Cyber Society of India (CySi) celebrated the Data Privacy Day in Chennai in a colorful event on 28th January 2019.
The event organized under the leadership of the president Mr S. Balu, reportedly attracted good attention of the industry professionals since it was one of the first such programs to be held in Chennai.
Discussions on Global Trends in Privacy, Impact of GDPR and related issues were discussed during the deliberations.
An interesting caricature on the Right to Privacy shown above attracted the attention.
The caricature (drawn by Mrs Saranya Devi) has captured the relationship of Privacy Protection in the context of a Citizen of a Physical Society and a Netizen who lives in the Cyber Society and underscored the fact that Privacy of Netizen is only “Information Privacy” guaranteed by the due diligence of the Netizen and the Intermediary.
While discussing Data Protection laws, we often forget that we are trying to protect a right in one society by a law in another society and this is the root cause of many conflicts. It is like our Parliament passing a law in India for regulating activities in another independent country like Saudi Arabia or Pakistan. Conflicts are bound to arise in the absence of a “Treaty” between the two societies.
Since Privacy is a “State of Mind” of an individual and reflects the perception of a subject such as “I am free”, “I am alone”, “No body is around me” etc., it cannot really be guaranteed by force through a law. Despite this, the entire Data Protection regulatory regime is built on the premise that Privacy of a Citizen can be guaranteed through a regulation of “Information Privacy” which boils down to giving some control to an individual to decide how his “Personal Information” may be collected and used by others.
Naavi has used the Johari Window concept for describing the scope of Data Protection legislation which is reproduced below.
What this “Personal Information Grid” represents is that for every person there are sets of data which he knows and which he himself does not know. Some of this information may be known to others and not known to others. Some information known to the individual but he does not want others to know is the domain of “information privacy”.
The Data Protection law covers how the information may be shared by the individual to others through consent and who are the agencies who are authorized to collect the data even without such a consent. When unauthorized access of such data occurs, the Cyber Crime laws kick in along with the data protection laws that may provide its own penalties for contravention of the “Data Subject’s Rights” of privacy as defined there in.
The intermediaries who collect the data are being regulated both by the Cyber Crime laws such as (Section 79 of ITA 2000) as also the data protection obligations in the laws such as PDPA 2018 (proposed).
[P.S.:Naavi is the Founder Secretary of CySi]