Big Data, Right to Privacy and National Sovereignty
Author: Rohith Kashyap M S
3rd Year Law, School of Law, Christ.
Globally, data is concentrated and controlled by a few private firms in the first world countries. Big data is considered to be a threat to democracy and sovereignty. One of the important steps which can be taken by the governments across the world to limit or reduce this concentration of the data is by localising the data. But, in the current world scenario, localisation of data is a costly affair not only in terms of it being economically costly but also ecologically it proves to be a very costly task. Even though, the localisation of data in one’s own country seems to be a very feasible option for the governments to save itself from being leveraged by those first world countries which are home for these private firms it will have a great impact on the country’s economy in terms of it investing lots of money in providing the companies necessary resources.
Privacy is defined as a state in which one is not observed or disturbed by other people.[1]Right privacy has been declared as a fundamental right under Article 12 of the Universal Declaration of Human Rights.[2] The internet and the digital space across the globe have reduced privacy to be a myth. Data protection and data security have been the key points of debate and concern for a lot of Governments and countries in the course of digitalisation. To tackle this issue many countries have come up with numerous legislations which deals the cloud computing in general and there are legislations regulating specific markets and sectors. For instance, in the United States of America, the Gramm-Leach-Bliley Act of 1999 also known as the Financial Modernization Act regulates and requires the financial institutions of the country to explain and disclose to its customers as to how their data will be used. In addition to being the primary legislation with respect to protecting the financial data of the people of USA, this act also provides for penalties to be levied on companies who are in default or act in contravention of the provisions of the Act and it empowers the Federal Trade Commission to enforce the act. Further, the USA have acts such as the Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standard, Family Educational Rights and Privacy Act etc. which deal or governs with specific sectors with respect to data protection.
For instance, if a first world country X is the home for most of the private firms which collect and store the big data, and these firms have their client base all across the globe. So, all these countries which do not have to resources and the money to afford localisation of the data have to be at the mercy and fear of these countries because if these countries do not follow or try to oppose any of these countries in the international forums the countries may anytime pull the plug or stop supplying these countries their own data. In the real-world scenario where google has stopped providing Huawei with its services. Even though this situation is not exactly related to the data flow as such, we can show how a mere disagreement and non-compliance issue can lead to the whole company losing on its major service provider.
I believe at this stage where most of the countries cannot afford to localise data in their own countries, it will have to come with much stronger data protection laws, policies and regulations regulating the amount of data which is flowing out of the country through these private firms. One more classic case where the flow of data from one country to another was a major part or played a key role in the transaction, that is the case of Walmart acquiring Flipkart. In this case, Walmart which is a Multi-National Company and having a substantial amount of resources to not only mine data by using Flipkart’s customer base but also in storing it.
Further, the European Union has the General Data Protection Regulations which provides for data protection and privacy for all the individual citizens of the European Union and it also governs or regulates the transfer of data outside the European Union. This legislation aims at simplifying the regulatory framework governing the protection of data and privacy of the people. Even with such stringent regulatory frameworks in place, the European Union, the USA and many other countries
still struggle with copping up with advancing fields of Information technology. Few of the challenges include regulation Transborder information flow, compliance issues, transparency in information practices, assurance of privacy throughout the Personal Information (PI) lifecycle, accountability and ownership of Personal Information transactions etc.
still struggle with copping up with advancing fields of Information technology. Few of the challenges include regulation Transborder information flow, compliance issues, transparency in information practices, assurance of privacy throughout the Personal Information (PI) lifecycle, accountability and ownership of Personal Information transactions etc.
The Indian Cloud Computing market is throbbing and there a lot of cloud computing transactions taking place in almost all the possible sectors in India. Even though the cloud computing space is dominated by the private sector the central government has been taking an active part initiating and coming with programs and initiatives based on cloud computing. Even though there are a lot of companies who provide cloud computing services, there are no recognisable companies in India which provide India centric or India based services. This means that a lot of companies which are providing cloud computing services in India are foreign companies and this becomes a great concern as there is a constant flow of data across borders. The transborder flow of information data needs stringent regulations to protect the fundamental right of the right to privacy.
This was the same situation in the case where Cambridge Analytica had exposed how Facebook has been misusing our data. In all these cases, countries have to end up paying these private firms to buy data of thier own countries. I believe that in future the countries have to develop or plan ahead to be able to localise data and to save itself from the clutches of the “Big Firms” and at the moment to restrict and regulate the flow data from their countries it is more viable to enact stronger data protection laws, policies and regulating the manner in which the data is being mined. If not sooner or later they have to be at the mercy of the 1st world countries which are controlling the private firms, the data and in turn controlling the way a nation progresses. But, there is a dire need for strong data protection laws in India. The Indian Legislature has to take into account the OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal data which aims and guides the countries towards practical implementation of privacy protection, risk management and adopt the global dimensions of privacy through advanced interoperability. The Indian Government has taken its first step by coming with the Draft Data Protection Bill.
[1]Oxford English Dictionary.
[2] Universal Declaration of Human Rights, 1948.
