View from India: Establishing a framework to negotiate the digital divide
Disruptive technologies, data protection and privacy are creating both opportunities and challenges for Indian industry.
The symbiotic relationship that exists between technology and data means that data protection is increasingly being viewed as a compliance advantage. In simple terms, an organisation’s IT infrastructure helps it accumulate data that can then be leveraged for operations and efficiency analysis of a predictive nature.
Information security officers, developers and legal professionals are collaborating to ensure that data becomes an investment and not just a point source of information about people and organisations. This is essential because we are at a defining moment as we witness an explosive growth in the digital world.
“The digital divide between the developed and developing world is dissolving. A combination of a computer savvy population, mobile devices and disruptive technologies like artificial intelligence and machine learning enhances user experience using data analysis, apart from bringing people and processes closer,” Sriram Sivaramakrishnan, a cybersecurity partner at PwC, told the recent Global Summit on Data Protection, Privacy & Security in New Delhi, organised by the Associated Chambers of Commerce and Industry of India.
Disruptive technologies have facilitated many of the processes that mean a digital trail is left behind as an individual’s profile is being captured. On a broad scale, the ability to track people using artificial intelligence and facial-recognition technology is helpful, especially in public places, but thought needs to be put into how the growth of the digital economy can be maintained while keeping personal data secure and protected. There has to be some sort of logical segregation of what’s required and what remains personal and hence, requires confidentiality.
Disruptive technologies continue to throw up new issues that need to be resolved. Regulations, along with a legal-ethical framework, are yet to be properly established for modern technological realities like drones, AI and the internet of things.
“One needs to figure out what kind of data should be given to the machine for it to enter the machine-learning mode. One also needs to whet all possibilities of using new age technology in areas like military and non-military purposes,” reasoned Ameer Shahul, government and regulatory affairs specialist with IBM India.
As the country awaits the Indian Data Protection Regulation (IDPR) there are various segments of Europe’s GDPR that are worth considering. The fact that GDPR gives a right to rectify data and allows individuals to port data with the click of a button is something to reckon with.
“Data then extends to security intent, where the security implication is test-based. The intent is to build customer trust. Secondly, all data is stored on the cloud. No doubt it benefits enterprises but it may not offer an overview of where data is being stored or workloads are being processed,” explained Shailendra Singh, chief information security officer at Capillary Technologies.
Seen from a GDPR point of view, companies that use the Cloud should make sure that certain data remains in a particular place. Technically, data localisation is not easy to execute because digitisation has dissolved geographical boundaries. Probably this can work if a country-specific data governance framework is formulated.
For example, Reserve Bank of India, India's central banking institution, which controls the monetary policy of the Indian rupee; has set a mandate whereby all payment systems should localise data in India. What could probably be a hurdle though is the availability of information when the government needs it.
Hopefully, the resulting legal and policy frameworks will shape the future of the Internet and determine the manner in which Indian business is conducted abroad.