Citizen’s data protection – Is California state, the way to go?

Recently, the state of California in the United States of America made an interesting change to its data privacy laws, with respect to how consumer data is used by a host of government and non government agencies. The act became a law with effect from 1^st Jan 2020. The law is seen widely as California’s own version of GDPR.

Can you imagine an Indian version of CCPA?

The acts is called the California Consumer privacy act (CCPA). This law needs compliance from every company or institution in the state of California, and there are seemingly punitive clauses for those who fail to adhere to the regulation. The law allows citizens of the state to opt out from any of their personal data being used for whatever purpose.

Its akin to someone in India, telling that their data in Aadhar must be locked, and not be used by anyone at all. 

The act is intended to provide California residents with the right to: Know what data is being is being collected about them;  Know whether their personal data is sold or disclosed and to whom. Say no to the sale of personal data. Access their personal data. Request a business to delete any personal information about a consumer collected from that consumer. Not be discriminated against for exercising their privacy rights. 

The highlight of the act is the importance that the data collected by the establishment and companies from citizens is assigned, with respect to how the data must be treated with sanctity.

Companies that become victims of data theft or other data security breaches can be ordered in civil class action lawsuits to pay statutory damages between $100 to $750 per California resident and incident, or actual damages, whichever is greater. If there are un-intended violations by the companies, a fine of $7500 is levied, and when intended, the fine is down to $2500.

This supposedly revolutionary law on data protection has just come into effect, and the coming weeks and months will show how it is being followed in letter and spirit by the corporates in the California State. There is almost no decent sized company that will be untouched by the protection law, and hence, it is seen as a test case as to how data protection and privacy laws can evolve across the other states and eventually, the rest of the world!

What would you think does it take for such a law to be brought about in  India? 

Is it really possible, given that ours is one country where citizen data is widely seen to be the most misused, not just by the private corporates, but even by the state and central governments?

(Given that a lot is being done now, to regulate legal citizenship in this country, and with the possible ushering in of a National Population Register (NPR), shouldn't privacy of citizens be a priority for all of us??) 

CAA and opinion making failure?

Protests all across? Would explaining have helped??

Anti CAA protests are the order of the day, across the country, and these protests continue to be 'sustained in isolated pockets across - the focal points of the action being campuses, and specific constituencies wherein, people from a particular religion dominate in parts of that geography.

There is a clear pattern to these protests - the chunk of these seem to be fanned, with fear and baseless rumors as the foundation, that provokes people into action in the target protest geography.

Now to the question - did the center, and also the ruling party fail in communicating the essence of the "Citizens amendment act" to people at large, and more so, to the population that thinks it is vulnerable in the face of such a legislation.

On the face of it, it does appear that the central government, thanks to the huge mandate it won in 2019, when it rode back to power, went roughshod on pushing the bill in both houses of the parliament, and then, on passing it, making it a law swiftly, with the necessary presidential assent. For any commoner, that is how it looks like, and makes one think that better communication and proactive messaging etc, could have saved the wrath of these protests.

But, if you again look at the nature of these protests, and how these are being managed in pockets of student influence  and the preponderance of a said religious population, no amount of planning, and communication by the establishment would have avoided such a situation.

In any case, the campaign base of these protests is to cash in on the insecurities of the Muslim population, and make them feel vulnerable by such a law that has been pushed by the government. Those who use the said religion and its people for gross political gains, will any case fan the issue, and distort reality, and use the volatility for short term political or electoral gains.

With this being the ground reality, any amount of planning, or opinion making by the government or the ruling party, would have been of no avail, given the nature and the genesis of many such instances in the country.

May be, that's the reason the government, and its leadership, decided to pass the act, make it a law, and then face the aftermath, treating it as a law and order problem.

Do you feel that things would have been different if there was a huge PR exercise by the government in communicating the decision to bring in CAA, with attempts to convince the stakeholders?? Somehow, it does not look like things would have been any different by a splash of PR and opinion making in this issue.

(initially, I thought why did the government so miserably fail in communicating the issue to the target audience; then, on second thoughts, felt it would have not made an iota of difference to the trouble makers and their agenda!!)