Who owns the Data? An Insight into Data Ownership and data Privacy


Introduction


The concept of connected devices or more commonly known as Internet of Things(IOT) has been into picture from the inception of internet but still at this present time, the concept remains even less understood. From the first device which informed whether the newly inserted soft drink cans were cold or not, to the smart refrigerators which check the groceries and add them directly to the to-do list of your smart phone.

IoT in its simplest form means how the plethora of devices (both electronic or mechanical) are connected to people or how these devices are connected to each other to transfer data over a network. Today, with the introduction of IPv6 (Internet Protocol version 6) it is much more likely to achieve the goal of connected devices as we can give each device their own IP. Smartphones and computers do not fall under the category of Internet of things.


With IoT itself being in its infant stage, there are few legal aspects that we need to keep in mind before implementing the concept of connected devices. The most important one is the ability to the people to decide which information about them the devices can take and share over the network. This very concept of Data Privacy is now more important because of the recent landmark decision made by the Supreme Court in Justice K S Puttaswamy (Retd.), and Anr. Vs. Union of India and Ors. Another important concept is to know about the ownership of data generated by the devices which relates to the consumer.


Understanding the Concept of Data Ownership


Data- “Those who rule data will rule the entire world”

In simpler terms data is anything that has qualitative or quantitative value. It could range from notes of doctors or authors to the metrological information sent by the METSAT. From ages data has been perceived to be something of greater importance. In today's high-tech world full of technological marvels ‘Data is the new oil of Digital Economy’.

In terms of computers and connected devices, data is just streams of 0s and 1s but the value they possess can’t be weighed. Connected devices continuously share data with each other over the network. This data can be about the status of environment, the objects or variable in it or it can also be about the working status of devices. It typically depends upon the type of device. Since, the number of connected devices is increasing every second thus the generation of data is also being increased at a phenomenal rate. There are various estimates about the growth rate of data but it can easily be said that the data will double every two years. Trends also suggest that M2M (Machine to Machine) connections will see the highest growth rates by 2021 which will approximately increase by 2.4-fold from the current situation. This means with such large number of connected device the data generation by them will also increase. With such large amounts of data being generated every minute ‘The Zettabyte Era’ will be here sooner than expected.

In legal terms data means the formal representation of information, or the processed form of information. It has become valuable to the extent that its presence has itself given birth to new forms of crimes like theft of data, identity theft, banking frauds and other kinds of frauds relating to online impersonation.


Who owns the data?

Organisations today are overwhelmed by the data that is being created at such a high rate. With evolving BI (Business Integration) and processing power, companies now have the power to store and analyse the consumer data and bring out intelligent inferences to increase profit and reach. Digital Data and its ownership is a very complicated topic. After Facebook announced that users cannot delete their data from Facebook, Mark Zuckerberg responded with “..,It’s complicated.” He was right to say so.


Ownership in legal terms is the relation between person (individual, group, corporation or government and an object. Ownership can be of movable as well as immovable object. In current era Data is also considered as one of the most important asset of person (individual, group, company or government) and hence the ownership of data is to be clearly recognised. Like other traditional objects the ownership can be well established with few tests but the case is not same when it comes to data.


The problem with ownership of data is that the data doesn’t stay, it flows through different mediums and corporations and is never stable. Another way to look into the data ownership is from where it is originating. In most cases the consumers are the ones that generate data, so the first right should also be of the consumers. But, it is not as simple. In fact in the current legal regime you don’t own the data about yourself.


Data Privacy- A Priority, and not just an option


With the advent and increasing use of technologies, the traditional concept of privacy would have to give way to new dimensions and in fact expanding dimensions. More and more behavioral norms are changing, the social media users are happy to share their private life with billions of other Users. The right to privacy with regard to data becomes more complicated when it is transposed from offline world to the online world. The fear of misuse of data is put to rest for the time being since there is no legislation which can regulate its misuse by state run agencies and the State itself. It also gives rise to a debate on Data protection, a regulatory body which could work independently but answerable to the parliament, put in charge of enforcing data protection. Data is valuable and with development of new technology such as Artificial Intelligence, IOT, etc., it will become a very lucrative business. National Security is of prime importance and therefore sharing of data without any controls and checks will be very risky. The inconsistent relationship between privacy attitude and privacy behavior weakens the implementation of data privacy policies.


Several questions arises as to why the data should be protected? Or, which type of data should be protected? Therefore we can classify data into four categories i.e. personal data, sensitive personal data, confidential business information and test data. At presently, there is no express legislation to protect data from theft or misappropriation in India. However, there are some provisions in different legislations to protect data and it’s use up to the limited extent. Nobody wants the misuse of their personal data; privacy of personal or confidential information is one of the most important aspect in any person’s life for this information is attached to the sentiments. With the advent of technology and its rapid development, most of the work that was earlier done on paper or in person is now being done online based on the doctrine of functional equivalence. Examples include filling up of online forms or maintaining records in online form with the government and its agencies or online transactions or transfer of money. This advancement has brought ease to the people as most of the work is done from the click of a mouse itself. Since this information is now online, all it takes anyone is to know the password to your account and all the details can be easily accessed, endangering all the data that had been uploaded. All this brings into question about the safety of the person as the information, if accessed can be misused. Several cases have been registered globally on breach to the data privacy and hence a need for data protection is being sought not just on national level but on international level as well. Privacy Laws in India are not very stringent and are in a budding stage. As can be seen making the entire information available on the server, a serious threat to privacy is imposed. Getting the information available maybe helpful in many ways but what if the information falls into someone’s hand who may be a potential threat to the information. For instance, with regard to the data collected for the purpose of Aadhar, earlier, the authentication was done through use of core biometric data and demographic information, but now as per the New Act of 2016, it can be done only through demographic information for which the terms of use shall be clearly mentioned in the terms and conditions of the server. However, it hasn’t been made clear by either the government or the UIDAI as to precisely what all concerns are being addressed and what methods have been adopted to make sure that the data is secure.


The Supreme Court through its recent judgement has made it very clear that Right to Privacy is a Fundamental Right. This has settled all doubts and confusion in this regard and the verdict may have an impact on Civil liberties, LGBT rights, Data which is being used by financial firms, Internet, choice to convert and the Right to Food.


Welcome to the Future

We have already seen current situation of both Data Privacy and Data ownership and how very unstable they are in the current legal environment. The advancement of technology never stops and thus we are seeing rapid growth in Internet of things and Connected Devices. With the number of connected devices and consumers increasing it is important to keep the legal concepts rigid to protect personal rights.

In the Enterprise world of connected devices the data generated from these devices (sensors) is transferred from one company to another for the proper working purpose of these devices. For example a car that has a smart GPS system shares your location with multiple vendors to get the correct traffic and weather information. Location being one of the most private information for a person is not with one but many organisations, and all due to the connected devices. Now, seeing from the perspective of company, they will always want to increase the features they give to the users, but there needs to be a system a framework that ensures Data Privacy and also recognises the Ownership of the Data.


Another example can be of a smart home where all the different home appliances are connected to each other and share information with each other. This is done between different organizations. If any information leaks about the user, who will be held liable? This is one of the biggest question that comes to our mind.

In India with emerging technologies and Smart cities the Internet of things is being implemented. So, the Government will also be one of the organizations with all the sensitive data received from these devices and thus they need to be proactive in making legal legislations to deal with any discrepancy. In view of this, the Indian government constituted a committee of experts headed by Justice B.N. Srikrishna, former Supreme Court judge to analyse the various aspects relating to data protection in India and to make targeted suggestions for ensuring the growth digital economy along with keeping the personal data of the people protected and secure. The state has realised the necessity of a sound data protection framework


End Notes:-

1.Writ Petition (Civil) no. 494 of 2012

2. Masayoshi Son, Chief executive officer of Japanese telecommunications corporation SoftBank

3. https://www.wired.com/insights/2014/07/data-new-oil-digital-economy/

4. https://insidebigdata.com/2017/02/16/the-exponential-growth-of-data/

5. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/vni-hyperconnectivity-wp.html

6. ibid

7.https://www.britannica.com/topic/ownership





12 views0 comments