NEW DELHI: The Personal Data Protection Bill of India is a piece of the proposed law that seeks to control how personal data is gathered, used, and kept in India. In spite of being introduced in parliament in 2019, the measure has not yet become a law. The Bill has come in for a lot of criticism as many view it as a vehicle to end data privacy, contrary to what the bill actually aims to achieve.
Some have contended that the bill does not sufficiently safeguard people’s right to privacy. It has drawn flak as the bill fails to address the lack of measures for data portability, which would let people simply move their data from one service provider to another.
Further, the bill’s lack of adequate sanctions for businesses that breach the data protection laws has been criticised. The measure has also drawn criticism for allowing the government an excessive amount of access to people’s private information. The bill’s compatibility with existing Indian data protection laws, such as the Right to Information Act, has also raised some serious concerns.
So, can blockchain provide a solution to mitigate these issues?
Options exist for using blockchain technology as a tool for data protection. For instance, it is possible to develop safe, decentralised systems for managing and storing personal data. This could assist prevent data breaches and unwanted access to personal information by giving people more control over their own data. Blockchain technology may also be used to produce immutable records of data access, making it simple for people to see when and how their data has been utilised. This might contribute to greater responsibility and transparency in the processing of personal data.
I also believe that every blockchain network must have a thorough governance system that complies with the fundamental standards established by data privacy laws. A framework like this would need to be binding on all participants over a blockchain network, outlining all rights, obligations, and duties of parties, as well as a thorough mechanism for communication, security precautions, cross-border data transfer, grievance redressal, and possibly even outlining applicable laws, etc.
Such a self-governance system might also have mechanisms for data protection impact assessments and a privacy by design policy. If data needs to be corrected or updated, it can be done by “forking,” in which case the data is destroyed or changed, the hash is changed, and a new fork is made. Pruning and forking can be difficult over a public blockchain, though, and may call for a significant amount of compute consensus.
A memory optimised and flexible blockchain may be thought of as an effective measure to secure the protection of the right to privacy. It gives Internet of Things customers and service providers the ability to amend their transactions, changing the specifics of data submission.
Without a doubt, node-to-node data integrity verification and cryptographic encryption are two aspects of the blockchain that best address privacy concerns. The network’s non-hierarchical structure and transaction immutability, however, make it challenging to integrate blockchain technology with the nation’s present data privacy rules. There aren’t any perfect answers or magical cures. However, there are several solutions and a big opportunity for creativity. Maybe a sandbox is what we need next. Regulators, the ball is in your court!