Introducing Databyte – India is readying its data laws – Are you ready?

By 2020, 44 zettabytes (ZB) of data will be amassed by internet users. This is up from 2 ZB in 2010, which seemed like a colossal figure back then . The sheer numbers that reflect the growth in data that has been produced and collected has made it more urgent to understand how it is being put to work.

The biggest takeaway from the rise of data generated from the myriad digital devices is how it has changed almost every industry. In 2012, when a major US retailer had figured out that a teen girl was pregnant before her father did using data analytics, it made headlines . Data analytics today is capable of a lot more. Now paired with responsive methods and machine learning capabilities to deliver real-time insights and results, data is fuelling everything from algorithms that can predict patient side effects to metrics and models that can improve athletic potential.

But data was not always collected in such a manner. In the early 1950s business analytics tools were developed to capture information and identify patterns. In the later part of the 2000s, information was sourced from external sources such as the internet and public data sources, which signified the switch to the next phase of Analytics 2.0.

Today analytics has progressed from basic versions and is currently in the 3.0 phase. With growing internet connectivity and the proliferation of low-cost sensors and digital devices, an unprecedented volume of data is being generated. Along with it advancements in tracking and linking data to a person has grown exponentially as well. Digital contact tracing, which has been playing an important role in helping control the spread of Covid-19 is a recent example.

This new era presents newer challenges and opportunities for organizations across all sectors. While start-ups have been efficient consumers of data, incumbents are starting to follow suit. For instance, Shell, the petrochemical giant, has recognized the importance of data-driven operations for increased productivity and efficiency. Leveraging data analytics and deep learning they have been able to predict the wear and tear of important components such as valves and compressors that run in their up-stream and manufacturing facilities.

The explosion of data has underlined the importance of regulation
Each and every one of us has read about some example of data misuse by organisations or individuals. This may have included credit-card fraud (stealing of credit-card numbers), selling email address to advertisers / other services, auto-spam of email contacts, sharing/selling personal information to advertisers and selling personal information to 3rd parties for aggregate data collection. These incidences have resulted in regulators keeping a close eye on this space. For example, the Indian government announced its decision to ban 118 applications. This ban was constituted under Section 69A of the Information Technology Act, as it was found that these apps were collecting data illegally. Extensive information about their users was collected without their explicit permission. It included data such as their GPS location, IP addresses, Wi-Fi access point names, etc.

While the 2018 General Data Protection Regulation (GDPR), which safeguards data protection and privacy in the European Union, is one of the most comprehensive data law, other countries also have their own versions. For instance, Japan’s Act on Protection of Personal Information, was amended in 2017 to include foreign and domestic companies that process data of Japanese citizens.

In India, the Personal Data Protection Bill (PDPB) is currently under debate in the Parliament. The government is looking to finalize this bill at the earliest which will help in tightening the regulations for Indian businesses; many of whom have a long journey ahead in terms of compliance and regulation. If this bill comes to pass it will advocate three focal points:

  • That the right to privacy is fundamental and thus mandates the protection of personal data as an essential part of information privacy
  • That the growth of the digital economy has expanded the use of data as a critical means of communication between people
  • That it will be necessary to create a collective culture that fosters a free and fair digital economy.

    World over, owing to non-compliance with the regional data-protection laws, many big corporations have been fined hefty amounts (running into millions). For example, a widely popular search engine was fined a whopping €50,000,000 in 2020. Touted to be the biggest GDPR fine to date the reason behind the fine was the lack of transparency on how data was acquired or harvested from data subjects and used for ad targeting . In this year alone, a retail conglomerate, a leading telecommunications operator, an airline and a postal service from a European country have all been levied with large fines for GDPR non-compliance.

    The rising need for stronger data regulation and protection laws is a vital action from government bodies to safeguard the data rights of their citizens. Conversely, organisations are setting up their own in-house teams to monitor data privacy and regulation. Gartner predicts that greater than 60% of large organizations will institute a fully integrated privacy management program into the business by 2021—a significant growth from only 10% in 2017. Start-ups—especially data driven businesses—will have to be cognisant that their business models and innovation might be highly subject to evolving data protection regulations.

    Data challenges and its impact on start-ups
    The three common themes for most start-ups with regard to data regulation surround – user needs, legal compliance and privacy culture. Most start-up founders echo that it is important to take a close look at planned and unplanned use cases for things like location data. This assessment helps influence their product design, reduces the compromise of information through breaches and attacks.

    Understanding legal requirements, while confusing, are extremely important as they differ from region to region, and sometimes even on culture. If a start-up is based out of one geo, while its business is conducted mostly in another geo, the legal team must cover all bases to ensure they comply with the policies of both regions. Challenges surrounding security and storage will also have to be met.
    At present the response to the myriad data challenges faced by start-ups are varied. Some start-ups envision data residencies, where data is managed on regional expectations and laws. While others take to compiling checklists, creating bespoke security and privacy policies and hiring strong legal teams. Some start-ups prefer thinking about these issues when they become “big” or have more funding and some have an idea but have not been able to implement these.

    Introducing Databyte – A one-stop platform for all things data
    With all these shared understandings and concerns, there is an urgent need for start-ups to understand the challenges surrounding data that could potentially hinder their growth.
    Therefore, we are introducing Databyte—a platform that will discuss, debate and declutter all things related to data. It will be a curated one stop platform that will witness the convergence of entrepreneurs, lawyers, and leading organizations in the data space who will share their expertise and experience about data regulations, data security and data use. We plan to cover the following subjects:
  1. Regulatory landscape of what is present, what might emerge and how startups can safeguard themselves, as well good practices on what to follow irrespective of laws passed.
  2. Future of data in India, regarding the advances in data analytics that we are currently experiencing, future forecasts and how the startup ecosystem can capitalize on these technological innovations.
  3. Case studies and success stories that explore how companies, especially startups, have deployed innovative solutions to solve specific data-related problems.
    Databyte will also include sector specific coverage on compliance challenges, best practices and specific laws that govern the space.

    We hope entrepreneurs at all stages of business can gain insights on how to imbibe a strong culture of data privacy and security in their organizations by sharing best practices, seek out resources to create privacy respecting products/services, and understand laws and user expectations in their concerned markets. Our aim is to put you ahead of the curve and cultivate community conversations on evolving data issues privacy practices, curate best-learnings. Join us in building this community by writing your thoughts to and following our Twitter and LinkedIn pages.







Financial Express;

Data Privacy Manager;