Panel Discussion – Emerging Global Trends in Data Protection and Privacy

The evolving landscape of data privacy and protection took center stage at a riveting panel discussion moderated by Venkatesh Hariharan, a noted advocate for open standards and technology policy. This panel brought together leading voices from the legal, governmental, and policy-making spheres to unravel the complexities of data governance and explore India’s pioneering role in digital public infrastructure (DPI).

Introducing the Panel

The session featured an illustrious lineup:

• Mr. Matthew Chacko, Partner at Spice Root Legal, renowned for his work in technology and data law, shared his pragmatic and tech-savvy insights, influenced by decades of experience.
• Mr. Chanchal Sarkar, Advisor to the Ministry of Finance, Government of India, brought a government perspective, highlighting India’s strides in DPI and its global implications.
• Ms. Nehaa Choudhari, Partner at Ikigai Law, offered a granular view of data protection compliance and policy, drawing from her extensive experience advising organizations of all sizes.
• Mr. Rahul Matthan, Partner at Trilegal and author of The Third Way: India’s Revolutionary Approach to Data Governance, provided a visionary perspective on balancing technological progress with ethical data practices.

Key Themes Explored

1. Consent in the Digital Age: A Double-Edged Sword

Rahul Matthan eloquently critiqued consent as a “get-out-of-jail-free card” in its current form. He illustrated how users blindly agree to dense privacy policies, often without comprehension, leaving their data vulnerable. However, the introduction of frameworks like India’s Account Aggregator system has started to shift this paradigm by distinguishing between collection consent and portability consent, offering users greater control over their data.

Matthew Chacko extended this dialogue by emphasizing the innovative role of consent managers introduced in India’s Data Protection Act. Modeled on the Account Aggregator framework, consent managers can help individuals monitor, modify, and revoke data permissions, potentially serving as global examples for tackling consent fatigue and misuse.

2. The Challenges of Compliance

Nehaa Choudhari delved into the operational hurdles organizations face in implementing data protection norms. Large corporations with existing GDPR compliance frameworks may find it easier to adapt, but smaller entities often struggle with understanding and executing requirements. She underscored the importance of a three-step approach:

1. Mapping Data Flows: Identifying what data is collected and its lifecycle within the organization.
2. Gap Analysis: Understanding discrepancies between current practices and legal obligations.
3. Execution: Implementing robust privacy policies, employee training, and technical safeguards.

3. The Global Influence of India’s Digital Public Infrastructure

Chanchal Sarkar highlighted India’s G20 presidency as a turning point in global recognition of DPI. Concepts like the Account Aggregator and Open Credit Enablement Network (OCEN) have positioned India as a leader in data governance. Post-G20, countries like Brazil and South Africa have shown keen interest in adopting India’s DPI framework, signaling a shift towards indigenous solutions gaining global traction.

4. The Future of Data Fiduciaries

The panel debated the implications of India’s use of the term data fiduciary in its Data Protection Act. While Rahul and Nehaa supported the aspirational ideal of placing consumer interests at the core of data practices, Matthew warned against the practical challenges of enforcing fiduciary duties in a highly data-driven economy. The consensus leaned towards evolving frameworks that balance trust with operational feasibility.

5. Tackling Data Misuse and Spam

With rising concerns about spam calls and data leaks, the panelists emphasized the importance of enforcement under the Data Protection Act. Rahul pointed out that compliance efforts often stall until regulators impose significant penalties. The introduction of strong enforcement mechanisms and technologies like privacy dashboards could help curb misuse and foster accountability.

Conclusion: A Call for Action

The panel concluded with a collective call for stakeholders—businesses, policymakers, and consumers—to proactively engage with data protection frameworks. As India continues to lead global discussions, the need for harmonizing international data laws and embracing technological innovations like multi-party computation and privacy-enhancing technologies remains paramount.

This session offered a fascinating glimpse into how jurisprudence, technology, and policy can converge to shape a more equitable data ecosystem. As India charts its path forward, it stands poised to influence not just national, but global approaches to data governance.

You can listen to the complete session recording here.