Data Protection: an important balancing challenge
It is a general attribute of modern societies that all their members have a right to own property. In its earlier forms property was always tangible and either immovable ( lands and buildings) or movable ( cattle). With the Industrial Revolution, movable property could also mean cycles, cars or buses. As we evolved, the concept of ‘contractual property’ emerged such as shares and bonds. And of what are called ‘negotiable instruments’. And more recently we saw the legal acceptance of Intellectual Property in the form of Trademarks, Copyright and Patents. And a global regime like TRIPS as a framework to which national laws were aligned. We had to align ourselves to the new ‘product’ patent regime as opposed to our ‘process’ patenting regime, which was a formidable challenge to our Pharmaceutical industry. It was not only copyright violation that was clearly illegal, but the collateral of ‘plagiarism’ which is more a matter of ethics that became a concern, especially for academics with tools like ‘turnitin’. Software could now be patented in some jurisdictions, though not in India.
To regard ‘data’ as an entity that is bestowed with attributes such as ownership, that is rightful or unlawful and has to be regulated is a relatively recent phenomenon of about a few decades ago.
Probably UK was the first to have a formal law “ The UK data protection Act 1984” to deal with the matter. The Data Protection Act 1998 is the current UK law governing how the personal data of the country’s citizens is managed by any organisation, be it public or private, including charities.
After 20 years, UK data protection regulations are being updated with a new law, to make it more relevant to the way technology is used today and harmonise it with the EU’s General Data Protection Regulation (GDPR) that have come into force from Friday May 25th 2018.
Personal data is any information relating to you, whether it relates to your private, professional, or public life. In the online environment, where vast amounts of personal data are shared and transferred around the globe instantaneously, it is increasingly difficult for people to maintain control of their personal information. This is where data protection comes in.
Data protection refers to the practices, safeguards, and rules put in place to protect your personal information and ensure that you remain in control of it. In short, you should be able to decide whether or not you want to share some information, who has access to it, for how long, for what reason, and be able to modify some of this information, and more.
Who owns data? Ownership involves determining rights and duties over property. The concept of data ownership is linked to one’s ability to exercise control over and limit the sharing of their own data. If one person records their observations on another person who owns those observations? The observer or the observed? What responsibilities do the observer and the observed have in relation to each other?
There is also a growth in appreciation of “ data ethics” regarding undesirable handling of personal data, even if there is not a violation of the letter of the law.
When you give your personal details to an organisation or individual, they have a duty to keep these details private and safe. This process is known as data protection. We refer to organisations or individuals who control the contents and use of your personal details as ‘data controllers’.
Many of us give information about ourselves to groups such as Government bodies, banks, insurance companies, medical professionals and telephone companies to use their services or meet certain conditions. Organisations or individuals can also get information about us from other sources. Under data protection law, you have rights regarding the use of these personal details and data controllers have certain responsibilities in how they handle this information.
But there is another principle that ‘private property’ may be coercively and compulsorily acquired for a larger public purpose. This is how land is acquired for creation of educational Institutions, public hospitals or for building bullet trains. And private buses are requisitioned by the election commission in order to hold elections. Sometimes the stated ‘ public purpose’ may be questionable.
By analogy, for reasons of national security, improved healthcare and other public good, the data of citizens may be compulsorily sought as in the Aadhar card.
The balance between rights of individuals and national and social interest will evolve over time.
Among many other questions that GDPR raises is of its impact on Machine learning in particular and data science in general. The short answer to this question is that, in practice, ML will not be prohibited in the EU after the GDPR goes into effect.
It will, however, involve a significant compliance burden, which I’ll address shortly.
Technically, and misleadingly, however, the answer to this question actually appears to be yes, at least at first blush.
The GDPR, as a matter of law, does contain a blanket prohibition on the use of automated decision-making, so long as that decision-making occurs without human intervention and produces significant effects on data subjects.
In Chapter V of Ancient Law, Henry Sumner Maine characterizes the evolution towards progressive societies as a passage from status (an ascribed position) to contract (a voluntary stipulation).
In terms of the present age of Big Data, Machine Learning and learning algorithms, we might project that “ As societies progress, they move from authority to data”.
Or articulated a bit differently from hierarchical human decision making to algorithmic decision making.
If you want to know some more about data protection in different jurisdictions and the Implications of the European GDPR, you may join a FREE Whatsapp weekend learning course that will run on Saturday July 21st/Sunday July 22nd by following this link : https://chat.whatsapp.com/7AsfvFL17RF1jToIPEXYOZ
If this link does not work for any reason, please send a Whatsapp message to Prof MM Pant at +919810073724 or an e-mail to firstname.lastname@example.org