GDPR: How a country can protect citizens’ data!


With more than 20% of annual growth rate in last five years, by the end of 2017, there were 4.5 billion internet users in the world. Information is becoming a valuable commodity, and there is a whole new industry has been developed out of it in last two decades, that’s why it is called “Data is the new Oil!” Data protection becomes a primary concern for the safety of the users, but till now it is addressed poorly across the world. Users are readily putting their personal information on the internet without knowing the consequences. Out of their knowledge, their information can be used in both way; the good and the bad. News related to data leak, online frauds, cybercrimes and several other misuses of data are becoming common. Without control over the usage of information or in the absence of law, abuse of such information can lead to catastrophe.

Recently, Cambridge Analytica was found to be providing information to political parties across the globe by harvesting the data from Facebook. It helped President Donald Trump to gain the lead in the US presidential election by using more than 50 million of Facebook user’s information illegally. Cambridge Analytica has been providing such confidential information to the political parties of different countries such as India, Kenya, Mexico and the UK to name a few. Helping a candidate to win an election is a different matter altogether, but using people’s sensitive information to bombard their minds with bespoke messages to support a particular candidate, cannot deny the possibility of the commercialization of the symbol of the democracy, the elections. By and large, this is a sensitive issue for the nation, the society, and the individuals as well. As an aftershock, Facebook CEO Mark Zuckerberg publicly apologized for misuse of users’ information, when this incident came to light.

To put an end to this, the European Union has adopted a law called “General Data Protection Regulation” (GDPR) from 25th May 2018 to prevent the misuse of information. By design, this law will give every person living in the EU, control over their personal information and more rights over their data.

Often to create a new account on any social media platform or any other online services, users must have to part with their personal information and abide by their terms of use unconditionally. These companies have adopted a “take it or leave it” approach by not providing any alternatives to the users. In other words, users must comply with their terms to use their services without fail.

Purpose of the GDPR is to prevent such authoritarianism and to empower users by providing control over their information. This law also controls the collection and processing of data to safeguard the users. According to experts, by adopting such regulations, the Cyber world can become more secure and transparent.

The definition of “The Consent” has been redefined:

Consent boxes were used to come with pre-ticked conditions in most of the online service provider’s case or without giving the consent; it was completely impossible to use their services. Apart from that, their “terms and conditions” were also being written in a complicated language which is not known to an ordinary person. With the implementation of this law, service providers will have to provide detailed information on how, when and why they use customer data, that too in a simple language.

There are three main features of this law:

It will impact any company in the world which has anything to do with data collection, processing or storing the information of any sort in the EU. Failure to adhere these obligations will incur a fine of €20 million or 4% of their global income, whichever is higher. The following provisions are included in this law.

  1. “Right to be forgotten”: Under this, users have the right to delete all their data.
  2. “Right to data portability”: Under this section, users can transfer their data from one company’s server to another company’s server and delete their data from the first company’s server.
  3. “Right to object to profiling”: Users can refuse to provide any data demanded by the companies which can lead to profiling of a user. This data includes name, email address, phone number, IP address, location history and any other personal information.

India also towards the data protection law:

Pressing matters like “data privacy” and “data protection” are completely ignored in India. Security and the reliability of the database such as Aadhaar came to criticism due to recent scandals of Aadhaar data leaks which led to the debate on enactment of a law on data protection in India. On 24th August 2017, a constitutional bench of the 9 Judges of Supreme Court of India delivered the verdict that “Right to privacy” is the fundamental right of the citizen assured by the Indian Constitution. Subsequently, the Government of India constituted Justice Shrikrishna Committee of Experts on Data Protection to prepare a framework on data protection.

This committee published a white paper on data protection framework on 27th November 2017 and commenced a public consultation for suggestions. A group of 24 citizens comprising legal academicians and lawyers submitted their recommendations in 8 different segments on white paper published by Justice Shrikrishna Committee in a letter. The letter emphasized to make a citizen-centric data protection law and more inclusive public-consultation process. These individuals also suggested that committee has to look at the broader picture of data protection considering critical concerns such as individual rights, privacy protection, surveillance, harmonization with international laws. Features like GDPR, right to be forgotten and right to object to profiling were also recommended to bring under the data protection law.

Awareness of sharing personal information is essential to users in this era of technology where dependency on the internet is ever increasing, but a strong regulation like GDPR is necessary to safeguard the netizens and to avoid the adversities of commercialization of information.

Image Sourse: International Association of Bookkeepers

Leave a Reply