The world of cyberspace is one step closer to our dining rooms today, thanks to the depths delved into consumer behavior analysis. As Alexa gets all set to process, and respond in Hindi, the Indian state must be wary. The absence of a strong data protection regime stands as an advantage to the Tech-giant and serves as a major concern for the Indian state. This step could prove to be the much-needed masterstroke for Amazon to penetrate into the Indian market for smart speakers, which is still in its nascent stages. Already capturing 59% of the market, Amazon is now set to expand its wings and reach the corners of the country, where English is not the dominant language. After its trial run in Hindi, Amazon has also stated that it is planning to improve its technology to include more Indic languages, hence further improve its market share.
The lack of means for the enforcement of the Right to Privacy poses great threat to the personal data of the millions of citizens of India. According to reports, there is human intervention and hence a clear violation of the principles of privacy as regards such technologies. As data is collected from such devices, and used by Silicon Valley and its elites, people become nothing but data points. The individuality of the person is neglected, and rights are compromised. The neglect of principles of individual privacy already takes little or no space in the conversations around data policy in India, as evident from the approach of the Economic Survey 2018-19. However, any shield of protection offered by the cursory mention of utilizing data within the limits of privacy principles while considering it a public good, cannot permeate the inaction in giving due consideration to the possible challenges brought in by big players.
The bigger challenge in imposing any regulation in this field in the lack of understanding of the subject in the Indian tech policy field. Smart speakers are part of a larger group of devices which constitute the Internet of Things(IoT). The only major document which has been published by the Government of India in this regard is the IoT Policy Document. In the regulatory sphere, the 2018 DoT Notification aims at restricting the use of SIMs in M2M(Machine to Machine) communication and lays down guidelines for the use of Embedded SIMs(e-SIMs). A major flaw in both of these documents is the misidentification of IoT devices as synonymous to M2M communication. The limitation of M2M is overcome in IoT devices and it categorically allows for operational efficiency by leaving space for intervention. The Machine Learning aspects to it also allows for much more capability of decision making in them than mere M2M communication.
In a system which already lags behind in understanding the technology, lack of legal protection to the possible violations and exploitation have manifold consequences. When attempting to create an ecosystem for the development of the Digital Market it needs to be kept in mind that a lack of a proper legal regime has potential to limit the entry of players due to skepticisms associated with it. Hence, it is imperative that India looks into multiple concerns, so that there are barriers to entry into the market, as well as the concerns of its citizens are protected.
Although replete with controversies and concerns from stakeholders, the codification of law regarding Data and its Protection is a right step taken by the Central Government. The Personal Data Protection Bill, 2018, attempts to address the concerns of privacy but has been left in cold storage for long now. Tackling the rising disputes related to data, as well as the entry of new technology demands that an effective data protection law is enacted soon so that India does not lose to Big Tech working on piles of cash.
The recent accession of Argentina to Convention108+, shows a way for India to follow in its quest to become a leader in Data Protection. Convention No. 108 of the Council of Europe, which after it’s modernization in 2018 came to be called as the Convention 108+ deals with personal data protection, and is the first of its kind across the world. Convention for the Protection of Individuals with Regard to the Processing to Personal Data, 1981 is the only internationally binding legal treaty in this area of law. It lays down strict norms to be adhered to by States so that that privacy concerns arising out of the use of new information and communication technologies are adequately dealt with. The Additional Protocol of 2001, to the 1981 Convention, further elaborates on the compliance mechanisms for ensuring the adherence to the Convention by the establishment of an independent authority. India could adapt to the standards set by one of the oldest treaty governing the use of Data, use this as a model and improve its data protection regime. Once the infrastructure to adhere to the mandates of the Convention is set up, India could officially accede to the Convention which will be a clear indication to the world of its Commitment to Data Protection. This would, in turn, result in the entry of more players into the Indian digital market.