Security & Data Protection- Digital Transformation Dimension

Digital transformation has progressed from a boardroom buzzword to a critical strategic priority, but the industry is still in its infancy. According to IDC, global investment in digital transformation will grow at a compound annual rate of 17.1 percent, reaching a staggering $2.3 trillion (53 percent of all ICT spending) by 2023. The United States will be the largest spender in the digital transformation space, followed by Europe, China, and India.

As the silicon chip’s reach permeates almost everything we do, from buying groceries online to finding a partner on a dating website, digital platforms are recasting relationships between customers, workers, and employers. As computing power improves dramatically and more people worldwide join the digital economy, we must think carefully about how to design policies that will allow us to reap the benefits of the digital revolution fully. Hence the esteemed panelists of the panel discussion organised by the SKOCH group discussed the ‘Digital Transformation Dimension particularly’ and provided their valuable viewpoints.

Mr. Kumar Vineet (Special Secretary, Department of IT & Electronics, Uttar Pradesh) said, “we are a country full of paradoxes, and public policy is not just a public policy, but it is an amalgam of two components, i.e., public and policy, where public policy framework actually imbibes into its sphere these demands and then how these resultant policies are churned out of administrative machinery. Public policy, protection, and security will have to get into a single platform because none of them can work on their idea and have to come out together to form something deliverable in the environment in which we live. Policy and administrative machinery have to go in tandem with the private industry, which is the backbone of the entire system.”

Subi Chaturvedi (Distinguished Public Policy Professional & Chair, CAII Committee on Creator Experience, Economy and Gaming) said, “whenever we talk about India, we are not just looking into one India. There are many India’s, and we need to make this journey possible. As our honorable Prime Minister likes to say, “Sabka Sath Sabka Vikas.” This is not just a statement. It is a war cry for many of us who believe in the promise that India holds. She further said, “when we are looking into a system like data protection and privacy, it’s not an end in itself. It is a means to an end. And digital transformation is at the heart of what we are solving. So, when we work with governments, the ask is straightforward. Can you give us stable and predictable policies? That we can engage with, which is pro-investment, and that allows for windows of disruptions. Also, if that can allow for the creation of regulatory sandboxes where startups or companies like ours are trying to base in India. Now, how do we build that? Many things have happened across the world. But the India story is unique because the state has single-handedly powered the digital transformation. That is an innovative programme that this government came up with, which we know now as ‘Digital India.’

She further said, “my high-level intervention is one; to have a forward-looking central framework. We should not try to solve everything with one legislation because, as we learned earlier this day that it would have an impact across ministries, across dimensions, and on existing laws. So, one, we need to steer clear to avoid duplication. Second, we need to make sure that we encourage, as our prime minister likes to say ‘cooperative and competitive federalism. So, if my state, Uttar Pradesh, becomes the best state in the country, i.e., trying to put out, let’s say, four markers or policies where we created IT parks, gaming is a scorching topic. So, we are currently at $3.8billions. We can be $35.9billion in the next two years if we create a progressive legislator framework.”

Key issues for MSMEs

According to Mr. Anil Bhardwaj (Secretary General, Federation of Indian MSMEs), when it comes to MSMEs, there are three-four key issues. One is about inclusiveness, and MSMEs need capacity building to be players in the game. They must have access to artificial intelligence-related talents, access to data, access to finance, and access to artificial intelligence technology and networks. There is also a need for partnership to create and co-create artificial intelligence-based solutions.

The second is about cybercrimes. Especially post covid, their apprehensions about digital technologies have withered in the MSMEs. So, they are ready to adopt digital technologies like never before. But their operations are still not digital-ready. They work on legacy IT systems, have hardly heard of firewalls, and are vulnerable to cybercrimes. Frauds are becoming very common these days. Currently, this is the biggest challenge. So, it’s the collective responsibility of digital players to build their capabilities and pluck loopholes. Otherwise, there would be a regulatory backlash, which could hurt this sector’s whole innovation process and potential growth. 

The third issue concerns platform providers’ interoperability and the portability of MSME data. For example, an MSME using could base ERP or accounting platforms. The regulation must allow him to pour data from one platform to another if one is unhappy. That would need a new set of common standards and practices; otherwise, he would be left at the service provider’s mercy. And this is mainly true for all platform providers. They have not yet sat together and formed the interoperability and portability of the data.

The fourth is about data protection regulations. So, there must be MSME-specific thresholds, whether as service providers or manufacturers. They should not be subjected to the same set of compliances. Otherwise, compliance would ensue litigation burden on them and then put them down. 

Working in tandem

Mr. Kumar Vineet (Special Secretary, Dept. of IT and electronics, Uttar Pradesh), on being asked about working in tandem, said, “the basic premise is trust. The US, UK, Canada, Australia, and European Union are considered a nation. When you go for a document, the front person on the other side of the desk believes in you unless and until you give a reason not to believe. Our basic premise in India is that of distrust. For instance, during the election, when you come into the booth, four different people are sitting over there. One is the state election machinery. Then there is a central government observer keeping a view on the state government. Then there is a different force that is coming out of it. Then there are political party observers. Every political party has a set of people over there, and everyone distrusts you as a citizen. Even when you are having a break, I call your name. Mr. Akhilesh has entered. If anyone has an objection, please tell me. Then I put indelible ink on you. And you proudly display it everywhere, but that is an indelible ink that authorises you not to vote again for at least 24 hours that will not go out. So, the basic premise of our concept of public policy making is distrust. 

Practices to look at while building policies

Dr. Subi Chaturvedi talked about the practices that should be considered while building policies. She said, “as far as the internet is concerned, we have two fathers of the internet, Vint Cerf and Sir Tim Berners-Lee. And when they created the internet in ARPANET and an academic ecosystem, it was a conscious choice to say that we would give it to the world. Innovation in the internet always happens at the periphery and not at the core. Therefore, we need to understand that the internet has four core values. Its interoperability, universality, the ability to amplify freedom of speech and expression, and openness. And when you look at all of these constructs coming together, there are huge organisations like the IETF (Internet Engineering Task Force), which looks at recommendations and is an exciting way of reconciling dissent. They do not take show of hands. It’s not majoritarian. They start humming, and if you have a proposal on the table, the proposal that gets the loudest hum is adopted. It’s not room temperature. It’s not a root first majority. Many of us often don’t have the answers to all the problems. Another process that the internet governance forum has adopted is not best practices but good practices. Where the central emergency response team, which is responsible for your absolute last line of cyber defense, will work with the people from academia and the private sector to say, this is my analysis of the threat map. This is how changes have occurred. These are the number of escalations. And now, how do I come up with guiding principles that a) would be relevant. B) would be more palatable, c) more agile and adaptive. So, when we are looking at legislating, yes, it is the sovereign right of the government to do that. But the industry’s perspective asks if you have now added us, which is buying real estate in the sand, a virtual sandbox. So, we like minimum government and maximum governance for an internet world. Therefore, we must not fix something which is not broken and must understand the purpose of the legislation.”

Capacities required for digital transformation at state levels 

Mr. Vishal Jain (Joint Managing Director, Inspira Enterprise) said, “I think the central policies which got maximum attraction are the ones which have the maximum attraction and the ones that have a framework in place for the states to do. Funding is significant from a central perspective. I think the challenges which exist today are on the competency side. We must first build the next generation of actual cyber security across the country. Today, through institutions and courses, many state governments are adopting cybersecurity training for all of their employees and mandatory courses for university students. Because that’s extremely important and will also build competitiveness and a minimum wage level for everyone. Our population today is majorly in their 20’s. Hence a combination of state investment, building more awareness, and more initiatives would help us achieve our goals. Efforts should be made to roll this out much faster and ensure that we have a minimum platform or level-based competency level to be established in each state to handle their issues.”

Going Forward 

Firstly, we must believe very strongly that Digital disruption is here, and we can’t stop it. Anybody trying to bring in regulation, which will be a form of stopping it or slowing it down, is going to be really hard. These days, government policies are very reformative and collaborative. Hopefully, we will make the guidelines more enablers rather than trying to come in the way. In any case, trying to stop a digital disruption means sprinting in front of a running train. Second, there is no point in regulations and policies outside e-technology progress. Hopefully, we will not build a data protection regime purely for this transaction system, a trap we all fall into as we are all surrounded by the transaction system. Hence, the world shortly will be covered by intelligent systems, and how we deal with data protection in the context of the innovative strategy will be very important. 

Recommendations

• Public policy, protection, and cyber security will have to get into a single platform with each other because none of them can work in its identity.
• Policy and administrative machinery have to go in tandem with the private industry, which is the backbone of the entire system.
• We must have a central framework that is forward-looking.
• MSMEs must have access to artificial intelligence-related talents, access to data, access to finance, access to artificial intelligence technology, and networks.
• There must be MSME-specific thresholds, whether as service providers or manufacturers. 
• It is essential to provide cybersecurity training to students and employees.