Big data protection, A global phenomenon.

Project submitted for Public International Law

Submitted to:

Dr. Mohammad Atif Khan

(Assistant Professor)
Hidayatullah National Law University, Raipur

Submitted by:

Anshu Sharma
(Roll No.22, Section-A)

Date of Submission – 05/03/2020

Hidayatullah National Law University, Nava Raipur,

Atal Nagar, Raipur (C.G.)

Page | 1
 CERTIFICATE OF ORIGINALITY
I, Anshu Sharma hereby declare that, the project work entitled, ‘Big data protection, A global
phenomenon. submitted to H.N.L.U., Raipur is an original work done by me under the guidance

of Dr. Mohammad Atif Khan, Faculty Member, H.N.L.U. Raipur.

Anshu Sharma
B.A.LL.B (Hons.)
Semester –IV

Page | 2
 ACKNOWLEDGEMENTS

This project is the outcome of the guidance and support of some people who if I don’t
acknowledge, I’ll be committing a sin. Firstly, I would like to thank the almighty without
whose blessings, this project could not have been completed.

I convey my heartfelt thanks to Dr. Mohammad Atif Khan whose constant encouragement
and being readily available to clear any doubts regarding the subject matter, showed me the
right direction to go ahead in. I would like to thank the librarian and other staff for providing
me the required sources and materials without which this project would have been just a
dream.

I would like to acknowledge my seniors and friends for their enthusiasm and belief in us
which encouraged us to strive forward. Lastly, I thank my parents without whose constant
support and being by our side by thick and thin, this project could not have been completed.

Page | 3
 CONTENTS

Acknowledgements .................................................................................................................... 3
Contents ..................................................................................................................................... 4
Introduction And Research Methodology ............................................................................. 5
1.1 Introduction ........................................................................................................................ 5
1.2 Research Objective ............................................................................................................ 6
1.3 Literature Review .............................................................................................................. 7
1.4 Research Methodology and Source of Data..................................................................... 8
1.5 Hypothesis........................................................................................................................... 8
1.6 Research Questions ............................................................................................................ 8
1.7 Mode of Citation ................................................................................................................ 8
1.9 Scope and Limitation ......................................................................................................... 8
Big data an Observant… ........................................................................................................ 9
What is Big Data? .................................................................................................................. 10
Where does Big Data come from? ....................................................................................... 10
International Laws on Data Protection............................................................................... 12

Datata Protection laws in India… ........................................................................................ 14

Conclusion and Suggestion.................................................................................................... 16

Bibliography ........................................................................................................................... 18

Page | 4
 INTRODUCTION

When we take a moment and mentally scan the data which our phones, laptops or any digital
device consists of, our photos, credit card/ debit card details, our personal messages, every
password of the social media accounts; everything is traceable, which welcomes us to the world
of Big Data.1

Even if an email is deleted just after reading it, doesn’t necessarily erase the content, there’s a
copy of it somewhere. “For example, we use Gmail, a copy of every e-mail sent and received
through our Gmail account is retained on various servers worldwide. Any e-mail sent can also
be inspected, at any time, by the hosting company. This might be done with a name to filter out
malware, but in actuality the third parties can access our e-mails for other, more sinister and
self-serving, reasons.”2 The surveillance over the data of an individual maybe done to provide
safety to the state but also brings privacy concern.

Increasingly, an ever-wider range of economic, political and social activities are moving online,
encompassing various ICTs that are having a transformational impact on the way business is
conducted, and the way people interact among themselves, as well as with government,
enterprises and other stakeholders. This new landscape gives rise to new business models and
a wider scope for innovation. At the same time, it facilitates undesirable activities online,
including cybercrime.3

In order to elaborate the emergence of Big Data and laws protecting it, this Project has been
divided into three parts in which the first one talks about what is big data and how does it keep
a watchful eye over the individuals and the second part deals with the emergence of big data.
The third part deals with the author has dealt with Laws which are present internationally to
protect the to and fro of the data and the position of India is discussed briefly and in the end
the project has been concluded with certain suggestions.

1 Kevin Mitnick, The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the
Age of Big Brother and Big Data, 54,55 (2017)
2 ibid
3
United Nations, Data protection regulations and international data flows: Implications for trade and
development, New York and Geneva, 2016

Page | 5
 RESEARCH OBJECTIVE

The objective of this project can be classified into two parts –

1. General Objective –

To gain knowledge about Big Data.

2. Specific Objective –

To study about International Laws dealing with protection of Data

Page | 6
 LITERATURE REVIEW
Christopher Kuner, Transborder Data Flows and Data Privacy Law

This book dealt with history, policies, and future of trans-border data flow regulation in the
data protection and privacy regulation of over seventy countries and international organizations
worldwide. It traces the history of regulation in different regions, beginning with the earliest
European laws in the 1970s, through to leading regional and international instruments of the
EU, OECD, Council of Europe, APEC, and other bodies.

The legal basis of transborder data flow regulation under EU law, fundamental rights law, and
EU law is discussed in light of the challenges posed by the Internet (including phenomena such
as cloud computing and online social networks which has been inculcated in this project.

Page | 7
 RESEARCH METHODOLOGY AND SOURCE OF DATA

The following assignment complies with a purely doctrinal and analytical method of research
and constitutes consultation with secondary sources(websites, journals, articles, statutes of
respective countries and regions) . The research is facilitated by using various statistics and
collection of data in order to understand the trends that have been established. This helped the
researchers in coming up with the required suggestions. The research is descriptive in nature
and also follows an analytical approach. This is just an attempt to review the existing format
and establishing a correlation with the subjective format. The citation format Bluebook 20th
Edition will be adopted

HYPOTHESIS
The continuously developing nations and technology are not being utilized properly and the
privacy of the individuals is infringed by the data collectors.

RESEARCH QUESTION
Is International Law developing in the field of Data protection and controls the usage od
sensitive data of Individuals?

MODE OF CITATION
The mode of citation used in this work is 20th Bluebook Edition.

SCOPE AND LIMITATION

Due to the vastness of this enormous International Law, the scope of this work is restricted to
International also I was time bound due to the submission date.

Page | 8
 BIG DATA, AN OBSERVANT

We are being observed. Watched. Supervised. Surveilled. At every instance in our life, when
we wake up, check our phone, switch the apps in our phone, drive to the grocery shop, go to
work, smoke a cigarette, visit a psychiatrist, magazines we prefer to read. The observant knows
it all, it’s because of the data we leave behind. This is possible because of the technology of
Big data, where every tap we make on our devices it is being tracked which allows the
companies to have more accurate data about the preferences of their users and gives them an
idea of what could be demanded by the consumers in the future, these future calculations can
be done by the help of algorithms and data analysis. The phone we use, apps we prefer to shop,
what is our dress size, which car we drive, where do we stop by to get petrol, what is our
preferred cereal, what is your financial status everything can be traced by the help of the data
which is provided by us.

By trailing the cookies on the user’s device a large amount of data can be collected, by
scrutinizing the likes and dislikes of the user on a social media platform the analysts can figure
out the preference of the consumers, their favored apparel, their political views and the
creepiness level can reach to figuring out their private details.

Big Data is like the new currency in today’s world, in olden days only our family or friends
knew us well but in today’s technological world it is easier to hide things from them but not
from these watchers, the presence is very evident and difficult to hide as every search we do
online leaves a trace, every online purchase we do gives a detail about our fashion sense with
the help of which these companies, which buy the data from the data collectors give suggestions
to the purchaser to buy further more goods and enhance their business; the amount spent on
shopping and other activities shows our financial status, which store do we prefer to buy daily
goods can be found out from the place where we often swipe our credit or debit card. Currently
the companies involved in profit making are using big data, but the law implementers are also
interested in it.

Page | 9
 WHAT IS BIG DATA?
‘Big Data’ is the new science of understanding and predicting human behavior by studying
large volumes of unstructured data. Big data is also known as 'predictive analytics’4. Or in other
terms it can be referred to as collection of the data in a huge quantity which can be transmitted
via the electrical signals and recorded on magnetic or mechanical devices, it is those data’s
which can be analyzed using statics to show certain patterns, trends, consumer preferences, it
basically benefits the producers when it comes to production in mass quantities or keeping a
note of the human behavior or what the consumer demands for and helps them streamline their
manufacturing.

WHERE DOES THE BIG DATA COME FROM?

It’s we who provide the data. We are the small building block of this huge digital world.

There are various social media platforms such as Facebook, Twitter, Instagram where people can
connect to their friends and family by entering certain information about them.

The Big data storage can be of two types which is Structured and Unstructured, where Structured data
refers to those data which can fall into relational tables and unstructured data refers to those data’s
which do not fit into relational tables. Various social media platforms use the unstructured form of data
collection which is mutated into some structure to derive certain pattern. These patterns can further
influence the functioning in numerous ways by keeping the surveillance over the data collected, where
surveillance refers to observation over the data, such an observation can lead to impacting different
sections of the society. Companies like Facebook, who have access to personalized data of around 360
million people being the active users of the application. Facebook can keep a trail of the other sites that
the user is surfing along with using Facebook which means it can track its user’s cookies, Facebook
also has a feature of analyzing the likes through which they can anticipate various personal traits of an
individual and then display suggestions on the home screen of the user depending upon the user’s
likings. With features like ‘Geotagging’ and ‘facial recognition’ disclose information about your exact
location, the date, the particular time and even the group of people you’re hanging out with, how ironical
it is that you can hide all of this information from your mother but can’t conceal it from the observer.
LinkedIn is another site which gives information about what you do, what are your achievements and
help you connect to people on professional basis. The governmental scheme which entails provision of
UIDs (Unique Identifications) where the individuals (specifically Indian citizen) are given a 12 digit
number which could be used in personal identification of the citizens. This collection of data by the

4
Paul Gil, What Exactly is Big Data, (Aug. 2, 2019, 3:12 AM), https://www.lifewire.com/what-exactly-is-big-
data-4051020

Page |
10
Government of India is the world’s biggest biometric and demographic database and is an example of
Big data. It is unique and robust enough to eliminate duplicates and fake identities and may be used as
a basis/primary identifier to roll out several Government welfare schemes and programmes for effective
service delivery thereby promoting transparency and good governance. This is the only program of its
kind globally, wherein a state-of-the-art digital and online ID is being provided free of cost at such a
large scale to people, and has the potential to change the way service delivery functions in the country.
Aadhaar number is devoid of any intelligence and does not profile people based on caste, religion,
income, health and geography.5

The presence of Big Data comes with certain shortcomings by providing data to the data collectors the
personal details and information of an individual renders to be at stake, there are other risks of Big Data
which is known known as the '5Vs' of big data - Volume, Variability, Velocity, Veracity, and Value.
Where Volume - The tremendous data produced daily on various platforms is the Volume of the Data,
Variability - The data produced is diverse in nature. Velocity- The speed at which the data is expanding.
Veracity- Is the quality or reliability of the data. Value- There is abundance of data but it will be of no
value unless the data reaped can be monetized.

5
Unique Identification Authority of India, Government of India, (Aug. 3, 2019, 2:30 PM),
https://uidai.gov.in/what-is-aadhaar.html

Page |
11
 INTERNATIONAL DATA PROTECTION LAWS
OECD Guidelines on the Protection of Privacy and Trans border Flows of Personal Data, which
were published in 1980, can initially be mentioned among these international instruments. Even
if the OECD document has not a binding force, its fundamental principles are regarded as
guiding rules for the countries in which the field of data protection was not specifically
regulated. In January 2012, the European Commission published a proposal to
comprehensively reform the European data protection legal regime. This consisted of a
Regulation that covered general data processing (known as the GDPR - the General Data
Protection Regulation), and a brand new Directive for the police and justice sector (known as
the Law Enforcement Directive).

The Council of Europe, established in 1949, is an intergovernmental institution focusing on

human rights, democracy and the rule of law. In this context, the Council adopted the
Convention for the Protection of Human Rights and Fundamental Freedoms (European
Convention on Human Rights (ECHR)) in 1950.

The Court highlighted in M.S./Sweden Case6 that protection of personal data “is of
fundamental importance to a person’s enjoyment of his or her right to respect for private and
family life as guaranteed by Article 8 of the Convention

The European standards on data protection have been strengthened and extended through the
generous interpretation of the jurisprudence of the Court and they wanted to reach at the level
of adopting the International Obligatory Rules which would serve as a model for national data
protection legislations.

The Convention for the Protection of Individuals with regard to Automatic Processing of
Personal Data (briefly, the CoE Convention No. 108) was accordingly issued in 1981.

Since 2012, a new legislative framework (so-called General Data Protection Regulation
(GDPR)) has been worked on to reinforce the standards of data protection in EU and to update
the provisions of the EU General Directive. At the end of December 2015, an agreement on

6 (20837/92), 27.08.1997

Page |
12
this new framework was reached between the European Parliament, the Council and the
Commission of the EU. In April 2016, the last version of the GDPR was respectively approved
by the Council of the European Union and the European Parliament

Furthermore, the importance of the right to data protection has been once again reiterated by
Article 8 of the Charter of Fundamental Rights of the European Union in which a duty is
imposed on the Member States to fully respect this right. As the Charter has become legally
binding since 2009, the acceptance of data protection as a fundamental citizen right in
Europe has been established.

Page |
13
 DATA PROTECTION LAWS IN INDIA
The European Union’s (EU’s) General Data Protection Regulation (GDPR) took effect in May
2018, harmonizing data protection and privacy requirements across the EU.7
Many other countries have either implemented data protection requirements or are in the
process of considering them. In the United States, for example, Senator Elizabeth Warren has
proposed a bill to expand criminal liability for the executives of companies that suffer data
breaches.8

India, too, is taking steps to enact a data protection framework modeled along the lines of the
GDPR. In July 2017, the government of India appointed a Committee of Experts on a Data
Protection Framework for India, or Data Protection Committee (DPC), under the chairmanship
of Justice B.N. Srikrishna, to study issues related to data protection in India.9

While the EU has recognized a right to the protection of personal data for a while now (under
the Treaty on the Functioning of the European Union), India still does not have a cross-sectoral
law on data protection. The Information Technology Act of 2000 primarily governs issues such
as cyber crime and the liability of internet intermediaries, such as social media platforms,
though it does possess some requirements regarding the protection of personal data.10 For
example, section 43A of the act provides compensation for damages caused by a failure to
maintain reasonable security practices to protect sensitive personal data.

7 European Commission, “2018 Reform of EU Data Protection Rules,” Text, European Commission, accessed
March 7, 2019, https://ec.europa.eu/commission/priorities/ justice-and-fundamental-rights/data-protection/2018-
reform-eu-data-protection-rules_en.
8
Tamara Evdokimova, “New Bill From Elizabeth Warren Proposes Potential Jail Time for CEOs for Massive
Consumer Data Breaches,” Slate Magazine, April 5, 2019, https://slate.com/technology/2019/04/elizabeth-
warren-equifax-cambridge-analytica-regulation-data-privacy. html.
9
Committee of Experts under the Chairmanship of Justice B N Srikrishna, “Report of the Committee of Experts
under the Chairmanship of Justice B N Srikrishna,” Committee Report (India: Ministry of Electronics &
Information Technology, Government of India, July 27, 2018), https://
meity.gov.in/writereaddata/files/Data_Protection_Committee_Report-comp.pdf

10
Committee of Experts under the Chairmanship of Justice B N Srikrishna, “Draft Personal Data Protection
Bill, 2018,” July 27, 2018, https://www.thehinducentre.com/resources/
article24561526.ece/binary/Personal_Data_Protection_ Bill,2018_0.

Page |
14
Data protection and confidentiality requirements, however, are regulated only by a patchwork
of sector-specific regulatory requirements. In August 2017, the Indian Supreme Court declared
the right to privacy to be a part of the fundamental right to life under Article 21 of the Indian
Constitution.11 It held informational privacy to be a subset of this right to privacy, and noted
that privacy includes the right to protect individual identity.12

11
“The Information Technology Act, 2000,” Government of India, June 9, 2000,
https://meity.gov.in/writereaddata/files/The%20Information%20Technology%20
Act%2C%202000%283%29.pdf.
12

Page |
15
 CONCLUSION

Personal data is defined as any information relating to an identified or identifiable natural

person. By means of personal data, it is possible to obtain a detailed portrait about an individual
to whom personal data relate. Taking account of the rising amount of data processing in the
modern world, personal data become more vulnerable to attacks from third parties. The
challenges encountered with regard to data protection have been discussed and handled very
delicately in international law for a long time.

Big Data and a lack of headway regarding ‘right to privacy’ have created desperate need
to develop a regulatory framework for data protection by the government. While setting
out such regulatory framework, the government should keep in mind certain aspects.
The right of data providers to access their data at any point of time, the right to transfer
data to a different service provider, the right to have data erased, obligation of data
collectors to keep the data secure and reasonable means for data providers to exercise
their rights. Keeping the EU data protection law as a standard, our country should draft
the framework. EU data protection law provides strict accountability obligations upon
businesses concerned with data processing, yet, the law provides smoother flow data
across data exchange channels. The government should remove all the unnecessary laws
which are of no use in the protection of data. Stricter laws should come into force for
misuse of data. The government should make this framework fluid enough to keep pace
with the evolving technology. Not only these laws should be limited within country, but
also across the borders. The big data analytics companies and organisation should be
checked regularly so that misuse can be prevented. The problems faced by the
population of our country are not miniscule. It is a serious issue which needs to be
looked upon right now. With the amount of data increasing every day, the risk of data
being misused is at peak. As the data the is increasing the ways to process this data is
also evolving. Keeping in check all these needs is a task for government but it can be
done with proper strategy and learning from the past mistakes. Transparency should be
maintained between the government and the citizens; the citizens have the right to know
about how their information is being used by the government even if it’s for the
betterment of the society and public at large. This nation is known for being the largest
democracy, so to continue being a democracy at the ground level, the government

Page |
16
should take quality judgements. The judiciary of India is also responsible for this task,
as the issues are raised at the court, the judges are responsible for interpretation of the
law correctly and to provide justice to the citizens. To take surveillance, law and
democracy hand in hand, the government needs to make concrete laws which keeps the
data in a systematic format and also secured as the misuse cannot happen without
insiders being involved in the distribution of the data to the wrong hands. To keep data
usage in check, both the data collectors and processors should be forced to keep
transparency and traceability. The goal here is to keep a purposive limitation on data
processing and evolve with technology as it comes.

Page |
17
 BIBLIOGRAPHY

• Kevin Mitnick, The Art of Invisibility: The World's Most Famous Hacker Teaches You
How to Be Safe in the Age of Big Brother and Big Data, 54,55 (2017)
• United Nations, Data protection regulations and international data flows: Implications
for trade and development, New York and Geneva,
• Paul Gil, What Exactly is Big Data, (Aug. 2, 2019, 3:12 AM),
https://www.lifewire.com/what-exactly-is-big-data-4051020
• European Commission, “2018 Reform of EU Data Protection Rules,” Text, European
Commission, accessed March 7, 2019, https://ec.europa.eu/commission/priorities/
justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-
rules_en.
• Tamara Evdokimova, “New Bill From Elizabeth Warren Proposes Potential Jail Time
for CEOs for Massive Consumer Data Breaches,” Slate Magazine, April 5, 2019,
https://slate.com/technology/2019/04/elizabeth-warren-equifax-cambridge-analytica-
regulation-data-privacy. html.

• Committee of Experts under the Chairmanship of Justice B N Srikrishna, “Report of

the Committee of Experts under the Chairmanship of Justice B N Srikrishna,”
Committee Report (India: Ministry of Electronics & Information Technology,
Government of India, July 27,2018

• Committee of Experts under the Chairmanship of Justice B N Srikrishna, “Draft

Personal Data Protection Bill, 2018,” July 27, 2018

Page |
18