Organizations desire to adopt best practices around data which are aligned with the risk management approaches they have in place. With increasing complexity around privacy and data security, it is necessary to gain deep understanding of the strategic directions adopted at some of leading organizations in India. With this intent, the Privacy Mode Fellowship programme was put together to work with practitioners who document easily adopted practices that are flexible and are based on well understood design principles. The Best Practices Guides provides a quick introduction to some of the topics which receive a lot of attention.
The Privacy Mode Fellowship programme considered the following themes while publishing the Call for Submissions:
- Data protection/security practices.
- Consent frameworks tied to purpose use limitations.
- Data rights.
- Encryption practices.
- Ankita Roychoudhury and Yashodhara Shukla , Frappe Technologies Private Ltd.
- Pratyush Pullela, Doosra, Ten20 Infomedia Pvt. Ltd.
- Rohan Verma, Zerodha Broking Ltd.
- Sathish KS, Zeotap
The following abstracts provide an insight into the topics covered by them. The abstracts are linked to the complete reports:
- Frappe: GDPR Compliance for ERP
- Doosra: Protecting your mobile number
- Zerodha: Data protection, security and privacy practices
- Zeotap: Privacy in Data as a Service (DaaS) business
- Anwesha Sen - Programme Coordinator
- S Kannan - Technical Writer
- Anish T P - Illustrations
- Stephanie Browne - Product Support
- David Timethy - Administration
1. [Uzma Barlaskar](https://www.linkedin.com/in/uzmabarlaskar/), Head of privacy and growth at WhatsApp. 2. [Anand Venkatanarayanan](https://twitter.com/iam_anandv), Independent cybersecurity researcher. 3. [Sankarshan Mukhopadhyay](https://www.linkedin.com/in/sankarshan/), Editor at Privacy Mode.
View acceptance criteria for the fellowship program 👉 here
Statement of Purpose
I’ve often found myself going to Ray Kurzweil’s words from “Singularity is Near”, where he talks about epochs. We are at the edge of epoch 5, where humans and machines are uniquely poised in an interdisciplinary collaboration. In today’s corollary, data is more valuable than oil. Machines are used to harvest and mine data, which in turn is used to determine the policies that govern us. This ranges from triage situations in hospitals and credit risk checks for loans, to determining prison sentences and bails for convicts.
While the plethora of work being done with data is astounding, it falls differently in Indian context. Global population, and the vastly unequal distribution of resources mean that normative, first-world utilisation of data needs to be altered. We need applications that can optimise resource distribution, aid an overworked judiciary, improve access to healthcare in the remotest of villages, and improve literacy. One aspect that often gets ignored in innovation narratives is that we need these applications to preserve citizens’ privacy, while maintaining their integrity and robustness.
To this end, I believe the key is concurrent discourse about data ethics while we continue building the digital infrastructure. Introduction of Personal and Non-Personal Data Protection bills is a welcome step, but when it comes to the masses, this is still a foreign concept. Ideas of privacy, transparency, accountability etc. are rarely included in a typical software development lifecycle. Academia mentions this but it falls short of practical implementation. At times, lack of clarity on how to operationalise these concepts is also a hurdle.
I want to bridge this gap between ideation and practice by creating a roadmap of recommendations. This can be accomplished as a simple checklist or a more detailed list of “things to do” that can be consulted while requirement gathering, and cross-checked against during deployment and testing. Apart from this, documentation and educative literature, both technical and for general public, can be done to bring the idea of ethical data practices to the forefront.
I plan to follow a multistep approach to do this. A systematic literature review to analyse current practices will be followed by interactions with various industry practitioners and stakeholders who are privy to various steps in creation of digital infrastructure. Once the common industry practices have been pinpointed, I want to identify the gaps where ethical principles of Transparency, Accountability, Robustness and Fairness ought to be considered. This will include steps on what to do, how to do and when to do. Once this is done, the stakeholders will be consulted again to discuss feasibility of these recommendations. A collaborative effort can ease theoretical concepts into practice.
My aim is to work towards creating a culture that values and considers data ethics while we navigate the 5th epoch. Gradual, dedicated steps like this are the only means of ensuring that we move towards an ethical, digitally equitable world.