Do you realise, you are giving out more than you know by clicking the ‘I Agree’ button?
With the growth of the social media and emergence of advanced data analytics tools, the struggle to maintain personal privacy of citizens is a major concern that has been worrying the governments around the world. There are questions and doubts being raised pointing fingers at the ability of the governments to address this problem effectively. Questions such as, how safe is our personal data in the hands of large Internet companies and governments? Why are the authorities silent on the issue of companies selling peoples’ private data? What are the proposed regulatory frameworks to avoid privacy breaches?, are becoming louder by the day. Citizen’s are entitled to get appropriate answers to these questions, but the governments, by and large, are at a loss of ideas.
To add to this worrisome situation, according to a 9th September 2019 article by the Economic Times, the Indian government has decided to make it mandatory for the big tech giants like Amazon, Google and Facebook to sell the personal data of users that they have aggregated to any company in the country seeking access to it, be it the government or private. This move, ostensibly aimed at creating a level playing ground for business, is cutting right into the heart of all efforts to ensure personal privacy and can create a havoc in the future.
The present scenario in India
Unlike the European Union’s, General Data Protection Regulations (GDPR), India still does not have any laws that protects the personal data of it’s citizens, though there are some tentative moves to address this gap. An amendment was proposed to the ‘Information Technology Act 2000’, according to which, sections 72A & 43A are to be included stating that the right to compensation will be given to a person, if there is a improper or impetuous disclosure of their personal data. As of 2011, though section 43A has been issued, there is still no indication of this being enforced anywhere.
In August 2017, the Supreme court of India recognised that the right to privacy as a fundamental right of Indian citizens. This comes under Article 21 of the Indian Constitution which is meant to protect the personal information/data of the people. In light of this momentous declaration by the judiciary, the government has proposed a draft Personal Data Protection Bill, the draft of which has been under the consideration of the parliament for some time. There is, however, no clarity on when or in what form this will be passed or implemented.
Without any proper legal framework, the people of the country are at the mercy of large companies who can decide what they do with your personal data that they have collected.
How the privacy policy of AyushEHR is leading the way in light of the proposed regulations
The laws that have been proposed by the government of India is soon going to change the landscape of how personal data is exchanged and leveraged by organizations. Right now, it has been speculated that, since the ‘seven super’ companies, hold majority of personal information of people, they will be forced to share the data with other organizations, both government and private, creating an open market and a level playing ground for all organizations to leverage such data for enhancing business.
Though this may seem scary, the government’s approach to health care data seems to be taking a different turn. In it’s defense, steps have been taken to regulate and protect the health care data from breeches and misuse. The proposed Digital Information Security in Healthcare Act (DISHA) and Personal Data Protection Bills include major proposals to provide the patient, the right to allow or refuse the use of their medical information through a managed consent. In this case, the consent of the patient is of utmost priority and will hold true except in situations of emergency for the person concerned.
Though these regulations are still in draft stage, AyushEHR, has taken a conscious decision to keep personal privacy considerations at the core of our design decisions. We sincerely believe in a person’s right to privacy and have adopted the OECD privacy guideline of ‘Privacy by Design’ while building our EHR data repository(EHR.Network). We are currently collaborating with EHRC@IIITB to develop a consent framework for healthcare data, leveraging the work done at MeITY and FHIR and plans to integrate this into AyushEHR once ready.
We at AyushEHR believes in safeguarding the information of the patients on our platform and stand by it with utmost commitment. We are already compliant to the proposed data protections regulations and hence can safely claim to be truly ‘future proof’.