INTRODUCTION
Geospatial data is sensitive information pertaining to the earth such as location coordinates, latitude, longitude, etc. In simpler words, geospatial data is basically the information collected on objects, times, or phenomena that have a geographical address on the earth’s surface.
In several fields, including agriculture in particular, geospatial technologies improve the efficiency of artificial intelligence and intelligent machinery. Through the use of a Global Positioning System (hereinafter referred to as “GPS”) and digital dashboards, remotely controlled machinery may fulfill a variety of functions.
However, one major concern in the geospatial industry is the bulk processing, storage, and transfer of sensitive data, which is largely unregulated at the present due to the absence of a codified data privacy law and geospatial law in India.
GEOSPATIAL DATA GUIDELINES
The Guidelines for Acquiring and Creating Geospatial Data And Geospatial Data Services, Including Maps (hereinafter referred to as the “Guidelines”), were published in February 2021 by the Department of Science and Technology (hereinafter referred to as “DST”), of the Government of India.
The Guidelines apply to the organizations that collect geospatial data, provide mapping services, and other related goods and services that are provided by both public and private organizations.
These Guidelines have removed the complex licensing requirements that formerly apply to private businesses, deregulating the method of collecting geospatial data, and making it easier for businesses to prosper in this field.
Through these Guidelines, the Government acknowledged that geospatial data is significant in the contemporary digital ecosystem and has a significant impact on economic, social, and environmental growth, necessitating the convenience of obtaining such data.
All Indian entities have been given unrestricted access to geospatial data and services, including maps. However, sensitive defence or data related to the security of the country has been excluded. Before creating or updating digital geospatial data and maps inside the territorial boundaries of India, Indian businesses and innovators are now no longer subject to restrictions or need prior approvals. Additionally, there are no limits, license requirements, or security clearance requirements.
However, it is pertinent to note that even though the Guidelines have liberalized the geospatial industry to a great extent, it has also brought about data privacy concerns. The draft Digital Personal Data Protection Bill, 2022 (hereinafter referred to as “the Bill”) shall have wide-ranging implications on the processing of personal data of Indian citizens by the geospatial sector, pursuant to the applicability of the Guidelines.
GEOSPATIAL DATA AND DATA PRIVACY
Geospatial data acquired from persons is expected to have ramifications under the Bill. For companies that gather and utilize “personal data,” or information that can be used to identify the person to whom it belongs, the Bill establishes a privacy-based framework.
The tracking of mobile phone users’ time and location data results in the generation of a lot of location data, which is most likely considered as personal data. Prior to doing so, the Bill necessitates obtaining the data principal’s consent; if consent is later revoked, the data would also be required to be deleted. Furthermore, location data is frequently the key to private information about a person, such as their race, political inclinations, or religious preferences.
Therefore, it is not sufficient to have a theoretical potential that information might be linked to an individual, there must also be a reasonable likelihood that this can be done in fact. Therefore, the data should be regarded as personal data when it is possible to identify a specific person based on the information that is accessible.
Individuals cannot always be connected to or identified using geospatial data or geographic information systems. Therefore, privacy and data protection laws often do not apply to geographical information. However, if geographical information contains information about people or makes it possible for people to be recognized, it automatically becomes personal data and is covered by data protection laws.
The GDPR also specifically refers to “location data” as a potential identifier that could be used to identify a person. Thus, the question of whether geographical data should be regarded as personal data depends heavily on the specifics of each situation. For instance, a map showing a nation’s geography would not be considered personal information in and of itself. However, geospatial information should be regarded as personal data when it is combined with GPS data to show the movement of people in real time.
To determine whether data protection legislation is applicable and, if so, what regulations are applicable, it is crucial to consider the specific use case for geographical information.
IMPLICATIONS OF THE BILL ON THE COLLECTION OF GEOSPATIAL DATA
The Bill, when enacted, shall be applicable on the processing of personal data of Indian citizens, even if such processing is done outside the territorial jurisdiction of India. Furthermore, the Bill also places restrictions on cross-border transfer of such personal data and states that the Central Government shall notify the countries or territories outside India, to which the transfer of personal data shall be allowed.
The Bill places wide-ranging obligations on the data fiduciary and entitles the data subject to several rights. Hence, any company engaged in the business of processing geospatial data or providing mapping services, would be required to comply with the obligations enumerated under the Bill if such a company is processing any kind of digital personal data of Indian citizens.
AMLEGALS REMARKS
In India, the usage of geospatial technology is currently limited to niche applications. With the current arrangement, mapped data is usually preserved by security organisations and hosted on Indian servers.
While the Bill has been revised to emphasise data localization for sovereignty and security, this is not reflected in the current geospatial standards. Geospatial data may necessitate additional safeguards because it can map maritime and land borders, satellite usage, railway movement, and so on. This goal of ensuring real-time mapping is now the reason why the street view is not authorised via GPS in India.
If India liberalises access to geospatial data to internationally headquartered mapping agencies due to a significant gap in mapping agencies, geospatial technology, and device manufacturing in India compared to global players, India would expose itself to vulnerabilities not only with regard to individual privacy but also in the homeland and national security.
This would involve not only lead to probable misuse of previous data by foreign intelligence organisations, but also possible satellite observation of weaponry or freight movement, maritime mapping, and even border movement. Thus, it is a matter of debate and requires more attention from the Government.
– Team AMLEGALS assisted by Ms. Ishita Jaiswal (Intern)
For any queries or feedback, please feel free to get in touch with chaitali.sadayet@amlegals.com or mridusha.guha@amlegals.com.
Leave a Reply