Cyber Security – CERTs, Policy, etc

The march towards an equitable data economy


From UPSC perspective, the following things are important :

Prelims level : GDPR

Mains level : Paper 3- Data governance

The article explains the data governance norms we need to adopt to secure better societal outcomes.

Whatsapp privacy issue

  • New terms of service circulated by WhatsApp, caused a stir among the user.
  • It informed users that data about chats with business accounts would be shared with Facebook.
  • These policies seemed unfair to India as they were not applicable to the European Union (EU), given their strong data protection policies.

Acceptable levels of data exchange

  • Default norms provide power to the tech platforms to collect, analyse and monetize data with complete control.
  • This undergirds business models that seem undesirable for society—with harms to privacy and free speech.
  • Global discussions about alternatives to the “exchange of data for free services” are becoming nuanced.

3 Norms in the data governance

1) Recognition of individual and collective rights related to data

  • It was generally accepted that extraction of data to access free services was a fair exchange with individuals.
  • Emergence of existential threats related to privacy and democracy have highlighted the role of guaranteeing human and civil rights.
  • There has been significant global progress through regulations on individual data rights.
  • A United Nations Conference on Trade and Development (UNCTAD) report claims that 128 of 194 countries have put in place legislations for data protection and privacy.
  • However, this protection is insufficient as it is centered on individuals and does not account for safety of groups.
  • The next wave of data governance ideas will seek to protect collective harms and build on the foundation of individual agency and control.

2) Data sovereignty

  • One-size-fits all global norms of data governance are changing and being replaced by region-specific ideas.
  • Greater acceptance for “data sovereignty” assertions across India and Europe is a welcome shift towards crafting governance that is respectful of local nuances and inclusive of civic participation.
  • The EU general data protection regulation (GDPR) had created an early lighthouse example.
  • On the other hand, the US has adopted a light regulation approach—there is no comprehensive country-wide data protection law.
  • Closer home, India is finalizing the contours of a country-wide and cross-sector personal data protection bill, which reflects local norms.

3) Value creation for all stakeholders

  • So far, data economy has operated in a completely unregulated space, creating a “winner takes all” market, with concentrated profits and little contribution to local taxes.
  • A healthy economy requires value creation for all stakeholders.
  • As tech platforms take up the profitable role of acting as the gateway to all information and social connections, they have a greater accountability and responsibility to contribute to the economy.
  • India’s digital tax through the 2% “equalization levy” is an attempt to make the tech giants pay for revenues earned in India.

Consider the question “What should be norms of data governance we must adopt for achieving better societal outcomes?”


Formal adoption of regulations and setting up of enforcement institutions will lead to meaningful progress in the right direction.

Notify of
Inline Feedbacks
View all comments