Information Technology and Law Minister of India Ravi Shankar Prasad has been saying for the last few months about “data” being the new oil. His remark is based on the fact that there was a time when oil
companies ruled the global economy but today it is the
companies dealing in data in the
information technology industry. Chairman Reliance Industries Mukesh Ambani goes even further when he says that data is the new oil and India does not need to import it and that we have it in super
abundance. Indeed the
global glue today is data and it has come a long way from the
barrel economy. Thus the topmost valuable companies in the world today Alphabet (Google), Apple, Amazon, Facebook and Microsoft are also data driven and transforming the global ecosystem at a speed so far not seen even two decades back.
The Information Technology Act 2000 (IT Act) that India passed in the year 2000 under the prime ministership of Atal Bihari Vajpayee defined data under Section 2 (o) and there “data” means a representation of information,
knowledge, facts, concepts or
instructions which are being prepared or have been prepared in a formalised manner, and is intended to be
processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts
magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. Being one of the first cyber laws anywhere in the world, the IT Act was a prudent piece of legislation
to comprehensively cover the
phenomenon at a time when Amazon was just 4 years old, Google was just 2 years old and Facebook was yet to be set up. Today these 3 US
corporations have a massive global footage, including India, and all because they deal with the new oil ie data.
Thus, data is very precious and it is also crucial to
protect it in all forms. Information communications technology made it possible for data to move from one to another in no time and also to devices which might not be its legitimate recipient. Many nations have also come up with specific
legislation to deal with data management, storage and transfer. Over years the propensity and business thrust for data
processing with artificial intelligence and also for data mining has increased manifold times and today the world recognises that significant legal and technical safeguards have to be ushered and maintained to handle data. Many nations and states have also resorted to trade restrictions when it came to data and bodies like the European Union, have always moved strictly on this and have also subjected many large corporations with hefty fines unheard of in the oil economy.
India has had the unique distinction of dealing with data both sensitive and otherwise for the last three decades. Indian software and services industry was built on creating and managing data and the lion’s share of them was in the form of exports or processing them via the business processing
outsourcing (BPO). The volume of data under execution has increased consistently and every year and also the extent of exports. The last five years showed a compounded annual growth of 11.2% (2012-17) and it is expected to be roughly US$ 117 billion for the 2016-17 year. A majority of the top fortune 500 companies had their data processing done in India for years to come based on service level agreements that the Indian companies signed with these companies and this clearly was an indication about the track record of the Indian companies in dealing with data with integrity.
Revised IT Act
The IT Act of 2000 was the only legal recourse in India and there were no specific and well laid out data
protection provisions laid out although Section 43 with its 8 sub sections was covering almost all aspects. The revised IT Act which was enforced from October 2009, however, more specific provisions had added
regarding data protection and Section 43A thus incorporated introduced the provisions of body corporates and their roles and also defined the
reasonable security practices and
procedures. Along with that Section, 72A was introduced that penalises the offender of data privacy breach for an imprisonment term not exceeding 3 years and fine not exceeding five lakhs of rupees. The pressure to have a separate legislation for data
protection was however always
maintained by various groups and stakeholders but the practices
prevalent by Indian corporations
dealing with data and the extant
provisions of the law were quite encompassing to deal with the
situation. Cyber crimes around data theft and related phenomena weren’t also alarming to trigger a separate
The last few years the situation has changed significantly. Ever since the Narendra Modi government has come to power and the focus on Digital India and more citizen-centric services that require more to deal with citizen data, there has been a special focus to strengthen data protection measures.
A New Look
The implementation and expansion of the unique identity for residents
AADHAR and its efficacy in reaching out to various sections of the society including those who were receivers of various beneficiary schemes and
flagship programmes made it more prudent to look at data and its
protection more closely. Thus on July 31, 2017, the Ministry of Electronics and Information Technology (MeitY), Government of India constituted a Committee of Experts under the Chairmanship of Justice B N Srikrishna, former Judge, Supreme Court of India which has members from Government, Academia and Industry to study and identify key data protection issues and recommend methods for addressing them. This committee will also suggest a draft Data Protection Bill and is expected to give its report very soon. The
nine-judge bench ruling in end August this year where they told that the right to privacy was a fundamental right has also put the focus on data protection and privacy which will be dealt by the five-judge bench that has been
hearing the petitions since 2015.
Needless to say, the Modi
government has been abreast of all major issues around cyberspace and the focus on Digital India and a more inclusive growth under the pledge of PM Modi’s “Sabka Saath, Sabka Vikas” have found resonance in the digital ecosystem also. Empowerment of the masses using technology and making the individual digitally savvy citizens have resulted in a regular focus on incorporating and imbibing better technology and legislation.
Data protection is a prudent measure that is being pushed by the
government and the expert committee will be able to give a right sense of direction to the government. Needless to say, India will be a major country for data diffusion and the number of
internet users moving to various
technologies will also require be
training and oriented to the safer
computing experience. Thus at the same time, cyber security measures are also being bolstered across networks so that breaches are minimized and legal and technological remedies are there in case of a casualty. So far the track record has been very good and proper institutional mechanisms have been put in place by MEITY to handle the emerging ecosystem. It is very clear that the nation that has embarked on a roadmap of transformation based on PM Modi’s Information Technology + Indian Talent = India Tomorrow will also be moving ahead with its
consistent focus on data protection.
(The writer is Defence & Cyber