Privacy #5: India's Options

In the last part of his book Privacy 3.0, Rahul Matthan presents his view on how the laws on privacy should be framed in India. He points out that the Aadhar horse has been out of the stables for a while now, and has been unifying various databases – from PAN to bank accounts to your mobile number. And it has undoubtedly yielded benefits to all – the UPI system works only because the banks and phone numbers could be connected via your Aadhar ID. The eKYC that Aadhar has enabled cut down the cost of verification from 1,000 to 60. In turn, that has reduced the costs of the lending sector, which then opened up the market for low value loans, from 25,000 onwards to become viable. The potential benefits in the healthcare industry via a system like Aadhar are enormous – one could identify which areas are prone to which diseases; or correlate symptoms to diseases in ways no individual doctor can.

 

That acknowledged, he points out that in the digital age, more and more companies ask for our data. In that context, he says the older model of asking for consent first (which included both seeking permission + declaring the intended use of the data) is proving to be useless. Why? First, they are so long that nobody can possibly read or understand them. Second, if all your contacts are on Facebook or WhatsApp, do you really have any choice but to join in? Third, algorithms can piece info in ways that nobody, not even the company, can imagine when it collects the data.

“We are constantly generating data – through our smart devices, from our interactions with those around us and as a by-product of our participation on the Internet.”

 

What are the options available, if consent has become meaningless? Some people cite the EU’s GDPR (General Data Protection Regulation) as an option, which can impose massive penalties for privacy violations by companies. Matthan is against this idea since data can be hacked; and it isn’t always the fault of the company. How would you prove if it was negligence or a great hacker? Machine learning algorithms aren’t understood by their designers, so is it even fair to penalize the company if those go wrong from time to time?

 

Others propose putting restrictions on what can and cannot be done with the data. But, as Matthan says:

“(Such a move) will ensure privacy but will stunt the growth of the data economy.”

He wants a system where the data controllers can keep innovating, because the benefits of that are all too clear.

 

Matthan suggests a framework for India where the data controllers are given a chance to remediate in a timely manner rather than being penalized immediately. The devil, of course, would be in the details. But that does sound better than a blanket ban/penalty system like the EU’s. Bonds are given AAA, AA ratings etc to signify their risk levels. Perhaps, the government can create equivalent agencies to give ratings to the data controllers – this would give people an idea about which data controllers are more trustworthy than others, he says.

 

It's not an easy topic to solve. Technology does provide huge benefits and:

“It is technology that is its (privacy’s) biggest nemesis.”

Not just in the Internet/Big Data age, as Matthan reminds us, but from the printing press to the camera to the telegraph and the postal system onwards.

Comments

Post a Comment

Popular posts from this blog

Student of the Year

Image
As a toddler, my daughter loved Alia Bhatt’s songs, esp. the ones from Student of the Year . (That movie did have many good songs and well-choreographed dances). Fast forward to present day, when she is 12 yo. She rarely watches Hindi movies now, but one of the few ones she likes of late, Raja aur Rani ki Prem Kahani has, yes, Alia Bhatt.   If I had any hopes that there was anything to be read in the name of her toddler-time favorite ( Student of the Year ), they have been dashed. Our conversations come exam time are perfectly captured by this photo and its caption: In fact, the pic below captures how she and I look at her answer sheets – me intently, she with an expression of “It’s over, so why are you even looking at it?”   Of late, we pull her leg and tell her that she isn’t showing any signs of academic prowess, she’d better find a rich guy to marry. Some time later, she showed us this meme on the Internet: “Me No Study, Me No Care Me Go Marry Millionaire If He Die
Read more

Why we Deceive Ourselves

In their book, The Elephant in the Brain , the authors describe this weird aspect of deception that we practice: deceiving ourselves! That is so weird: “If our minds contain maps of our worlds, what good comes from having an inaccurate version of these maps?” The Sigmund Freud school of thought treats self-deception as a defense mechanism, “a way for the ego to protect itself”. The mind seeks to protect itself from anxiety and other negative emotions. Many object to this reasoning: since accurate information is so critical to our survival, surely distorting information would be dangerous. Wouldn’t the goal of protecting our self-esteem have been better achieved by making the brain’s self-esteem mechanism stronger instead? The new school of thought explains self-deception as “primarily outward-facing, manipulative, and ultimately self-serving”. This is based on Thomas Schelling’s work on game theory: “In a variety of scenarios, limiting or sabotaging yourself is the winn
Read more

Handling of the Satyam Scam

The Satyam scam. How does that fit into Montek Singh Ahluwalia’s book on reforms in India, Backstage ? The reason is that, as both NASSCOM and the government of India felt: “(Satyam’s) collapse would create a great deal of disruption for clients worldwide and seriously damage India’s reputation as a reliable source of software services.”   Therefore, the government decided to work with the private sector to “organize a quick takeover by a reputable new buyer, who would quickly restart the company”. But that could not be done overnight. In the meantime, the new board would have to reach out to Satyam’s clients and “reassure them that the company would survive”.   For the new board to have credibility when it made that statement, it had to be staffed with people who understood the private sector, the IT sector in particular, and commanded respect and trust. Deepak Parikh from HDFC was made chairman, and other members of the board included a former NASSCOM chairman, CII member,
Read more