Hi Friends,

Even as I launch this today ( my 80th Birthday ), I realize that there is yet so much to say and do.

There is just no time to look back, no time to wonder,"Will anyone read these pages?"

With regards,
Hemen Parekh
27 June 2013

Sunday, 15 July 2018

Data Privacy Law : a Pandora’s Box ?





I got that feeling after reading the following :





Extract :


Crimes :
Include obtaining, transfer, disclosure and sale of personal and sensitive data, if it causes harm to the person whose data it is (data principal), and re-identification and processing of previously de-identified personal data.
[  How a citizen will ever get to know that someone to whom he gave personal data , has caused him harm , through misuse of data ?  
How must this aggrieved citizen go about to “ prove “ that a “ harm “ has been caused to him by such misuse ?  Would he even remember to whom did he give what personal data – and for what legitimate “ use “ ?
By filing court cases against 200 search engines / mobile apps / e-com sites / govt agencies  ?  ]


Punishment :
For “ intentional or reckless behaviour ” that leads to the crimes, which it wants to be made cognisable and non-bailable.
In case the crime has been committed by a company or body corporate, including government departments, the responsibility would lie with the person in charge of conducting the company’s business or the head of a government department.
[  If such a “ transfer / sale / disclosure “ of personal data  cannot  be proved to have caused “ harm “, will that behaviour not be “ intentional or reckless “  ?  ]


Compensation :
To be paid to “ data principals “ in case any harm is caused to them for infringement.
[  Who decides what was the “ quantum “ of harm and what is the commensurate “ quantum “ of compensation ? Won’t this differ from one case to another ? ]




Absolves :


The in-charge of all responsibility if he or she shows that the crime was committed without his/her knowledge or that all reasonable efforts had been taken to prevent the crime from being committed.


[  All data flows from one computer to another computer or even to some other

   internet-connected device , such as a car / refrigerator / smart watch / TV etc .

   Most of the time such transfers are happening round the clock, with no one watching /

   no one knowing / no one asking for any permission from anyone !


According to one expert , by 2022 , there will be 50 internet connected devices in each

home ( IoT – Internet of Things ) – each sending out a lot of your personal / private

data, to their respective manufacturers / ISPs / Operating Systems )


Will anyone know what device is sending out which information to whom and when ? ]


 


Data collected under Aadhaar :


Would be out of the scope and purview of the proposed law.

This recommendation may not find favour with those who have opposed the unique identification system on the ground that the collection and dissemination of Aadhaar data leaves citizens vulnerable.


[  What about Aadhar-linked data collected by government agencies for hundreds of

 Direct Benefit Schemes , which it has shared with Banks and Financial Institutions ? ]




Registration :

All data collectors would have to get registered with the DPA.

[  Each and every business establishment which is selling any product or service , online
   ( includes all search engines / e-com sites / mobile apps ), will need to register .
   Soon that will cover 50 million MSME of India !

   Would this cover all FOREIGN data collectors as well over which Indian Laws have no
   jurisdiction  ?  Is this , at all practical / feasible ?  ]


========================================================



Data Ombudsman :

To adjudicate complaints between “ data principals “ and “ data fiduciaries “
Appeals against orders of the data ombudsman will be made to an appellate tribunal.
The Supreme Court will hear appeals against orders of this appellate tribunal.


[  How many years will it take for the complaint to travel from Ombudsman  to
   Appellate tribunal  to Supreme Court  ?

   My guess  :  15 years  ]


Could we have anticipated these “ questions “ while drafting the Law  ?

And found some practical  answers to those questions before opening up the Pandora’s Box ?

Possibly , if the policy makers :

and the members of SriKrishna Committee :

      secy-dot@nic.in

      ceo@uidai.gov.in


      moona@iitk.ac.in

      grai@deity.gov.in



had carefully read my following emails – especially my oft-repeated suggestion to induct some
 IT technocrats (eg: Nandan Nilekani / nandan.nilekani@nic.in ) in the Committee


There is a possibility that the Hon Judges of the Supreme Court found time to read my emails – 
in which case , they might ask these questions to the Government advocate , when the first case
 reaches its doors  !



( 1 )   Privacy ? What is that ?  [  04 May 2017  ]

( 2 )  Delusion of Privacy ?      [  10  June  2017  ]

 

( 3 )  2024 ! – V 2.0 of Orwellian 1984 ?  [  07  July  2017  ]

 

( 4 )  Privacy ? Perish the Thought !  [  18  July  2017  ]

 

( 5 )  #RighttoPrivacy ! Thank You Your Honours ! [ 19 July 2017 ]

 

( 6 )  Privacy does not live here !  [  22  July  2017  ]

 

( 7 )  Future is Nearer !  [  31  July  2017  ]

 

( 8 )  Three got it Right !  [  02  Aug  2017  ]

 

( 9 )  My Birth-Right : Trying to Influence  [  04  Aug  2017  ]

 

( 10 )  https://myblogepage.blogspot.com/2017/08/wwwprivacyforsalecom.html  [  26

          Aug  2017  ]

 

( 11 )  Right to Sell My Soul ?  [  27  Aug  2017  ]

 

( 12 )  A Fool’s Paradise ?  [  29  Aug  2017  ]

 

( 13 )  Aadhar - for HR ?  [  02  Sept 2017  ]

 

( 14 )  Wherefore Art Thou, O Romeo ?  [  20  Sept  2017  ]

 

( 15 )  Data Privacy : We are getting overtaken !  [  26  Sept  2017  ]

 

( 16 )  7  Pillars  of  Data  Protection  Law [ 27  Nov  2017  ]

 

( 17 )  Just  Ask  Google  ! [  28  Nov  2017  ]

 

( 18 )  Here is the Proof  [  30  Nov  2017  ]

 

( 19 )  Data Protection without Data Privacy ?  [ 08  Jan  2018  ]

 

( 20 )  PRIVACY : A Lost Battle  [  15  Jan  2018  ]

 

( 21 )  Aadhar : Supremely Satisfying ?  [  19  Jan  2018  ]

 

( 22 )  Aadhar Fact : Privacy Fiction ?  [  19  Jan  2018  ]

 

( 23 )  Aadhar : Dawn of Realism ?  [  23  Jan  2018  ]

 

( 24 )  Oh ! for some learned arguments !  [  25  Jan  2018  ]

 

( 25 )  Aadhar : Supreme Asks : What if ?  [  30  Jan  2018  ]

 

( 26 )  A Hostile Advocate ?  [  07  Feb  2018  ]

 

( 27 )  Big Brother is watching us ! And how !  [  09  Feb  2018  ]

 

( 28 )  Nightmare ? #Aadhar #Privacy #DataProtection  [  04  March  2018  ]

 

( 29 )  A  Drop  in  the  Ocean  ?  [  20 March  2018  ]

 

( 30 )  Trade  Off  :   Privacy  vs  LiveEasy  ?  [  25  March  2018  ]

 

( 31 )  From  Tele-phony  to  Tele-Empathy  ?  [  27 March  2018  ]

 

( 32 )  Facebook   Replies  [  29  March  2018  ]

 

( 33 )  How  Do  You  Control  Wind  ?  [ 11  April  2018 ]

 

( 34 )  Dear Hon CJI , Shri Dipak Misraji  [  13  April  2018  ]

 

( 35 )  Parekh’s Law of #Privacy ?  [  15  April  2018  ]

 

( 36 )  Facebook  :  The  Formidable  [  27  April  2018  ]


( 37 )  Everything  You   Do  ?  [  03  May  2018  ]


( 38 )  Making best of a bad bargain ?  [  09  June  2018  ]

 

( 39 )  Enforcing  is  difficult  ?  [  13  June  2018  ]

 

( 40 )  This is just the Beginning !  [  09  July  2018  ]

 

( 41 )  Social Media Hub ? Where is the need ? [ 13 July 2018 ]

 

 

 

16 July 2018

www.hemenparekh.in / blogs