One of the common misconceptions of law in the space of technology is that law limits the possibilities of what technology can do. We’re here to change that misconception by opening your eyes to the extensive, enabling work of our legal team.
Meet Meenal Maheshwari Shah, Group Legal Director at Lemmatree, the holding company of Affinidi. Read on as she shares her experience and thoughts on how technology and law are intertwined with each other, and how to navigate the complexities that come with it.
She is also the winner of many coveted awards, including the Chevening Fellowship, where she presented a research paper titled “Territorial approach to cyber/ technology law - Smart or stupid?”
Thank you for chatting with us, Meenal. Let’s start with the Chevening Fellowship. Can you tell us a few words about it, please?
The Chevening Fellowship is a cybersecurity program run by the UK government. Every year, they take six senior professionals from different walks of life in India, and provide a platform for these members to interact with professionals and lawmakers who work in technology, privacy laws, and digital assets. We are also given practical challenges in this space, and have to work to find solutions for the same. This is where we learn the true power of collaboration. Imagine a lawyer, a cybersecurity professional, and a coder working together and talking the same “language” to solve a challenge! It just goes to show how different areas of businesses are interconnected.
Truly, it was an enriching experience for me and has opened new perspectives on the practical implications of laws.
That's great to hear, and we wish we were part of this program! Now, touching a bit on your research paper, how do you think we can address data security issues through laws?
In my opinion, we are addressing a border agnostic issue with territorial laws and processes. For example, the way the Internet is governed in India is different from the way it’s governed in Germany. But the technology itself is seamless and knows no borders. Then, why are we looking to manage it differently in different territories? This leads to dire inefficiency.
For example, the high seas and the airspace have been recognized as belonging to mankind in general and can't be monopolized by any one country. This is why they are governed by international laws and not by national/ territorial laws. We should be dealing with technology in the same way.
Much of the problem lies in the level of control that one wants to have. But the thing is, the means to achieve a short-term goal can cause you to lose control completely in the long run. In other words, you’ll lose control of the technology altogether if different laws govern the same thing. Also, you’ll never be able to reach a consensus on borderless issues because of these multi-jurisdictional variations.
And this is open access for malicious actors because they’ll simply leverage the divide-and-conquer strategy. This is exactly what my paper shows and I think it offers a different paradigm about the way technology is governed.
So, how can we go about formulating such universal and international laws?
The only way is through dialog and discussion. We need to start talking about it and must explain the rationale and need for such laws to the stakeholders. Anything can come only with influence, and influence comes with persistence. This means we have to think and talk about the same thing many times and across many forums and not get tired of it. A change can occur only with a relentless pursuit of the subject matter.
When you talk to lawmakers and stakeholders, they come from different backgrounds with varying levels of understanding. How do you communicate across these different audiences?
This is one aspect that I specialize in and have done this many times in my life. Say, I’m writing a policy for a company. Most times, it will go unread because no one wants to read a 10-page report. The result is that we have a policy, but no one knows about it.
On the other hand, if I give this to another lawyer, he/she will want to read it, and possibly even be excited about it. I need to make this policy exciting for my readers, regardless of their background. If I have to make this policy into a video game just to get its message conveyed to people, I’ll do it.
The key is to understand your audience’s background and present what you want to say in a way and format that appeals to them. This is essential to enhance their interest and to make them understand the laws and policies in question. This is an education best served, and this is also key learning for me from my kid. For example, teaching him something through a role-play is easier than paper and a pen and I’ve had to adapt to his needs. I extend this experience to my work life too, and try to cater to people in a way/format that they understand best.
That's interesting, and if you’re really making a video game, we’ll be the first supporters. What brought you to corporate law in the first place?
I’ve been a lawyer for many years now and I think I started dabbling with technology quite early on. When the IT Act was passed in India in the year 2000, it was the talk of the town. During that time, I was in my first job at Khaitan, and we used to get a lot of queries on this law. I thought this law was not sufficient because as you know, most laws are reactive to incidents/changes rather than being proactive and setting the path.
That’s when I started writing about it a lot to share the nuances of each provision of technology law. I also wanted to have a forward-looking approach rather than merely analyzing the provisions of a law. This naturally took me to corporate law because I think when you know what is already there and what is required, you’re a good fit for this position.
In your opinion, what’s the one thing that everyone should know about data ownership?
Most people think they can use online services for free. But nothing is free really, as you’re using these apps in exchange for your data. So, we should be careful about our data just like how we’re careful about money. It’s precious and can become very dear very soon! But what I also think is that amongst a family etc data sharing will never stop as the essence of human beings is sharing, sharing information, experiences etc., so cyber-security professionals have to make policies keeping in mind that just shifting the onus of cyber-security to individuals is no solution at all.
Shifting gears towards some personal questions, name a person who inspires you and why?
This is an often-asked question for me! Many times, in my life, I’ve named people I didn’t really know. I realized that it didn’t make sense because these people turned out to be very different than my perception of them when I met them.
To answer your question, I’m very inspired by my husband. He is someone who inspires me because I’ve never seen anyone multitasking so easily and seamlessly as him. He is amazing at work, stays on top of his fitness, cares for his family, manages our finances, socializes, dances the best garba (a dance in India of the Gujarati community) and the list can go on (laughs). All these inspire me.
If someone were to spot you outside of work, where can they find you and doing what?
Either in the gym or doing yoga or on Marine Drive running.
What’s the one thing that most people don’t know about you?
They don’t know that sometimes I do feel hurt, and I work my way through it without sharing my hurt because I don’t want to make the other person uncomfortable.
If you had a superpower, what would that be?
I want to be completely free of social expectations, so I can do whatever I want without any judgement. I’ve trained myself to be like that in some aspects, but I have to work harder on other important aspects to achieve the kind of freedom I dream of. Total freedom would be my superpower.