Dealing with data 

Dealing with data 

Context

The dawn of the information age opened up great opportunities for the beneficial use of data. It also enhanced the perils of unregulated and arbitrary use of personal data

Underlying debate

Author states that the dawn of the information age opened up great opportunities for the beneficial use of data. It also enhanced the dangers of unregulated and arbitrary use of personal data

Unauthorised leaks, hacking and other cybercrimes have rendered data bases vulnerable.

  • But it is the conflict between the massive scope for progress provided by the digital era and the fear of loss of individual autonomy that is inherent in any debates about data protection laws

White paper

It is against this backdrop that the White Paper was made public by the Justice B.N. Srikrishna Committee to elicit views from the public on the shape and substance of a comprehensive data protection law

Two approaches

Author states that data protection law can be based on following two approaches,

  • European Union’s General Data Protection Regulation, 2016: You can read more about it here
  • American model: In this model the norms are stringent for government departments processing personal information, while private entities have to abide by the norms of giving notice and receiving consent

Data protection in India

India does not have a separate law for data protection. Following safeguards exist,

  • Section 43A of the Information Technology Act provides a measure of legal protection of personal information
  • In 2012, the Justice A.P. Shah Committee recommended a set of principles for a legal framework for protecting privacy. Drawn from OECD guidelines, these principles were centred on sufficient notice and disclosure to citizens when data are collected, limitations on data collection and use, and norms related to data security and accountability
  • The Srikrishna Committee has also flagged seven major principles
    • It wants the law to be technology-agnostic (cynical of the technology) and enshrine the principle of informed consent
    • It favors data minimization and accountability of those who process and control data
    • It privileges a holistic approach as the law would apply to both government and private entities, but with “differential obligations”

Conclusion

It is legitimate to collect personal data in the public interest, but this information should be protected and used only for the purposes it was collected. Above all, the law must provide for a suitably empowered statutory authority to enforce its promised protection to citizens’ data

Print Friendly and PDF
Blog
Academy
Community