CUTS and UNIDO called for a multilateral regime on data privacy and other aspects of cyber security
New Delhi: “Data privacy among other aspects of cyber security is critical for the future growth of electronic commerce. It is an imperative for the international community to craft multilateral regulatory framework to deal with data privacy and related aspects of cyber security. That will engender trust in cross-border e-commerce ecosystem,” said Bipul Chatterjee, Executive Director, CUTS International.
He was a moderating a session titled “Value of Cyber Security and Privacy in Digital and E-commerce Space”, which was jointly organised by CUTS International and the United Nations Industrial Development Organisation (UNIDO) on 1st May, 2020. It was a part of the eCommerce Week organised by the United Nations Conference on Trade and Development (UNCTAD). More than 250 participants took part in it virtually.
While CUTS is a partner of UNCTAD’s ‘eTrade for All’ initiative, there is a Memorandum of Understanding between CUTS and UNIDO to work inter alia on e-commerce, standards, quality infrastructure, etc., which are emerging as important instruments for the Industrial Revolution 4.0.
Speaking on the occasion, Bernardo Calzadilla-Sarmiento, Director of Trade Investment and Innovation Department of the UNIDO argued that citizens should have freedom to decide upon the use of their data. He felt that “the European Union’s General Data Protection Regulation is emerging as a template about data privacy issues”.
However, he cautioned about the increasing compliance cost due to such regimes that may be tough for small businesses. Flagging the presence of strong inter-play between regulation and standards vis-a-vis privacy and cyber security, he argued against “over-regulation in the digital space”.
Recognising the importance of privacy protection and cyber security in engendering much needed trust of consumers and business suppliers in e-commerce, Shamika N. Sirimanne, Director of Division on Technology and Logistics, UNCTAD, said that only two-thirds of countries in the world have data protection regimes and less than half amongst them are the least developed countries.
The situation is much less than desirable with respect to cyber security laws. Even where laws are in place, many countries are lacking adequate resources and skills for their efficient enforcement. “Weak legal and regulatory framework exposes consumers and businesses to cybercrime and privacy breaches”, she said, adding that “these are global issues and hence requires global cooperation”.
Mmabatho Mokiti and John McDonald, founders of an e-commerce platform named ‘RedShift’, which has been created during the Covid-19 lockdown in South Africa, provided some practical insights on how they got into their fold small businesses during the lockdown, which was threatening their closure and consequent loss of livelihoods, while consumers badly needing essential items at the same time.
In order to win ‘trust’ among its stakeholders, RedShift adopted a security-by-design approach by weaving the best and most secured e-payment gateways available in South Africa into their platform.
“Since RedShift is a mere facilitator in forming the platform, the secured environment won trust of consumers and small retailers, which led to a system working within 36 hours of its creation that can even operate beyond the Covid-19 crisis,” they said. “We do not sell or monetise consumers data on platform, but use them for research purposes, such as mapping usage and consumer behaviour changes” recognising that “protection of data and cyber security is a very important facet of our platform”.
Speaking on India’s viewpoint on ‘privacy’ and ‘cyber security’, Karti Chidambaram, a member of the Lower House of the Indian Parliament and a member of the Parliamentary Standing Committee on Information Technology, said: “There is no one view on this since privacy is largely a concern for the upper class Indians and the general mass hardly bother about privacy though they are concerned about e-payment frauds”.
He talked about ‘Aarogya Setu’, which is an app developed by the Ministry of Electronics and Information Technology, Government of India, for the purpose of tracing people having the symptoms of the Coronavirus.
Marilia Maciel, Digital Policy Senior Researcher at the Geneva-based Diplo Foundation, presented an overview of cyber security regimes around the world including developments in related international and regional rules with respect to Internet governance.
While underlining the importance of the Budapest Convention on Cybercrime, she pointed out that there is no international instrument with global reach at the moment, though a proposal by Russia is getting some traction. Geopolitical tussle between the US and China is one of the recent addendum to the hurdles affecting global efforts on cyber security.
She expressed her caution about situations where artificial intelligence can pose cyber security concerns by creating sophisticated malwares that are very hard to detect. When even large firms can take around three months to detect, one can imagine the vulnerability of small businesses.
Concluding the session, Bipul Chatterjee pointed out that in the past there have been instances when international commitments made by countries have shaped their domestic regimes for the good of businesses and other stakeholders including consumers. Thus, countries that do not have domestic cyber security regimes can also benefit from international instruments and that requires a holistic approach towards technical assistance and capacity building.
The session also deliberated upon vulnerabilities of gig workers and a consensus emerged about the need for a strong social security system to take care of such vulnerabilities.
UNCTAD’s eCommerce Week was held from 27th April to 1st May. More than 2500 participants from close to 130 countries attended 14 live sessions throughout the week.