Rapidly increasing digitisation in India has had its share of positives for the Indian economy. However, it has also exposed a whole gamut of internet security issues that can be linked to the current transitory phase of India’s digitisation process.
Across the world, rules governing the behaviour of digital players are evolving as nation's experiment with different approaches and consider diverse policy priorities and objectives. Governments are increasingly concerned about protecting personal information and arresting the incidence of cybertheft that has affected consumers and businesses.
India’s digital transformation is premised on three major developments. The unprecedented adoption of smartphone uses in the country, the presence of a young and technology-savvy population and affordable access to internet services and devices. The government’s push through its ‘Digital India’ programme has had its own benefits as well. Simultaneously, India saw a 37% increase in cyberattacks in the first quarter (Q1) of 2020 as compared to the fourth quarter (Q4) of the previous year, according to the Kaspersky Security Network.
India is in the middle of two draft legislations that are aimed to ensure data integrity. The Personal Data Protection Bill 2019 (PDPB) which is pending in the parliament and the Digital Information Security in Healthcare Act (DISHA) are being promoted by the government as instruments that will ensure data privacy.
The PDPB has been promoted by government officials who have stated that data localisation will help law-enforcement access data for investigations and enforcement. The Bill is also being appreciated for its features against foreign cyber-attacks and surveillance. Many domestic technology companies, which store most of their data exclusively in India, support localisation. Paytm and Reliance Jio have strongly supported this move in favour of data localisation. According to some observers, data localisation will also help India to better tax internet giants.
However, there are quite a few questions that are raised against the bill. Opposition parties and civil society groups have criticised the open-ended exceptions given to the government in the Bill, allowing for governmental surveillance. While criticising the Bill, Adhir Chowdhury, Leader of the Opposition, Lok Sabha, stated in the Indian parliament, “When our privacy is under threat and when our people are fighting in the Supreme Court the battle of privacy, in that time I think this kind of a bill should be examined thoroughly and not rushed into.”
The Communist Party of India (Marxist) was the only party to put digital privacy in its election manifesto. Their objectives included putting a stop to ‘bulk surveillance and scrapping the Aadhaar biometric identification for social welfare methods. CPI(M) had demanded that the government should postpone the rolling out of the Health Data Management Policy (HDMP) and National Digital Health Mission (NDHM) till a full-fledged discussion takes place in the parliament. Calling it a serious breach of personal data, Sitaram Yechury, General Secretary, CPI(M) had written a letter to Prime Minister Narendra Modi and had asked to hold up the HDMP till a conclusive stance could be attained on data privacy in India. According to him, making sensitive personal data of all citizens available to private insurance and pharmaceutical companies under the National Digital Health Mission (NDHM) is a breach of the ‘protection of personal data’ and needs to be checked.