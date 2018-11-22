The rollout of the General Data Protection Regulation (GDPR) in the European Union has provided a new perspective on how privacy needs to be handled and tempered demands for similar laws in the US and other countries.

Apple CEO Tim Cook believes that regulation of tech companies is inevitable. Cook said that while he is a big believer in the free market, the mechanism is not functioning well, necessitating regulation. Mint analyses the reasons for regulation and the likely impact on India.

Why does Cook believe that regulation is inevitable?

After the Cambridge Analytica scandal, where personal data of around 50 million Facebook users was illegally acquired by the UK-based political consulting firm and misused to influence voters during the US polls, regulators have become more sceptical about how tech firms store and share user data. Tech firms have failed to plug data leaks. In September, a bug in Instagram compromised email IDs and phone numbers of up to six million users. In October, Google said that data from up to 500,000 Google+ users might have been exposed to third-party developers by a bug.

What can regulation change?

The rollout of the General Data Protection Regulation (GDPR) in the European Union has provided a new perspective on how privacy needs to be handled and tempered demands for similar laws in the US and other countries. Regulations such as GDPR are designed to alter tech companies’ approach to data privacy. It mandates them to keep users informed in an easy-to-understand language on the kind of data being collected and how it would be used. In case of a breach, users have to be informed immediately. Failure to comply can result in penalties of up to€20 million or 4% of annual global turnover.

What’s the implication for regulators in India?

A draft data protection Bill has strict mandates such as data localization. It requires all governance-related data to be stored on servers within India to protect the privacy of Indian citizens.

What does this mean for users in India?

Experts say this would undermine the privacy and security of users as more countries may raise such demands: numerous copies of data would abound, making it harder to protect them from hackers. The government may use regulation to control and access data and force firms to share user data with it. The draft Bill exempts the state from seeking users’ consent before accessing their personal data, if it is needed for the function of the state and parliament. Experts say it would be best to have a separate law for data localization.

What would be the cost of regulation?

Industry bodies such as the Internet and Mobile Association of India that represent domestic and global firms have been critical of the draft Bill. They argue that the new regulation on collection and storage of user data will increase the cost burden on tech firms, particularly start-ups. A Delhi-based public policy think tank, The Dialogue, forecasted a loss of nearly 1 percentage point in GDP and added that data localization norms could cost an average Indian worker up to 11% of his/her monthly salary.