tag:blogger.com,1999:blog-19649274.post4651735662690175988..comments2024-03-27T17:16:12.789+05:30Comments on The Leap Blog: Towards a data protection framework for IndiaAjay Shahhttp://www.blogger.com/profile/03835842741008200034noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-19649274.post-56270995057720007742018-02-22T21:41:25.046+05:302018-02-22T21:41:25.046+05:30Good to see that the national discourse has gradua...Good to see that the national discourse has graduated from the perils of having a centralized UID to that of data protection and how to manage and neutralize the data repositories that a UID system can generate. One can now see the movement towards preempting the possibility of any meaningful data collection and use by state or private players. The idea of consent for example, can be abused by elites and scheming minds to skip over data sharing with the regulator or private players while the less educated and naive tend to give into. This can clearly create moral hazard issues and from the point of data consumption side can lead to incomplete datasets.<br /><br />In countries like the US and UK, the idea for consent is mostly applied to prevent unsolicited marketing and to opt-out of certain marketing promotions. Also, while the govt and private players collect and create a number of data points about their customers or from third parties, the mandated data use limitations in most cases mean that - for example, the FICO credit scoring models cannot use age, gender, race, education or zip codes to score risk even when they are highly predictive. However, it doesn’t mean these attributes cannot be collected or utilized in marketing models or in fraud models.<br /><br />In contrast, in India, we are seeing a civil society discourse that exclusively focuses on data collection and prevention of uninformed data use. The idea is to create a mechanism for well-informed citizens to opt-in or out of data collection measures based on individual risk appetite or sensibilities. Most of the time, this thought process stems from the cynical belief that state is incapable of managing data risk once the data is generated and fed into the cloud even if it means precluding legitimate data use. Further, by inserting menacing and uncluttered language on consequences of data protection violations, the laws are expected to discourage non-compliance.<br /><br />Instead of tailoring its data privacy laws to the sensibilities and needs of Indian liberals and elites, India should take advantage of existing laws and mechanisms from matured democracies like the US and UK that have over the years have evolved to maximize the overarching public benefit by making good use of the data and opening up the possibilities for innovative data intelligence applications both by the state and markets.Sridharnoreply@blogger.com