What is “Data:” Understanding Legal Constructions of Personal Data

IMGXYZ8416IMGZYX

The collection and use of personal information to provide services has become increasingly ubiquitous, forcing data protection laws around the world to be re-drafted for our modern, data-driven world. Laws and regulations concerning data, however, often have very few explicit statements regarding the “ownership” and control of personal data—despite numerous implicit premises that underline them.

During the Global Technology Summit 2018, Carnegie India hosted Malavika Raghavan, of Dvara Research, to conduct a student workshop on “What Is ‘Data:’ Understanding Legal Constructions of Personal Data.” The workshop focused on understanding the legal conception of data, the definition of data as per the Information Technology Act 2000, data regulation in other jurisdictions, and the draft Personal Data Protection Bill 2018. This workshop was part of a new initiative called KnowledgeTransfer@CarnegieIndia, which aims to provide a platform for genuine exchange of ideas and knowledge among students, practitioners, experts, and other interested audiences. 

DISCUSSION HIGHLIGHTS

• Data Collection: When collecting data, participants stated, it is vital to take into account the analytics that will be run on the data. The discussion highlighted that there is little distinction between data security and data protection, the primary objective in both is protection against the mishandling and wrongful usage of data. Participants also argued that consent received at the time of data collection is not always applicable to the analytics run and insights derived from the data at a later stage.   
• Data as Tangible Property and Intellectual Property (IP): Property, as per the legal concept, should be alienable from the person owning it. If personal data cannot be alienated, then data may not be reasonably classified as property, noted participants. On the one hand, participants questioned the sufficiency of data as property and wondered if someone could be given exclusive use of their fingerprints (thus alienating data from the person), while still using it themselves. On the other hand, participants debated the viability of personal data falling under the scope of IP.  They also noted that IP is a product of an individual’s skill and it is difficult to define personal data as creations of the individual. Additionally, they felt that with IP, one has control over their IP. However, with personal data it can be difficult to assess how and to what extent individuals can determine control. Participants also felt that this logic falls through in situations when companies monetize personal data, which is why if data were IP, a whole new data IP framework would be needed, globally. 
• Data as Moral Rights and Personhood: In India, moral rights imply the right to claim authorship and to preserve the integrity of data. Few participants stated that it is important for individuals to be aware of their moral rights related to data collection, processing, and analysis. Others noted, the lack of a concrete set of fundamental rights with regard to data protection and data privacy. Additionally, the Indian Supreme Court’s recent focus on personhood and protecting privacy through protecting personhood also implies that conceptually personhood rights are similar to fundamental rights. 
• Personal Data Protection Bill: The workshop also discussed the implications of India’s draft data protection bill at length. Some participants believed that the bill is unlikely to be introduced because it makes no explicit statements about data ownership. Others noted, the bill promotes a notice and consent framework and talks of fair and reasonable processing of data. Furthermore, the participants acknowledged that in reality, people only care about who knows what about them, rather than about privacy in abstract, legal terms. Participants concluded that to correctly and fairly regulate data, one must be able to clearly define data and understand the legal constructs of it, before understanding how to manage and protect it. 

This event summary was prepared by Navya Mehrotra, an intern at Carnegie India.