Introduction
The collection of information is the
base of any program or business and this is the base on which upcoming
strategies are designed. Nowadays when we even go to the super market and purchase
anything we are asked to register our contact number, birth details etc.
However not every piece of information is necessary but we do not care much
about it. The data if not used properly can be very dangerous for privacy of an
individual. The protection of data is of utmost importance because it contains
your personal information and if it goes into wrong hand it can lead to
trouble. For example: - if someone is a journalist then the information related
to him is so crucial because if his personal information gets leaked he might
not be able to cover the news freely.
Thus, the data protection is very
important. Indian government in year 2019 came up with personal data protection
bill to protect the data but because of few objections, it got referred to the
Joint parliamentary committee for recommendation. In year 2021 now again, it is introduced in
parliament and it is the matter of time whether government accommodate the
changes suggested by joint parliamentary committee or not.
What is the need for Data protection Act?
Personal information is a valuable
asset that needs to be protected against all the unauthorized access. There
should be some limits to the collection of data and from whom data is collected
should be informed that for what purpose the data is collected.[1] There is this
recent case in which the journalist filed the RTI application and the data of
journalist like his address was visible on the website through which some
hoodlums reached his house and troubled him. The important point here is data
need not only be protected but also be deleted when not in need.[2]
The analytical school of thought
which asserts that right in private information of person must be treated as
his property right and this must be protected like that only.[3]
Thus, considering all these things in mind Indian government came up with first
of its kind Personal Data Protection Bill.
Existing regulations on Data protection
India does not have specific law on
data protection but it has some similar laws regulating the information and
protecting the privacy. The existing regulations on protection of personal
information are Information Technology Act, 2000 and Indian Contract Act, 1872
which prevents the misuse and disclosure of personal information in a contract.
The Constitution of India grants right to privacy under Article 21 which is
right to life. Privacy is integral for life. In the landmark case of K S
Puttaswamy & Anrs. v. Union of India & Ors.[4]
Supreme Court upheld that Right to privacy is our fundamental right which is
only available for citizens of India.
The existing regulations on
protection of personal information are Information Technology Act, 2000 and
Indian Contract Act, 1872 which prevents the misuse and disclosure of personal
information in a contract. (Indian) Information Technology Act, 2000 deals with
the issues relating to payment of compensation (Civil) and punishment
(Criminal) in case of wrongful disclosure and misuse of personal data and
violation of contractual terms in respect of personal data.[5]
Personal Data
protection Bill, 2021
The Personal Data Protection Bill is
the result of landmark Aadhaar Card judgement and the recommendation made by
The proposed Personal Data Protection
bill has come up with lot of measures. The concept of data fiduiciary is
introduced who will responsible for processing of data with the prior consent
of individuals. It also laid upon some responsibilities on social media
intermediaries which are having users above the notified threshold and whose
action can influence public order. The bill also deals with transfer of data to
foreign countries and if data is transferred outside then it has to be stored
in India also.
The important point here is this
that every time the privacy can be breached, when it comes to protect the
sovereignty of the state and security of the nation. This makes division of
categories ineffective. The Bill provides Right of Conformation, Right of
Portability, Right to Correction and Right to be Forgotten. This bill states that
each company must have Data Protection Officer that audit and redress the
problems of the people.
This Bill has many loopholes in
current form such as Section 35[7]
of the Data Protection Bill gives unbridled power to the central government to
exempt any government agency from the purview of the entire act itself. It considerably
eases the government’s task of collecting data to compulsorily register its
citizens, which flagrantly disregards the scope allowed by the Puttaswamy
judgment, which only allowed “necessary and proportionate” processing of data
by the government under a limited number of conditions.[8]
Recommendations of Joint Parliamentary Committee
The Joint Parliamentary Committee
has submitted its report and gave suggestions on the nature of data to be
protected, liability of social media companies and the implications. The key
recommendation of this committee is inclusion of ‘non- personal’ data within
the ambit of data as it is sometimes difficult to differentiate between
personal and non- personal data. All the data should be dealt by one authority
not separate authorities.
The
ample amount of time should be provided to data aggregators so that they can
easily comply with the norms. It recommended the transition period of 24 months
in which 9 months for registration of fiduciaries and 6 months for Data
Protection Authority to start functioning. The another major recommendation is
this that social media platforms that are not third parties should also comply
with laws as the publishers[9]
International laws on data protection
The
Data Protection Bill is very similar to global standards European Union’s law
on data protection that is known as General Data Protection Regulation. The GDPR does not cover non personal
data and treat it as anonymous data as different from newly introduced Data
Protection bill. Earlier, In India the bill was named as Non Personal Data
protection act but now with the inclusion of personal data in the ambit of
protection it is known as Data Protection Bill. There is no jail term in this
law as compare to the proposed bill. In the USA privacy laws are left for
states they can decide on their own. In Brazil also there is Internet Privacy
Act, 2014 which regulates the data. The interesting part about this is that it
does take care about the data of the minors and take consent of the guardians
and after becoming major then can either approve the use of data or take down
the information.[10]
Conclusion
The
bill in the current form even after the changes is not looking great as some of
the major changes are not incorporated like the change in Section 35. The
suggested change was that parliamentary approval would be taken if government
agency is exempted but it did not happen. The concept of DPA is appreciated but
no proper description is given about its judicial outreach. The breach of
security during investigation is also not elaborated properly.
The
privacy and national security both are important and government as well as
citizens must ensure the privacy. The recommendations of JCP committee should
be taken into consideration along with there should be proper consideration of
protection of minor’s data who are using internet space because there is no
such thing mentioned in the bill. Government should be careful about privacy
and laws mere drafting cannot change the situation but enactment of the laws is
required. The officials can keep an eye on agencies which are taking irrelevant
data.
The
data protection act is the need of the hour and thus after due consideration
and deliberation the law should be enacted so that in future loopholes cannot
be exploited.
About the Author
Kavya Dixit is currently a
second-year student of Rajiv Gandhi National University of law. She
is interested in criminal
law and corporate law. She has a hobby of writing on current and political
issue.
[1] Singh, A. (2017). DATA PROTECTION:
INDIA IN THE INFORMATION AGE. Journal of
the Indian Law Institute, 59(1),
78–101. https://www.jstor.org/stable/26826591
(last accessed on 5 January,2022)
[2] Shukla, A., Government violated own rule while disclosing former Journalist’ personal detail, The Wire, available at https://thewire.in/law/rti-act-government-violated-rule-personal-details-disclosure ( accessed on 9 December,2021)
[3] Hal
R Varian, ‘Economic Aspects of personal privacy’in William H Lehr and Lorenzo Maria Pupillo
(eds.), Internet policy and Economic
challenges and perspectives 105 (Springer, 2002)
[4] K.S. Puttaswamy & Anrs. v. Union of India & Ors AIR [2017
]SC 4161
[5] Data protection Laws in India, Mondaq available at https://www.mondaq.com/india/data-protection/655034/data-protection-laws-in-india--everything-you-must-know( last visited on 24 December, 2021)
[6] Personal
Data Protection Bill, 2021
[7] Personal
Data Protection Bill, 2021, Section 35
[8] Padmini Ray Murray & Paul Anthony, “Designing for Democracy: Does the Personal Data Protection Bill 2019 Champion Citizen Rights?” 25 Economics and Political Weekly (2020)
[9]
Aashish Aryan, “JCP
Prescription for Data Bill”, The Indian express ,Dec 24, 2021
[10]
Internet Privacy Act, 2014
Comments
Post a Comment