• ASSOCHAM brainstorms global privacy & data protection

By Neelabh Saxena

New Delhi, India. 04 June 2023. The biggest theft with easiest modus operandi in the world of 2023 is of data and the most important global issue is keeping this data  safe. From our mobile phones to laptops from office networks to open networks from personal computers to high security zone computers , all are vulnerable to frauds and theft. In the connected world of today where use of online is imperative, the biggest necessity is online safety.  The national capital saw a major meeting of minds to threadbare this challenge and brainstorm the solutions to keep it at bay.

The 2nd ASSOCHAM Global Privacy & Data Protection Leadership Meet 2023  brought together industry leaders, policymakers, legal experts, and technology professionals to discuss and address the challenges and opportunities in the field of privacy and data protection. The purpose of the event was to provide a forum for information exchange, networking, and collaboration among those with an interest in the constantly changing field of data privacy and protection.

The event began with the inaugural session where the welcome address was given by Dr. Lovneesh Chanana, Sr. VP & Regional Head of Govt Affairs for Asia Pacific & Japan, SAP. He acknowledged that the topics of data protection and data privacy were not new and had been the subject of an ongoing debate with emphasis on various purposes of data, such as innovation, regulation, and development, as well as the importance of establishing trust and ensuring user convenience. “ The rapid advancements in artificial intelligence pose challenges regarding data privacy. Evolving models of data governance and the increasing focus on data privacy in bilateral trade agreements and discussed the complexities of managing data privacy within the realm of artificial intelligenceare necessary and so is the need for a horizontal approach to address data privacy and protection across different domains, which would reduce compliance costs and simplify the process. The importance is of a comprehensive platform that integrates sector-specific regulations to facilitate compliance,” emphasised Dr, Chanana.

Dr. Subi Chaturvedi, Global SVP, Chief Corporate Affairs and Public Policy Officer, InMobi Group welcomed everyone to an international event dedicated to discuss the pressing issues of data protection and governance. Rather than perceiving these topics as threats, she viewed them as opportunities for open dialogue and learning from respected individuals present at the event. She expressed  deep personal investment in the growth of India’s digital economy, emphasizing entrepreneurship, job creation, and India’s aspirations for a five trillion dollar digital economy with significant impact of generative AI on global economies, including India. She stressed on the need for a mindset shift regarding privacy rights and dwelled on the importance of data privacy and governance across all sectors, calling for corporations to actively support privacy and play a larger role in the global economy.

Dr, Chaturvedi advocated a proactive approach to privacy in technology development, urging privacy to be considered from the outset rather than as an afterthought. She encouraged citizen involvement, digital capacity building, and cybersecurity awareness, envisioning a collaborative effort to keep the internet free, safe, and open mentioning the forthcoming revision of the IT Act and invite ongoing engagement and contributions from participants.

The day’s sessions, questions, and conversations revolving around the internet, freedom, and responsibility. Through virtual presence,  Ram Rakkappan, Chairman, ASSOCHAM National Council on Fintech and Head of Govt Engagement, Visa Inc  shared  the  perspective for Digital India and exhorted the significance of global privacy and data protection, with a specific focus on two critical aspects: privacy regulations with compliance and data governance with accountability. He underscored the profound impact of new and forthcoming privacy regulations such as GDPR and CCPA in shaping data management practices across the globe. He urged the audience to embrace the challenges and opportunities presented by these regulations, emphasizing the importance of adapting and thriving in a changing regulatory landscape with the need for organizations to prioritize responsible data governance and accountability, encouraging the establishment of robust strategies and ethical data handling practices.

Rahul Jain, Head-Digital Public Policy, Amazon emphasized the significance of global privacy and data protection and said that the importance of trust and the responsibility organizations held in safeguarding customer data, required the need for transparency, ensuring that customers were fully aware of how their data was collected and utilized. He  asserted on the value of easy interaction for customers, simplified privacy measures that enabled individuals to manage their preferences effortlessly and the criticality of data flow and its security, urging organizations to implement robust encryption and secure protocols to protect sensitive information.

Accountability with responsibility between organizations and customers highlighted the necessity for organizations to comply with privacy regulations and prevent unauthorized access, while customers were encouraged to be informed about their rights and responsibilities regarding their data is the need of the hour. While concluding, he adopted an optimistic stance on the future of the digital era, expressing belief in a digital ecosystem where privacy and data protection were seamlessly integrated. By prioritizing accountability, transparency, and responsible data handling, He envisioned a future that respected privacy, empowered individuals, and fostered progress, leaving the audience with a hopeful outlook on the future of digital privacy.

Rajesh Ranjan, Director, Government Affairs & Public Policy, Microsoft appreciated the chance to discuss privacy and acknowledged its significance in various sectors with emphasis on the need for a thoughtful discussion on this challenging topic. He recognized the widespread impact of data generation and Microsoft’s commitment to empowering users while considering trade and business interests. He referred to the historical and legal context of privacy in India and the global landscape of privacy laws highlighting the importance of coherence among regulations and collaboration between regulators to establish regional and global standards. He stressed on the benefits of standardization, such as consumer trust, reduced complexity, and lower business costs. Concluded by expressing Microsoft’s support for collaborative efforts between government, regulators, and the industry to achieve successful data protection standards.

Lt. General (Dr.) Rajesh Pant, the Government of India’s National Cyber Security Coordinator focussed on the need for a deeper understanding of data protection and mentioned the upcoming Digital India Act and Personal Data Protection Bill in India. “The increasing significance of data in society and referenced high-profile cases of data breaches and fines imposed on companies like Meta (formerly Facebook),  the dark web and the sale of data, as well as the growing importance of privacy regulations globally need to be taken very seriously,” he enunciated  by quoting Gartner’s prediction that 75% of the global population would be covered by privacy regulations by 2024. He  stressed on understanding  trends identified by Gartner, such as data localization, privacy-enhancing computation techniques, remote work, zero trust architecture, and centralized privacy user experience and reiterated that the challenges faced by the industry included the use of AI, cyber-attacks, and public awareness of privacy issues  needed to be constantly in mind for transparency, customer control over personal data, protection against unauthorized access, and compliance with privacy laws and regulations.

As the co-chair of the Sir Charles National Council on IT, ITES, and E-commerce & Director Public Policy India, Meta,  Sunil Abraham extended a vote of thanks. He recalled the key points raised by the panel speakers. Dr Chanana’s survey of global and regional best practices provided valuable insights, particularly from their vantage point in the Asia Pacific region. He found Dr Chanana’s argument compelling, emphasizing the need to shift from focusing on “what” to “how” in operationalizing data protection, especially in relation to emerging technologies like generative AI. Dr. Subi Chaturvedi’s contribution emphasized the significance of multi-stakeholder conversations, both at global and national forums, highlighting the importance of inclusivity and the active participation of all stakeholders in developing evidence-based policy, he agreed.

He accented that Ram Rakkappan’s brief but impactful account shed light on the damage done to consumer trust and the subsequent regulatory interventions by governments to safeguard customer rights were alarming but he concluded on an optimistic note, stating that the pendulum is now swinging back in favor of consumer interests. From Amazon’s perspective, he found value in the discussion led by Rahul Jain, who focused on solution-based perspective and emphasized the principles of transparency, customer control, and security as vital for rebuilding trust with consumers. He acknowledged the need for thoughtful implementation of these principles, ensuring an appropriate balance of transparency without compromising privacy.

Rajesh Ranjan’s contribution resonated with him, particularly his emphasis on the industry operating within guardrails for the benefit of all stakeholders. General Dr. Rajesh’s insights provided important context regarding the current regulatory landscape in India, highlighting the significance of the Digital India Act, Personal Data Protection Bill, and Telecom Bill. He also noted India’s unique approach and proposed regulatory innovations, such as the concept of Digital Data Embassies.

In conclusion, he thanked the guest of honor, Lt. Gen (Dr.) Rajesh Pant for his presence and wisdom, and expressed gratitude to the organizing team and esteemed colleagues for their valuable contributions to the Global Privacy and Data Protection Leadership Meet 2023.

In the following session Sandeep Bhambure, Vice President and Managing Director, India and SAARC, Veeam quoted Albert Einstein, “Insanity is doing the same thing over and over again and expecting a different result.” This quote holds true when it comes to global privacy and data protection, he said and weighted the importance of prioritizing cybersecurity in the face of increasing data migration to the cloud with paramount significance of cybersecurity in today’s digital landscape, acknowledging the challenges that organizations face due to budget constraints when implementing comprehensive cybersecurity measures.

The audience was reminded that the cost of a data breach or cyberattack far exceeds the investment required for robust cybersecurity practices. He highlighted the alarming rise in ransom attacks by 70% in 2021 as a clear indication of the dire consequences of neglecting data protection. To address these challenges, he advocated for a data and application-centric approach to data protection, emphasizing the need to focus on securing data at its core and implementing robust security measures throughout its lifecycle. He quoted Dr. Loveesh and emphasized the importance of taking a horizontal approach to data protection, considering all aspects and layers of security.

Cybersecurity is not solely the responsibility of individual organizations but requires a collective effort was the consensus. Building the last line of defence against cyber threats was emphasized as crucial, which involves fortifying digital infrastructure and establishing proactive security measures. The implementation of the Digital IT Act in India, after a wait of two decades, was cited as a significant milestone in strengthening data protection regulations.

Speaker also touched upon the challenges posed by virtualization, hybrid IT, and multi-cloud-based platforms, making data protection more complex. The audience was reminded of the necessity to tailor data protection, recovery, and replication strategies to suit the unique needs of each organization. The shared responsibility of protecting data was emphasized, requiring collaboration among service providers, businesses, and individuals. Ultimately, the adoption of SaaS platforms and framework strategies were portrayed as the key to a secure digital future. In conclusion, he urged the audience to break free from traditional approaches and embrace innovative strategies in global privacy and data protection.

Panel Session 1 on “Innovative and Global Solutions for Cross-border Data Flow with Trust” delved into various aspects of data management and privacy like impact of new and upcoming privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Participants highlighted the challenges and opportunities these regulations present for businesses operating in a global landscape. The panel then shifted its focus to data governance and accountability.

Kalindee Mehta, Regional General Counsel, Asia Pacific & Japan, SAP emphasized on the importance of responsible data handling practices, strategies for establishing effective data governance frameworks along with the need for organizations to foster accountability in their data management processes. The participants emphasized the significance of transparency and clear policies to build trust among consumers and stakeholders. Addressing the pressing issue of cybersecurity and data breaches, the panel analyzed the latest trends and emerging threats in the cybersecurity landscape.

Garima Rathore Director, Government Affairs & Public Policy, Microsoft India, pointed out the need of incident response strategies , the importance of proactive measures to prevent data breaches and the necessity of decentralization of data as an alternate solution towards cyber-attacks.The panelists stressed the need for continuous monitoring, robust encryption, and employee training to mitigate the risk of cyber threats. Ethical considerations in data-driven decision-making formed another crucial aspect of the discussion.

The panelists  underlined the ethical implications of using data for decision-making purposes and highlighted the need for responsible data usage. They explored various frameworks and guidelines that can help organizations make ethical decisions when leveraging data, taking into account factors such as privacy, consent, and fairness. Throughout the panel discussion, the experts underscored the importance of collaboration between businesses, policymakers, and regulators to address the challenges associated with cross-border data flow. They emphasized the need for innovative solutions that balance privacy, security, and data sharing, enabling organizations to harness the power of data while respecting individual rights and regulatory requirements. In summary, the panel discussion shed light on key topics related to cross-border data flow and trust. Privacy regulations and compliance, data governance and accountability, cybersecurity and data breaches, as well as ethical considerations in data-driven decision-making, were all explored in depth. The discussion underscored the importance of responsible data management practices and the need for collaborative efforts to ensure a secure and trusted global data ecosystem.

Panel Session 2 centered on “Innovative and Global Solutions for Cross-border Data Flow with Trust” put into spotlight  the challenges and opportunities presented by the rapid advancements in technology and the increasing need to protect individuals’ privacy rights. The panelists emphasized the changing privacy ecosystem, where personal data has become a valuable asset for businesses and individuals alike. They discussed the shift in consumer attitudes towards privacy and the growing demand for more control and transparency over the use of their personal information. The experts highlighted the need for privacy regulations that align with these changing dynamics and provide individuals with greater control and protection.

The discussion also focused on the regulatory developments in the privacy space. The panelists analyzed the impact of new and upcoming privacy laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), on businesses and individuals. They explored the challenges faced by organizations in complying with these regulations and the potential benefits they bring in terms of enhanced data protection and individual rights. Furthermore, the experts delved into the role of technology in privacy regulation , discussed the opportunities presented by emerging technologies such as artificial intelligence and blockchain in enabling privacy-enhancing solutions and the potential risks associated with these technologies and the need for regulatory frameworks that strike a balance between innovation and privacy protection.

The panelists acknowledged the global nature of privacy regulation and the need for international cooperation in addressing privacy challenges and the importance of cross-border collaboration and the harmonization of privacy laws to ensure consistent protection of personal data across jurisdictions. In conclusion, the panel discussion highlighted the evolving privacy landscape in today’s digital world. The changing privacy ecosystem and regulatory developments were examined in depth, emphasizing the need for privacy regulations that align with technological advancements and individual expectations. The experts emphasized the importance of empowering individuals with control over their personal data while fostering innovation and international cooperation. It was clear from the discussion that privacy regulation plays a crucial role in building trust and ensuring the responsible and ethical use of personal information in the digital age. During Q n A round of this session, a question was raised from the audience which still needs answer not only from the panelists but from the industry itself questioning the approach of whole field altogether – “When are we going to include case studies of the industry as a discussion to enhance our learning and progress in the field?”

 2nd ASSOCHAM Global Privacy & Data Protection Leadership Meet 2023Panel Session 3 on “Innovative and Global Solutions for Cross-border Data Flow with Trust.” highlighted key considerations for organizations operating within the Indian data protection landscape. Topics of focus included the role of the Data Protection Officer (DPO), conducting Privacy by Design Impact Assessments, obligations of Significant Data Fiduciaries, and breach reporting. The experts stressed the importance of having a dedicated DPO who oversees data protection and serves as a point of contact. Privacy by Design Impact Assessments were emphasized as a crucial step to identify and address privacy risks early on. Organizations handling significant personal data were urged to implement robust measures and ensure transparency. Prompt and transparent breach reporting, along with well-defined incident response plans, were highlighted as essential. Despite challenges, organizations were advised to invest in data protection measures, including training and infrastructure, while fostering a culture of privacy. Compliance with the data protection framework and prioritizing data protection were emphasized for building trust and safeguarding personal data.

The conference provided a holistic view of the challenges and opportunities in privacy and data protection, emphasizing the importance of a privacy-focused culture, ethical data usage, and cybersecurity. The exchange of ideas and experiences among industry experts and professionals contributed to a collective understanding of the complexities and evolving nature of privacy in the digital age. Overall, the 2nd ASSOCHAM Global Privacy & Data Protection Leadership Meet 2023 was a bridge in furthering the dialogue on privacy and data protection. It paved the way for continued collaboration and innovation in addressing the privacy challenges of the future, ultimately fostering trust and confidence in the digital ecosystem.