Omidyar - Close Icon

Privacy law should not disproportionately increase cost of business for start-ups

3rd April 2020
Privacy law should not disproportionately increase cost of business for start-ups
arrow down

Photo Credit: The Indian Express

By Subhashish Bhadra and Varad Pande

If data is the lifeblood of the modern economy, then digital entrepreneurship is its beating heart. This is particularly true in India where public and private institutions have historically struggled to reach the last mile. Start-ups are working towards bridging the gap. Access to high-quality data is enabling them to provide micro-credit to the under-banked, ed-tech solutions to students in the smallest towns, and cheaper forms of medical diagnostics to the most vulnerable.

It is in this context that India’s draft Personal Data Protection Bill should be seen. The Bill is meant to protect Indians’ rights over their data, and envisions a Data Protection Authority (DPA) that will enforce good data practices by public and private institutions. This is a timely and welcome move, since it will help minimise data-based harm to Indians.

However, India has also set itself a goal of a $1-trillion digital economy. This ambitious target will require it to develop a thriving start-up ecosystem. It is therefore important that the privacy bill does not lead to an uneven playing field for them. This is not an unfounded risk, as evidence from other countries shows.

We know that in Europe, smaller AdTech firms lost market share to “big tech” players like Google and Facebook after Europe adopted “General Data Protection Regulation” — its privacy law — in 2018. This could be driven by many factors, including big tech’s ability to devote more resources to compliance and reduce data access for smaller firms. Investors have responded to these market signals as well. Researchers from the University of Maryland have shown that venture funding into early-stage technology firms in Europe declined 18 per cent by volume and 40 per cent by value after enforcement of GDPR.

Read the full op-ed here.