Only Russia and China ranked worse than India in terms of privacy and online surveillance, according to a study conducted by UK-based research firm Compritech. The surveillance index score of 2.4 out of 5 on privacy index indicates a systemic failure to maintain data privacy safeguards, the report said.
The survey ranked countries based on constitutional protection, statutory protection, privacy enforcement, biometrics, data sharing and the government’s access to citizen data among other things.
“Several countries are creating what can only be described as surveillance states, with data privacy rights seemingly taking a serious back seat. Though European nations fare better due to the stringent General Data Protection Regulation (GDPR) laws, not one country is consistent in protecting the privacy of its citizens,” the survey, conducted across 47 countries, added.
Among European Union nations, Ireland, France, Portugal, and Denmark are among the top four with adequate safeguards. The US was the seventh-worst performer among non-European nations with a score of 2.7. The reasons cited were constant updating of the database of biometric information, and data breaches across all sectors.
Delay In India’s Data Protection Bill
While India is the world’s biggest democracy with fundamental right to privacy, a number of factors could be responsible for the failure to maintain privacy safeguards in the online context. According to the survey, the Indian government’s efforts to get Facebook-owned WhatsApp make its messages traceable by adding a digital fingerprint to every message sent is not helping the cause of privacy. Further, Aadhaar, which contains the largest biometric database related to 1.23 Bn people and information such as mobile numbers, bank accounts, and insurance, has also been blamed for data breaches.
One of the main factors for failure to maintain data privacy could be a delay in the implementation of data protection bill. To ensure that Indians are not being affected by any global data breach, the government had proposed data localisation mandate in the bill. It also proposed that one copy of all personal data to which the law applies should be kept in a server within India.
The Indian government has been stressing on data privacy and uncompromising country’s data sovereignty. Prime Minister Narendra Modi stressed on the importance of data privacy while speaking at the ‘Howdy, Modi’ last month. He in fact referred to data as the “new oil” and “new gold.”
The DPB was proposed to the government of India in July 2018 by a nine-member expert committee headed by Justice BN Srikrishna. However, even after a year, the bill remains under consultation and ministry of electronics and information technology (MeitY) is now reportedly planning to release a report on the regulation of public data, including data of technology companies such as Uber, Facebook and Amazon. The ministry’s report is expected to let ministries or regulators decide the nature of data that will come under the purview of data privacy and DPB.
In May, the US government criticised India’s data privacy and data localisation proposals. It said that certain policy proposals are discriminatory and trade distortive. The Telangana state government also raised concerns about the bill and said, the implementation of certain clauses, especially the one on data localisation, has the potential to isolate Indian startups and hurt investments in the state and the country.
Meanwhile, foreign portfolio investors are also opposed to the data protection bill as they are concerned about the categorisation of all types of financial information as sensitive data under the law.