agents
22	What web sites I visit and how often and for how long ( Social Media engagement )
23	What do I search on the Net / What RSS feeds I subscribe to
24	What TV channels I watch and Radio Stations that I listen to
25	Every photo of mine ever taken ( selfie or otherwise )
26	Every phone call that I ever made or received
27	Every Email / Text message that I ever sent or received
28	Every blog / comment that I ever posted on the Web
29	Ev Every face-to-face communication that I engaged in
30	Languages Spoken
31	Every E-Com site visited and every item ordered
32	Every banking transaction
33	Every digital payment transaction
34	Every mobile app downloaded
35	Complete list of my online/offline Service Providers
36	List of IoT enabled / plain , gadgets in my house
37	DBT Scheme benefits enjoyed
38

Is it possible that each of the above-listed item ( - this list is far from being comprehensive ), may be interpreted differently { A – B – C – D – E } , by :

Ø Citizen involved in litigation under the proposed Data Protection Law

Ø Millions of lawyers

Ø Thousands of Judges

Apart from this “ Matter of Interpretation “ of DATA TYPE , there is also the question of :

Ø Nature of Content

· WHO created

· WHEN created

· WHERE created

· HOW created

· HOW transmitted / circulated

· HOW transformed ( “Speech to Text “ is so yesterday transformation )

· To WHOM sold

· HOW used

· WHEN compiled

· WHO compiled

· WHERE stored

And also the question of everyone ( concerned with litigation ), agreeing with the correct

definition of the following words used in the Data Protection Law :

# Private

# Data

# App

# Permission

# Access

# Download

# Sign

# Rights

# Own

# Personal

# Share

# Entity

# Processing

# Obligation

# Handling

# Collection

# Use

Are we about to enact a law which , on one hand, is not implementable and on the other hand , might lead to unending litigation ?

Dear Shri RaviShankar Prasadji,

It may not be too late to rethink the whole matter

With regards,

Hemen Parekh

======================================================

Data Privacy Law : a Pandora’s Box ? [ 15 July 2018 ]

Wednesday 4 December 2019

Thank You, Shri RaviShankar Prasadji

Context :

Today’s Hindustan Times carries following news :

Cabinet nod to India’s first data protection bill, House test soon

Highlights :

Ø New bill has changes in three key areas from a draft prepared in 2018:

# data storage rules,

# user verification process, and

# the sharing of non-personal or anonymised personal data.

Ø Information that is neither classified as CRITICAL nor as SENSITIVE, will not need to be storied in India if the fiduciary obtains the consent of the user to send such data abroad

Ø On the whole, the LAW GIVES OWNERSHIP OF PERSONAL DATA TO THE INDIVIDUAL

and lays down penalties and punishments in case it is misused in a way that

jeopardises the user’s privacy.

Ø Sensitive data (see box), includes passwords, financial records, health data and identifiers of gender, caste and religion

Ø Critical data has not been defined yet

Ø The second key change was a new rule that will mandate “significant data fiduciaries” – or big digital companies such as Facebook and Twitter – to display a verification tag based on the amount of information a user discloses while signing up

They will have to use identifiers to differentiate between

# a user who has a verified registration and displays real name,

# a user who has a verified registration but has kept name anonymous, and

# a user that has not verified registration

======================================================

Thank you , Shri RaviShankar Prasadji ,

For incorporating ( - although , in somewhat watered down way ), my following suggestions :

Ø LAW GIVES OWNERSHIP OF PERSONAL DATA TO THE INDIVIDUAL

I suggested :