BN Srikrishna (in pic) is a genial, 77-year-old former Supreme Court judge who recites Shakespeare and Sanskrit scriptures with equal facility. But he’s making the likes of Google, Amazon and Facebook more than a little nervous.
Srikrishna is leading the effort to draft new data-privacy laws for India that will regulate how tech giants from the US and elsewhere operate in the nation of 1.3 billion. His recommendations carry particular weight because India is already the biggest market for companies like Facebook Inc and offers enormous potential for dozens more. The committee Srikrishna helms will send its bill to the government this week.
They’re going well beyond the hands-off American approach that preceded fiascos like the Facebook breach, which facilitated Russian meddling in the 2016 US presidential election, or the Equifax hack, which exposed personal information of about 145 million people.
He and his colleagues are determined to modernise the country’s standards and protect all citizens.
“India has accelerated from a ‘bail gaadi’ economy to a silicon-chip economy but privacy and data regulation rules are still far behind,” said Srikrishna.
The number of smartphone users saw a whopping hike between 2012 to 2017 and increased the use of data accordingly. But this flood of data -- and an absence of regulation -- has fuelled concerns among privacy activists and citizens groups.
“Data-poor India is rapidly becoming a data-rich economy so having a data protection law is critical,” said Srikanth Nadhamuni, the chief executive officer of startup incubator Khosla Labs and former chief technology officer for Aadhaar.
The number of internet users in the country has surged beyond the total in the US. The diminutive, grey-haired Srikrishna discussed the debate during an interview in his Mumbai office. He plans to navigate a “middle path” between the laissez-faire US approach and the stringent General Data Protection Regulation just imposed in Europe. “India is India, after all,” he said, seated in front of a MacBook and pile of papers.
The 10-member committee he heads -- comprising academics and government officials -- is putting finishing touches to their bill. The draft will need parliament approval to be enacted.
Srikrishna’s framework would rein in such practices. It will detail what is fair use, whether technology giants can transfer data across the border, and how to enforce accountability and penalties for violations. It will also establish whether users can access and control their own data, like with the EU’s GDPR.
“Like we keep diabetes and blood pressure in check, controls are needed for data,” Srikrishna said. “Companies like Amazon, Google, Microsoft and Flipkart are extremely nervous.”
Google declined to comment while Facebook didn’t respond to an email seeking comment.
“Should we then have pictograph warnings for consent, like they have on cigarette packs?” he asked.
The biggest challenge according to Srikrishna is not drawing up laws but enforcing them. His own job ends when he submits the draft this week, but he knows that won’t be the end of the debate.