As the country becomes increasingly digital, its citizens will add economic value worth billions of dollars when they shop online and pay for services including education, health care and entertainment.
India’s economic progress in the coming decades will hinge on the data its 1.4 billion citizens generate.
As the country becomes increasingly digital, its citizens will add economic value worth billions of dollars when they shop online and pay for services including education, health care and entertainment.
Data and artificial intelligence (AI) could add $500 billion to India’s Gross Domestic Product by 2025, consultancy McKinsey & Co and IT industry lobby group Nasscom have forecast.
This presents a “very large opportunity; we don’t know how much of that will be achieved, but sometimes it may be exceeded too,” says Kris (S) Gopalakrishnan, co-founder of Infosys, who heads the expert panel on non-personal data.
The model of creating millions of entrepreneurs who harness citizens’ data is unique to India, unlike in the United States where Big Tech dominates, or in China, where local companies own the digital ecosystem in a walled garden.
“India is trying to institute a hybrid model between China and the US,” says Lalitesh Katragadda, the former country head for products at Google, who built its Map Maker tool that used crowdsourced data to increase the quality of maps.
“In the long run, people need to own their data, whether at a personal or a community level. Communities can be farming communities, cities owning their data or the country itself,” he says.
India’s goal is to promote free sharing of non-personal data collected from citizens for the larger public good.
This has, however, faced stiff resistance from both global technology giants and local privacy activists. They say such a move will erode economic value and open the door to state-level surveillance.
User data cannot be the Intellectual Property of corporations, adds Justice BN Srikrishna, a retired supreme court judge and the chief architect of the Personal Data Protection Bill.
The 2018 Bill addressed this issue, but in the current version this has been vaguely defined, and it is unclear what final shape the Bill will take before it is passed by Parliament, he says.
Justice Srikrishna’s view is that collection of personal user data by corporations must be regulated.
“From 2017 the law has been on the backburner, if not in the freezer. In the meanwhile, players are lapping up the data (that is) available freely and monetizing it without any constraints. They are also freely violating the data privacy rights which have been declared to be fundamental rights,” he says.
“Clarity and certainty around the regulations will allow companies to make investments without fear around the regulatory framework,” Infosys’ Gopalakrishnan adds.
Since they have millions of users in the country, forcing them to share user data that they have collected could lead to anti-competitive behaviour and slow down overall economic activity, they warn.
But these arguments are not well grounded, says Apar Gupta, executive director at Internet Freedom Foundation (IFF).
He says there needs to be regulation of data, just like any other sector of the economy.
“The principal activity of technology companies is to do with personal data, which also has a large social impact. It quite often leads to data breaches which can cause impersonation, cyber theft or lead to surveillance of individuals. Therefore, it needs to be protected by a data protection law,” Gupta says.
In the absence of data protection, India has become an outlier.
“Given that now there are close to 900 million internet connections in India, the amount of data capture that’s happening is tremendous,” he adds. “The data protection Bill is not something which we need today, we needed it yesterday.”
The concerns that technology companies have raised about data sharing with government authorities and community data – envisaged under the non-personal data protection framework – could be valid, Gupta says, since what constitutes a ‘community’ is not defined properly.
“It also poses a large risk of state-level surveillance, because we don’t have well-defined surveillance norms,” he adds.