India is gearing up for enhanced privacy laws that protects customers. This can be a landmark legislation that can have lasting impact on consumers, data protection, data sharing and use of personal data & information.
India has a not been privacy friendly state. Data sharing and exchange is done freely and hence it is not suprising to find personal information being freely available for a few cents. The proposed act or legislation seems to be all encompassing and can have a lasting impact. Take a look at some of the recommendations:
- Currently, in India there is no legislation for protecting the privacy of individuals for all information that may be available with private entities. The legislation proposes to bring this to force.
- Choice and consent of the indvidual before his/her personal information is collected
- Information should be used only for the purpose it was collected
- The individual should have access to his/her information at any time. He/she must be enabled to update or correct the information
- Data controller would be transparent in his working as regards to the collection of personal data
- Data controller is primarily responsible for its safety and use
The framework proposes:
- All forms of identifiable data be protected against under the right to privacy.
- It goes on to define what is personal data -..."to be able to identify a person, information need not necessarily be objective identification such as a person's name, but can be subjective information such as the opinion that a person is a "reliable" borrower or that a person is "expected to die of a terminal disease". It is also important to bring all personal information within this definition regardless ofthe format in which the information is stored."
- It also extensively takes into consideration Indian context - Aadhar program that uses biometric information
- Explicit consent or even approval from a regulatory authority may be required to be obtained to collect sensitive personal data.
- Processing of data in an automated manner must be avoided when it affects the vital interests of the data subject.
- The data once collected must be deleted after achieving the purpose for which it was
collected. - Privacy impact assessments to be conducted by independent authorities in the form of
transparent audits, for the protection of personal data. - Appropriate measures to protect the data of Indian citizens that are processed outside the country.
I believe this is going to have far reaching implications on how private entities hold data and process data. Also, information available on the web and information shared in social media will have to undergo scrutiny, as this personal data today is being used for commercial interests by many of the entities like google, facebook etc.
I have attached the approach note paper Download Aproach_paper.
I would love to hear comments, feedback and implications on this proposed law. And how marketing in India needs to adapt to this new environment.