Skip to main content

DECODING THE FURORE OVER DATA PROTECTION BILL

 

Introduction

The collection of information is the base of any program or business and this is the base on which upcoming strategies are designed. Nowadays when we even go to the super market and purchase anything we are asked to register our contact number, birth details etc. However not every piece of information is necessary but we do not care much about it. The data if not used properly can be very dangerous for privacy of an individual. The protection of data is of utmost importance because it contains your personal information and if it goes into wrong hand it can lead to trouble. For example: - if someone is a journalist then the information related to him is so crucial because if his personal information gets leaked he might not be able to cover the news freely.

Thus, the data protection is very important. Indian government in year 2019 came up with personal data protection bill to protect the data but because of few objections, it got referred to the Joint parliamentary committee for recommendation.  In year 2021 now again, it is introduced in parliament and it is the matter of time whether government accommodate the changes suggested by joint parliamentary committee or not.

What is the need for Data protection Act?

Personal information is a valuable asset that needs to be protected against all the unauthorized access. There should be some limits to the collection of data and from whom data is collected should be informed that for what purpose the data is collected.[1] There is this recent case in which the journalist filed the RTI application and the data of journalist like his address was visible on the website through which some hoodlums reached his house and troubled him. The important point here is data need not only be protected but also be deleted when not in need.[2]

The analytical school of thought which asserts that right in private information of person must be treated as his property right and this must be protected like that only.[3] Thus, considering all these things in mind Indian government came up with first of its kind Personal Data Protection Bill.

Existing regulations on Data protection

India does not have specific law on data protection but it has some similar laws regulating the information and protecting the privacy. The existing regulations on protection of personal information are Information Technology Act, 2000 and Indian Contract Act, 1872 which prevents the misuse and disclosure of personal information in a contract. The Constitution of India grants right to privacy under Article 21 which is right to life. Privacy is integral for life. In the landmark case of K S Puttaswamy & Anrs. v. Union of India & Ors.[4] Supreme Court upheld that Right to privacy is our fundamental right which is only available for citizens of India.

The existing regulations on protection of personal information are Information Technology Act, 2000 and Indian Contract Act, 1872 which prevents the misuse and disclosure of personal information in a contract. (Indian) Information Technology Act, 2000 deals with the issues relating to payment of compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data.[5]

Personal Data protection Bill, 2021

The Personal Data Protection Bill is the result of landmark Aadhaar Card judgement and the recommendation made by Justice B N Srikrishna Committee. The bill was introduced by then law minister Ravi Shankar Prasad.

The proposed Personal Data Protection bill has come up with lot of measures. The concept of data fiduiciary is introduced who will responsible for processing of data with the prior consent of individuals. It also laid upon some responsibilities on social media intermediaries which are having users above the notified threshold and whose action can influence public order. The bill also deals with transfer of data to foreign countries and if data is transferred outside then it has to be stored in India also. The bill emphasizes on privacy at every point like while sharing data outside the country and setting up of Data Protection Authority which will deal with all the matters of privacy.  However this privacy can be breached when it comes to protect the security of the state. The government can intercept data in this situation. The personal details divided into three categories General, Sensitive and Critical. The Sensitive data contains all health related, sexual, caste, religion, financial, biometric and generic data. The critical data covers military, national and security related data. The General data contains data which is not covered in either of two categories[6].

The important point here is this that every time the privacy can be breached, when it comes to protect the sovereignty of the state and security of the nation. This makes division of categories ineffective. The Bill provides Right of Conformation, Right of Portability, Right to Correction and Right to be Forgotten. This bill states that each company must have Data Protection Officer that audit and redress the problems of the people.

This Bill has many loopholes in current form such as Section 35[7] of the Data Protection Bill gives unbridled power to the central government to exempt any government agency from the purview of the entire act itself. It considerably eases the government’s task of collecting data to compulsorily register its citizens, which flagrantly disregards the scope allowed by the Puttaswamy judgment, which only allowed “necessary and proportionate” processing of data by the government under a limited number of conditions.[8]

Recommendations of Joint Parliamentary Committee

The Joint Parliamentary Committee has submitted its report and gave suggestions on the nature of data to be protected, liability of social media companies and the implications. The key recommendation of this committee is inclusion of ‘non- personal’ data within the ambit of data as it is sometimes difficult to differentiate between personal and non- personal data. All the data should be dealt by one authority not separate authorities.

The ample amount of time should be provided to data aggregators so that they can easily comply with the norms. It recommended the transition period of 24 months in which 9 months for registration of fiduciaries and 6 months for Data Protection Authority to start functioning. The another major recommendation is this that social media platforms that are not third parties should also comply with laws as the publishers[9]

International laws on data protection

The Data Protection Bill is very similar to global standards European Union’s law on data protection that is known as General Data Protection Regulation. The GDPR does not cover non personal data and treat it as anonymous data as different from newly introduced Data Protection bill. Earlier, In India the bill was named as Non Personal Data protection act but now with the inclusion of personal data in the ambit of protection it is known as Data Protection Bill. There is no jail term in this law as compare to the proposed bill. In the USA privacy laws are left for states they can decide on their own. In Brazil also there is Internet Privacy Act, 2014 which regulates the data. The interesting part about this is that it does take care about the data of the minors and take consent of the guardians and after becoming major then can either approve the use of data or take down the information.[10]

 

 

Conclusion

The bill in the current form even after the changes is not looking great as some of the major changes are not incorporated like the change in Section 35. The suggested change was that parliamentary approval would be taken if government agency is exempted but it did not happen. The concept of DPA is appreciated but no proper description is given about its judicial outreach. The breach of security during investigation is also not elaborated properly.

The privacy and national security both are important and government as well as citizens must ensure the privacy. The recommendations of JCP committee should be taken into consideration along with there should be proper consideration of protection of minor’s data who are using internet space because there is no such thing mentioned in the bill. Government should be careful about privacy and laws mere drafting cannot change the situation but enactment of the laws is required. The officials can keep an eye on agencies which are taking irrelevant data.

The data protection act is the need of the hour and thus after due consideration and deliberation the law should be enacted so that in future loopholes cannot be exploited.

About the Author

Kavya Dixit is currently a second-year student of Rajiv Gandhi National University of law. She is interested in criminal law and corporate law. She has a hobby of writing on current and political issue.

 

 

 

 

 



[1] Singh, A. (2017). DATA PROTECTION: INDIA IN THE INFORMATION AGE. Journal of the Indian Law Institute, 59(1), 78–101. https://www.jstor.org/stable/26826591 (last accessed on 5 January,2022)

[2] Shukla, A., Government violated own rule while disclosing former Journalist’ personal detail,  The Wire, available at https://thewire.in/law/rti-act-government-violated-rule-personal-details-disclosure ( accessed on 9 December,2021)

[3] Hal R Varian, ‘Economic Aspects of personal privacy’in  William H Lehr and Lorenzo Maria Pupillo (eds.), Internet policy and Economic challenges and perspectives 105 (Springer, 2002)

[4] K.S. Puttaswamy & Anrs. v. Union of India & Ors AIR [2017 ]SC 4161

[5] Data protection Laws in India, Mondaq available at https://www.mondaq.com/india/data-protection/655034/data-protection-laws-in-india--everything-you-must-know( last visited on 24 December, 2021)

[6] Personal Data Protection Bill, 2021

[7] Personal Data Protection Bill, 2021, Section 35

[8] Padmini Ray Murray & Paul Anthony, “Designing for Democracy: Does the Personal Data Protection Bill 2019 Champion Citizen Rights?” 25 Economics and Political Weekly (2020)

[9] Aashish Aryan, “JCP  Prescription for Data Bill”,  The Indian express ,Dec 24, 2021

[10] Internet Privacy Act, 2014

Comments

Popular posts from this blog

AN OVERVIEW OF THE INFORMATION TECHNOLOGY (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021

  ABSTRACT As society is advancing and progressing towards the advancement of technology, we are dwelling upon different kinds of new technologies. With the coming of new technologies, there have been various concerns about the usage of these technologies in accordance with the laws of the land, the misuse of these technologies and its attempt by law to check such kind of arbitrary use. In this era of surveillance, there are many issues concerning privacy because of the technology that we use. The Indian Government has laid down the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, especially in the backdrop of recent controversies that have erupted concerning OTT platforms to check the arbitrary use of cyber technology and establish a mechanism to deal with the cyber issues. The OTT platforms were not covered under the old legislation. The amended rule includes both social media platforms and OTT platforms under the ambit of the Ministry...

EVOLUTION OF THE RIGHT TO PRIVACY AND EXPLAINING THE NATIONAL SECURITY IMPLICATIONS OF THE SAME

  INTRODUCTION The term ‘Privacy’ has a multi-faced connotation and is much complex a problem to be reduced to a single essence. Privacy is the right to be let alone, the right to be free from unwarranted public intervention. [1] The concept of privacy was inextricably linked with that of house or property sanctity in the late nineteenth and early twentieth centuries. [2] The Right to Privacy has received considerable attention recently, since it is being considered as an important component of the fundamental right of 'right to life and personal liberty' under Article 21 of the Constitution, together with the freedoms granted by Part III. There has almost been an evolution of the subject as a result of various landmark decisions made over time by the Indian Judiciary. However, since fundamental rights are not absolute in nature [3] , it is necessary to understand that the infringement of Right to Privacy is justified by a compelling state interest [4] . Any topic of publi...