Governments and technology companies are amidst collecting vast amounts of personal data which prompts the creation of new laws and regulations to properly define and protect individual privacy. For online services and websites, protecting their customers’ data is a complex topic. Regulations, like the latest Personal Data Protection (PDP) Bill, 2019, are aimed at addressing and creating a framework that allows the processing and storage of personal data of users to be more secure and have ample provisions in place in case of a breach.
To achieve this, the Indian Government has mandated that all personal and sensitive data of consumers be stored within the Indian territory, while allowing online services a higher level of access to an individual’s non-personal data. This limited, or in the other case, increased access to data, can help businesses serve customers better while at the same time securing the sensitive parts of the data.
How The PDP Bill Identifies Customer Data
An entity, or person’s personal data pertains to attributes of identity, traits that can be used to identify an individual. Whereas, non-personal data constitutes your order history, preferred mode of payments; data through which individuals cannot be identified but can provide insights on how a service is being used. The PDP bill also mandates heavy penalties for violations of norms and the regulations set in place to help quell incidents of data theft and illegal processing.
Allowing the storing and processing of Indian users’ non-personal data on international servers could potentially prove to be in the benefit of consumers who can receive a more personalised service. While at the same time one simply cannot ignore the ongoing concerns of privacy breaches and data theft. The technically correct path with data privacy, and the high risk, high reward potential of data sharing is yet to mutually coexist together.
The bill essentially regulates the collection and processing of personal data of Indian citizens by the government, native companies, and even foreign companies that deal with the data of Indian citizens. This also allows individuals to potentially administer certain rights with respect to their own personal data.
The Importance Of Data Privacy And Data Sharing In Ecommerce
Since private companies depend on public data to scale their businesses, these policy changes amidst the boom of ecommerce have become quite complex. Currently, for ecommerce businesses, the best way is to securely manage data to protect the most sensitive elements while reaping the benefits from the insights it leads to.
When it comes to data fiduciaries, the entity that stores and processes consumer data, necessary steps should be taken to ensure that the data processed by them is complete, accurate, not misleading and updated, against the purpose for which it was processed. This requires a constant effort on the part of the businesses to adhere to these regulations.
Transparency in processing of personal data is also strictly indicated in the PDP Bill. However, when it comes to ecommerce websites, missing authorisations for some smaller businesses could pose a problem since their data practices might require updating, if not a complete replacement. Introducing, managing, and maintaining a data security model could help minimise the risk of any data leakage, but at the same time prove to be a daunting task for businesses just starting out.
There are also multiple benefits of allowing non-personal data to be shared on international servers. For instance, being aware of a customer’s preferred payment method and their order history can allow businesses to target their audience accurately and with a higher level of personalisation which helps drive loyalty in brand and customer retention.
With regards to payment services and gateways, the PDP Bill calls for a structural change at an organisational level to their data handling procedures. For companies handling financial data, the Bill explores a higher level of obligations to better preserve customer financial data. Account numbers, transaction history, and such are routinely used by a variety of different businesses and must exercise a different approach to how that data is handled. The first line of defence added is the compulsion for businesses to get ‘explicit consent’ from the user to process their financial data. As the lines between explicit and regular consent can get blurry, businesses must enlist a higher threshold for certain types of data.
When talking about the issues regarding data leaks, corporations can put effective policies and technologies in place to avoid any such problem. Damage control must be done at an organisational level to avoid any conflicts with the authorities. However, this is easier said than done. The damage, once done, can be rectified, but damage removal is a mere fantasy.
All in all, the aspects that the Personal Data Protection Bill aims to fix are to help boost data privacy while allowing a helpful level of data sharing. Businesses must allow themselves a level of self-regulation and infrastructural and technological changes to help tighten security. The government seeks to ensure that the personal data of Indian citizens is safeguarded and stored locally within the confines of the country to have better control over it.
As non-personal data is now free-range, the key for businesses is to correctly wield Big Data and integrate the insights into their practices to help build a more personalized experience and improve customer retention.
Despite the intense competition within the ecommerce landscape, digital businesses that correctly use customer data have an advantage over those who do not. Ecommerce by design is nimble and adaptable. Since ecommerce sales have a digital footprint, it is easy for companies to understand what works for their customers. There is a clear opportunity to not only grow on competency, but also provide customers with viable, reliable, and relevant services.
Allowing Indian users several rights over their data, the PDP Bill, 2019 is aimed at protecting this data, while helping businesses, native and foreign both, serve their constituents with clear-cut transparency and with ample security in place, by design.