India could become a global leader in data protection after the country’s Supreme Court ruled that privacy is a fundamental right, according to a panel of experts speaking at the Computers, Privacy and Data Protection conference in Brussels on Wednesday.
The panel, comprised of speakers in Brussels and speakers in New Delhi via video conference to discuss citizens’ rights in a data-rich environment, as well as explore the implications for global data flows in the context of EU adequacy decisions and future developments of the Schrems II case, said the ruling opens up new scenarios both in India and internationally.
“This (data protection) is something that is gradually sweeping the world,” said Joseph Cannataci, UN Special Rapporteur on the Right to Privacy. “This kind of opportunity for the Indian government – the biggest democracy in the world – will not come about every day.”
More than 1.3 billion citizens in India received privacy rights under the ruling, but are still required to carry controversial government-issued ID cards that include encoded personal information. Critics say the biometric data violates India’s privacy laws and presents a security risk over concerns that confidential data has been leaked on several occasions. India’s Supreme Court is currently looking into the possibility that the cards violate the nation’s privacy laws.
“One of the great things about this judgement is showing that privacy is a right that less wealthy countries are allowed to have,” said Malavika Jayaram with Digital Asia Hub.
Jayaram said poorer nations are discriminated against because there is a perception that the people in these countries are digitally illiterate.
“If you are dealing with people who are digitally illiterate, I think this is a great opportunity to face governments and make them explain things to people,” said Jayaram.
According to the head of European Commission’s International Data Flows and Protection Unit, Bruno Gencarelli, the world needs to move away from a “one size fits all” approach when it comes to data protection and privacy. “It doesn’t require a carbon copy of the GDPR (General Data Protection Regulation),” said Gencarelli. “But it does require a global conversation.”
Gencarelli added that data protection is not just an EU obsession, rather there are shared values across regions. “Privacy is not just a technology issue,” said Gencarelli. “It permeates society.”
Rahul Sharma said everyone knows the benefits of data flows. “The conversation is not whether we should promote data flows or not, but how it should be tackled so it brings benefits and adequate protection.”
The general consensus about the upcoming implementation of the GDPR is that it is a legitimate means to enforce the concept when breaking the law.
“It’s not necessarily about you being the data subject, it’s about you as a member of something bigger,” said Jayaram. “It’s about incentives and enforcement for the GDPR to be vital and vibrant.”
The GDPR will be implemented on May 25 and require all companies and individuals to rethink their privacy policies as well as also how they collect and disseminate data.