Data Processors may be able to create a Diamond out of Charcoal..if Indian Data Protection Act is innovatively drafted

In the Privacy and Data protection circles, a debate is going on for some time in India. Naavi.org had also suggested this to the Srikrishna Committee during the public consultations. (Refer: “Personal Data Should be Considered as Personal Property”). Subsequently, DISHA 2018 in its draft form has endorsed this view.

Now the TRAI Chairman also seems to have suggested “Ownership of telecom data must rest with users: Trai“. Detailed copy of the recommendations is available here.

Though GDPR does not speak the language of ownership, and stops at “Data Subject’s Rights”, the California Privacy Protection Act recognizes the Data Subject’s right to “opt-in” to a selling of personal data and also provides that

” A business may offer financial incentives, including payments to consumers as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. A business may also offer a different price, rate, level, or quality of goods or services to the consumer if that price or difference is directly related to the value provided to the consumer by the consumer’s data.”

This provision also indicates that the personal data is considered a possession of value for the data subject which can be exchanged for financial benefits. This is essentially a character of “Property”.

The world therefore seems to be veering down to the view that personal data is the property of a data subject and when he gives a consent for collection, he is actually alienating his property to the Data Collector and providing permission for specific use of the property for which he has a right to charge a price.

This is precisely the nature of “Intellectual Property” when the right is “Licensed” to another person for a price and can be sub licensed with a royalty flowing into the original intellectual property owner as the value keeps building up with the super structures built over the original property.

A similar benefit can be assigned to the Personal Data if it is accepted as a “Property” an “Intangible, Virtual property” recognized as a class of property on its own.

I hope that the Indian Data Protection Act which is under the final drafting stage will recognize this view and ensure that a proper system is introduced to enable data subjects to value their personal data and negotiate with data collectors to get a good price.

The undersigned suggested that there is a need to recognize the role of a “Data Trust” (Refer: “Look beyond GDPR and Create Personal Data Trusts to manage Privacy of data subjects“) with whom the data subject can park their personal data and let them manage it so that the data subject gets a maximum value for his personal data.

Such Data trusts can anonymize, pseudonymize or otherwise re-package the data and create marketable packages and license it under different terms to interested data controllers and data processors. The Data controllers and Data processors can then innovatively aggregate the personal data and create value out of the raw data. 

The need for such a thought has also been explained in detail in the concept of “Theory of Dynamic Data” where the power of an innovative data processor to convert raw data which is worthless in the hands of the individual can be made into a valuable data and part of the value can be shared with the data subject has been outlined. 

“Data Processors may be able to create a Diamond out of Charcoal” is the idea discussed in the above theory which requires the recognition that Data is a property of the data subject and he should have the right to sell it or license it for a consideration and the data processing businessmen can compete fairly with each other in giving the maximum value of the data for the data subject.

If the Government of India recognizes the potential of “Personal Data as a Valuable Personal Property”, billions of Indians can pool together their inherent data asset that is born with them and perhaps create a small fortune for themselves.

Will the authors who draft the Indian Data Protection laws be innovative enough to incorporate the “Theory of Dynamic Data”,  “Licensing of Personal Data” and role of “Data Trusts” in the eco-system, is the moot question. Let’s us wait and see how things shape up.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.