Companies or governments must return user data on demand' under law, says ex-UIDAI chief

Infosys Technologies founder and the former chairman of the Unique Identification Authority of India Nandan Nilekani has mooted a new data protection and empowerment law to ensure that individuals have control over their data and can ask service providers to return their data stored with them.

Acknowledging that privacy issues currently being considered by a nine-judge Supreme Court bench are important, he said the larger issue is to get citizens to use their own data more effectively and backed China's approach of compelling companies to host Chinese users’ data within the country, instead of overseas.

“We are seeing platforms that accumulate user data rapidly disrupt industries, wield disproportionate influence and create silos because data is their asset. This leads to data domination… it’s already there and policy makers should start worrying about it,” Mr. Nilekani said at the Delhi Economics Conclave, adding that countries around the world are waking up to the issue.

Terming data the most important resource in the current century, Mr. Nilekani said that India must have a strategic policy position on data-related issues, specifically on and national security and data colonisation (your data belonging to someone who isn’t under your legal jurisdiction) , privacy and a new anti-competitive paradigm where the winner takes it all.

“If we can’t trust anybody, then give data back to the people. That’s the best way to solve this problem… by putting the user at the centre of it all. Where there is data collected in India by anybody, be it an Indian or international company or government, I should have the right to get my data back,” he said, stressing that it is very important to create a data empowerment law that enshrines such rights for individuals.

The architect of the Aadhaar programme said that ‘inverting the data’ — by putting users in charge of their own data —will help defend privacy too.

“The privacy argument is that (giving data to) private companies is fine because you give consent. I don’t think anybody who has signed the consent for any product, has read what it says. Fundamentally, you have to either take it or leave it. The best that we can have – where I can negotiate terms with the service provider on what they do with my data and that defends privacy,” he said, suggesting regulations on how companies can splice or dice user data.

“When you come out with a data protection and empowerment law, you also have to talk about data sovereignty and where is that data. The Chinese are very clear, they say you want to do business in our country, keep the data here,” he pointed out.

“This way, you address the issue of privacy, data colonisation and competition. This is what can be called a data democracy. The time is now because India is now adopting digital at an unprecedented pace,” Mr. Nilekani asserted.