From UPSC perspective, the following things are important :
Prelims level : DEPA
Mains level : Paper 3-Data protection regulations
A number of countries have been looking to extend their existing data protection frameworks to ensure that users have more effective control over their data than their regulations currently allow.
Measures to unlock the data silos
- Benefits: These measures aimed at unlocking data silos will make it easier for data to flow from the entity that currently holds it to any other data business that might want to use it with the permission of the data subject.
- In Australia, Consumer Data Right framework will allow consumers in Australia to require any business with which they have a commercial relationship to transfer that data to any other business of their choice.
- The first sector in which this new data right is being rolled out in the banking sector, with power set to follow close on its heels.
- The EU’s proposed Data Act will create a fairer data economy by ensuring better access to and use of data and is intended to cover both business-to-business and business-to-government transfers of data.
- Along similar lines, the EU has also drafted a Data Governance Act to govern the data exchanges and platforms.
- It will thus both enable and regulate new data-sharing arrangements that will intermediate the transfer of data from data businesses that currently hold it to those that have been permitted to use it.
- Data regulation to protect and utilize data: Regulatory activity seems to suggest that it is not enough to protect data if you cannot also ensure that this data is effectively utilized.
What are the issues with regulation measures?
1) Law and regulation cannot keep pace with technology
- Technology determines how data is collected, processed and used, and, by extension, the manner in which it is transferred.
- Decades of trying to regulate technology businesses have taught us that laws and regulation simply cannot keep pace with changes in technology.
- No matter how fast we move, if the only weapon we are using to regulate technology is the law, we will be doomed to play catch-up forever.
- These new consumer-centric measures are likely to fail if they are to be implemented solely through legislation.
2) Data transfers in the absence of a legal framework can lead to problems in India
- India has adopted a slightly different approach to data transfers known as the Data Empowerment and Protection Architecture (DEPA).
- DEPA offers a technology-based solution for consent-based data flows, allowing users to transfer their data from data businesses that currently hold them to those that want to use them.
- Last week, the country’s Account Aggregator framework—the first implementation of DEPA—went live in the financial sector.
- It too suffers from infirmities that could threaten its success.
- India still does not have a data protection regulation and implementing a technological solution for data transfers in the absence of a legal framework could lead to new problems.
Way forward: Techno-legal approach
- Use techno-legal approach to regulate: Technology businesses are most effectively regulated through a judicious mix of law and technology—strong, principle-based laws to provide the regulatory foundation, with protocol-based guardrails to ensure compliance.
- Seven countries came together to endorse a techno-legal approach to data regulation.
- If successful, this would be the first global attempt to adopt a techno-legal solution for data-transfer regulation.
Consider the question “There is growing appreciation in regulatory circles that it is not enough to protect data if you cannot also ensure that this data is effectively utilized” In light of this, examine the challenges in regulation of data while ensuring its safe transfer for utilisation.”
Techno-legal solution offers effective ways to deal with the problems of data regulation and data transfer.