Topics In Demand
Notification
New

No notification found.

Privacy By Design : Indian Landscape
Privacy By Design : Indian Landscape

September 6, 2018

2322

0

 

 

India as it contemplates and pushes for its own data protection regime there is a huge opportunity to re-design and design the products and services which will if not eliminate reduce the data privacy risks. And when the world look at you as the pioneers of IT industry some of the key challenges are competitive advantages for India.

 

“Privacy by Design” and “Privacy by Default” have been frequently-discussed topics related to data protection. The first thoughts of “Privacy by Design” were expressed in the 1970s and were incorporated in the 1990s into the RL 95/46/EC data protection directive. According to recital 46 in this Directive, technical and organisational measures (TOM) must be taken already at the time of planning a processing system to protect data safety.

Privacy by Design is a concept Dr. Ann Cavoukian developed back in the 90’s, to address the ever-growing and systemic effects of Information and Communication Technologies, and of large-scale networked data systems.

 

(c)

In October 2010, regulators at the International Conference of Data Protection Authorities and Privacy Commissioners unanimously passed a Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. Since then, Privacy by Design has developed a global presence and has been translated into 37 languages.

 

The term “Privacy by Design” means nothing more than “data protection through technology design.” Behind this is the thought that data protection in data processing procedures is best adhered to when it is already integrated in the technology when created. Nevertheless, there is still uncertainty about what “Privacy by Design” means, and how one can implement it. This is due, on the one hand, to incomplete implementation of the Directive in some Member States and, on the other hand, that the principle “Privacy by Design” which is in the General Data Protection Regulation (GDPR), that the current approach in the data protection guidelines, which requires persons responsible already to include definitions of the means for processing TOMs at the time that they are defined in order to fulfil the basics and requirements of “Privacy by Design”. Legislation leaves completely open which exact protective measures are to be taken. As an example, one only need name pseudonymisation. No more detail is given in recital 78 of the regulation. At least in other parts of the law, encryption is named, as well as anonymisation of data as possible protective measures. Furthermore, user authentication and technical implementation of the right to object must be considered. In addition, when selecting precautions, one can use other standards, such as ISO standards. When selecting in individual cases, one must ensure that the state of the art as well as reasonable implementation costs are included.

 

Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.

Initially, deploying Privacy-Enhancing Technologies (PETs) was seen as the solution. Then, we realized that a more substantial approach is required — extending the use of PETs to a complete Privacy by Design framework. Replacing the existing zero-sum model of either/or with a doubly-enabling positive-sum (win/win) paradigm will be essential.

Privacy by Design extends to a trilogy of encompassing applications: 

  • IT systems; 
  • accountable business practices; and 
  • networked infrastructure. 

Principles of Privacy by Design may be applied to all types of personal information, but should be applied with special vigour to sensitive data such as medical information and financial data. The strength of the privacy measures implemented tends to be commensurate with the sensitivity of the data.

The objectives of Privacy by Design — ensuring strong privacy and gaining personal control over one’s information, and, for organizations, gaining a sustainable competitive advantage — may be accomplished by practicing the  PDF file7 Foundational Principles, which are intended to serve as the foundation of one’s privacy practices.

 

  • Principle 1: Proactive not reactive: preventative not remedial
  • Principle 2: Privacy as the default setting
  • Principle 3: Privacy embedded into design
  • Principle 4: Full functionality: positive-sum, not zero-sum
  • Principle 5: End-to-end security: full lifecycle protection
  • Principle 6: Visibility and transparency: keep it open
  • Principle 7: Respect for user privacy: keep it user-centric

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


© Copyright nasscom. All Rights Reserved.