wordpress blog stats
Connect with us

Hi, what are you looking for?

The chasm between passing a data protection law vs actually implementing it – #PrivacyNama2021

An online discussion meant to bring global perspectives on privacy legislation revealed the time it takes to get the ball rolling.

While the Indian government has been sitting on the Personal Data Protection (PDP) Bill for two years now, the passing of this bill, whenever that happens, will only be the beginning of a long road ahead if we are to go by the examples of other countries that recently passed data protection laws.

Speaking at PrivacyNama 2021, a global conference on privacy regulations held by MediaNama on October 6 and 7, Alison Gillwald, Executive Director of Research ICT Africa, Luca Belli, head of the CyberBRICS Project, and Teki Akutteh Falconer, former executive director of the Data Protection Commission of Ghana, shared their experiences working on data protection legislation in South Africa, Brazil, Ghana, and all three were in consensus about the chasm between passing the laws and actually implementing them.

South Africa’s POPIA — close to a decade in the making

In South Africa, there’s the Protection of Personal Information Act (POPIA) which came into force last year. “We’ve had POPIA for several years now. It was operationalised in a very basic way that allowed for the establishment of the information regulator, but various other aspects of the law really only became operational this year. So, close to a decade that it’s taken for this law to become operational,” Gillwald said.

“We have a history of developing policy in line and in time with international leaders in this area, but then the actual implementation on the ground is not always quite as intended, the adoption is not there. Very often the institutions,  although they exist in law are not established, or they’re established without the necessary institutional capacity and the institutional autonomy that they require to perform functions in a way that protects individuals, both from state surveillance, illegitimate state surveillance, and private surveillance as well,” Gillwald explained.

Gillwald attributed the reason for delay largely to the lobbying and the influence of the private sectors who argued that it is onerous for them to comply.

But on a brighter note, she added: “I think what’s important about these developments is that over the last few years, in a sense, Africa’s lag in getting to some of this has also made it a bit of a leader in some ways.” We’ve got the South Africans now looking at a data policy that is broader than just data protection. And we are also working with the African Union on a data policy framework that has gone through our member state validation process, Gillwald said.


Support MediaNama’s endeavor to enable meaningful conversations around technology policy. Subscribe here.


Brazil — dragging its feet for two years

“Brazil has been dragging its feet for two years,” Luca Belli said. On paper, Brazil had a law and a nice authority like Europe, but in practice, it was far from this, Belli remarked, referring to the General Law for the Protection of Personal Data (Law 13.709), which was sanctioned in 2018 and came into force in August 2021.

A key concern Belli pointed out is that the data protection authority in Brazil is severely under-resourced, not just financial but intellectual resources as well. You need to have very well-trained lawyers and data scientists and this costs money because if you don’t pay well, these people will go to work for Google and Facebook, Belli explained. 

If you want the regulation to work, you have to invest in it, and then it works well, if you’re not ready to invest in it, it’s really useless. — Belli

It’s very difficult to have consensus on a strong, solid law, but there are still major points that have to be implemented through regulation, by an authority, Belli said. “At the moment in Brazil it’s not an independent authority, it’s dependent directly on the office of the cabinet of the President of the Republic,” he added.

“What we have now in Brazil is a potentially good law, that still has to be implemented a lot through regulation, and a potentially good authority that still has to become an independent authority,” Belli said.

Ghana — three years to start hiring permanent staff

“I always share this experience of how between the time we were appointed to the time that we finally had approval to hire permanent staff. We started operations somewhere in 2012 and it took us more than three years,” Teki Akutteh Falconer said.

Falconer said that the main challenge in establishing a functioning Data Protection Commission was inadequate resources. “A lot of us come from environments where our governments are very quick to pass these laws. And invariably it’s a lot easier to push for legislations to be passed. But then, when we setup these institutions, one thing we find is that we do not resource them,” Falconer remarked.

MediaNama hosted PrivacyNama 2021 with support from Facebook, Flipkart, Internet Society, Mozilla, Mobile Premier League, Omidyar Network, Paytm, Star India, and Xiaomi. We are also thankful to our community partners, the CyberBRICS Project, the Centre for Internet and Society, and the Centre for Communication Governance (NLU Delhi).

Also Read

Have something to add? Subscribe to MediaNama here and post your comment. 

Written By

Free Reads

News

Telecom companies are against a regulatory sandbox, as they think information revealed by businesses during the sandboxing process might be confidential should be out...

News

According to a statement, the executive body of the European Union had also sought internal documents on the risk assessments and mitigation measures for...

News

The newly launched partially open-sourced LLM Grok-1 can be commercially used but not trademarked.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ