“Technology innovation is not going to slow down. The work to manage it needs to speed up” ― Brad Smith[1]
It may sound cliché, but hardly any segment of our lives is now untouched by technology – and we use it in how we work, communicate, and even think. Whether it is the internet that links individuals from different continents or Artificial intelligence that revolutionizes every undertaking, technology is around us. However, this has been an incredible growth that has had many notable consequences. Subtract how frequently one hears of data leaks, cyber-incursions, or using personal data for unwanted purposes.
As much as we acknowledge that technology can be valuable, it can become vices, virtues, and adversities if not properly harnessed. This is where technology law comes in. Technology law is the legal practice guideline specifically focused on shaping how innovation can be harnessed correctly.
From the perspective of information security, it ranges from protecting personal data in computers to guaranteeing that authors of particular work receive due credit and the entire security issue at the cyber level[2]. These laws ensure that while we incorporate ourselves in the new world of technology and the internet, we do not forget basic fundamental rights, privacy or security[3].
Technology law in the Indian context
India has been one of the most promising markets for technological advancement because people in India have embraced this Digital age at an alarming rate. Whether for banking needs, business purchases or social networking, technology is becoming the dominating factor for people worldwide.
However, this rapid digital transformation presents enormous problems, especially with regard to the rules on the use of technology. India has been far from ready to address new technologies in terms of legal framework and for many years now, the laws enacted seem to have been always reactive rather than proactive[iv].
One of the critical issues in India is the need for more awareness of technology law. A large portion of the population is unfamiliar with their rights regarding data privacy and security, and this gap is highlighted by a study showing that many Indian internet users remain unaware of basic privacy practices, such as how their data is collected, shared, or sold by companies.[v] People need this understanding to avoid having their identity stolen or data misused by this financially globalized world[vi].
Absence of comprehensive legislation
There has been a limited legislative framework that addresses complex issues, such as those related to technology. Though India enacted the Information Technology Act of 2000, the primary law transcending a digital legal structure, it is considered archaic[vii]. While the Act has provisions for covering areas such as cybercrime and electronic contracts, it is, however, unsuitable for accommodating modern technologies such as artificial intelligence, blockchain and cloud computing.[viii] This lack of regulation indicates that most organizations involved in these industries do so in legally ambiguous territories[ix]. One of the prominent examples of the lack of such regulation is the prolonged discussion of the matter in connection with data protection.
With the recent emergence of the Digital Personal Data Protection (DPDP) Act, the country has taken a significant step towards responding to the existing void in the data protection legislation[x]. Even though the Act has a very liberal face, it raises several critical questions regarding its scope and functioning[xi]. The DPDP Act provides legal means to safeguard people’s data and sets obligations on everyone who processes personal data. It effectively defines present principles of consent[xii] and minimization of data collected[xiii] and ensures more accountability to the Indian citizens regarding their data collection.
At first, this is a perfect antidote to address the issues arising from India’s digital revolution. The core challenge for India’s technology law, including the DPDP Act, is finding the right balance between regulation and innovation. However, the fear of over-regulation is that growth may be constrained, especially since many technology firms in India are now developing unique solutions in fields such as artificial intelligence, fintech and e-commerce[xiv]. However, at the same time, such formalization does not sufficiently protect citizens from a globalized world that gradually becomes dependent on data.
Lessons from abroad
International judgments are a wealth of knowledge of how other countries manage the challenges of technology law. One landmark case is the Google Spain v. AEPD and Mario Costeja González (2014) case, often referred to as the “Right to Be Forgotten” case where the Court of Justice of the European Union ruled in favour of an individual’s right to request the removal of outdated or irrelevant personal information from search engines.[xv] This decision symbolizes one of the central paradoxes of the modern technological environment and human rights. It also underlines the necessity of similar measures in India, as, people have no way to prevent the use and sharing of their personal data on the internet as of now.
Conclusion
India is seen as having an auspicious future regarding technology, but at the same time, the future must be guided. Indeed, the development of fintech, e-commerce and AI[xvi] necessitates further development of the technology law. Right now, India is in a position where it can set an example for the entire world and build a more humane, equitable and fair digital environment. This will only be possible if technology laws are written to provide rather than shield – to make technology work for humanity, not the other way around. In this age of fast and virtually Suraddress the issues of the future.[xvii] We can only hope to say that we are constructing a world in which technology assists in making lives better and not vice versa[xviii]. Thus, India must now build its technological advancement from this regulation lens.
[1] Brad Smith. Tools and Weapons: The Promise and the Peril of the Digital Age. (Published in 2019) Penguin Books.
[2] Mishra, Alok, et al. “Cybersecurity enterprises policies: A comparative study.” Sensors 22.2 (2022): 538.
[3] Id.
[iv] Danielle M. Law et all, Are Cyberbullies really bullies? An investigation of reactive and proactive online aggression (2012), Computers in Human Behavior, https://doi.org/10.1016/j.chb.2011.11.013, last visited on 13th October, 2024.
[v] Solanki, M. (2022). Awareness of Privacy and Security Concerns Using Electronic Devices: An Empirical Study. Issue 5 Int’l JL Mgmt. & Human., 5, 1038.
[vi] Romansky, R., & Noninska, I. (2015). Globalization and digital privacy. Electrotechnika & Electronica (E+ E), 50(11/12), 36-41.
[vii] Supra Note 2.
[viii] The Hindu, Significant work done, draft Digital India Act framework by early 2023: MoS IT, (2022) https://www.thehindu.com/business/Economy/significant-work-done-draft-digital-india-act-framework-by-early-2023-mos-it/article66103357.ece, last visited on 13th October, 2024.
[ix] Supra Note 4.
[x] Supra Note 6.
[xi] Hashmi, M. O., & Ahmad, A. (2022). Data Protection Bill: A Comparative Study of the Indian Data Privacy Dilemma. Jus Corpus LJ, 3, 504.
[xii] See section 2(d) of the Digital Personal Data Protection Act, 2023. “Certain legitimate uses” means the uses referred to in section 7.
[xiii] Section 6 of the Digital Personal Data Protection Act, 2023.
[xiv] Supra Note 10.
[xv] Google Spain SL and Google Inc. vs. Agencia Española de Protección de Datos (AEPD) and Mario Costeja Gonsalez, ECLI:EU:C:2014:317.
[xvi] Supra Note 8.
[xvii] Supra Note 4.
[xviii] Supra Note 1.
Author: Ronaldo Das, pursuing LL.M. in IPR from the West Bengal National University of Juridical Science.