We mustn’t lose time on enacting a data protection law

Synopsis: India needs to pass its own data protection law as soon as possible in order to demonstrate our leadership at the global level in this newly-emerged but important field of jurisdiction.

What is the significance of Puttaswamy and Others vs. Union of India and Others case?

A 9-judge bench of India’s Supreme Court passed a historic judgement in the Puttaswamy and Others vs. Union of India and Others case.

It guaranteed informational privacy to each citizen of India as a fundamental right.

This right is now a part of the ‘basic features’ of the Constitution and therefore becomes fully justiciable.

Possibly, no other country in the world has the right to informational privacy as a fundamental right.

What constitutes ‘informational privacy’?

It is an amalgamation of several rights. The right to be left alone, the right to body, mind and soul, the right to control over one’s data and information related to one’s personal life, the right to one’s individuality, and the right to be forgotten etc.,

Privacy is not just an idea, but a way of life that enhances the scope of individual liberty, speech and expression. And this is also linked to the right to dissent in a democracy.

Why there is a need to enact data protection law for India?

Until right to privacy judgement, privacy and personal data were broadly regulated under Section 43A of the Information Technology Act, 2000, and the Information Technology Rules of 2011.

With the rise of digitalization in the country and the rapid increase of technology-led services in the daily lives of people, led to the sharing of personal data at different levels. Hence, the need arose to evolve from a basic level of privacy to a more granular and comprehensive mechanism.

Also, other countries like Europe had already passed its General Data Protection Regulation in 2018. The broad idea of such reforms is to provide citizens ownership of their data.

What were the key recommendations of the of Justice B.N. Srikrishna committee?

Following the judgement of the Supreme Court, the government had set up a committee of experts in 2017 under the chairmanship of Justice B.N. Srikrishna.

The committee submitted a report titled, ‘A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians’, a year later along with a draft Data Protection Bill.

Its focus was to ensure that citizens know how their data is processed, why it is being processed, for how long such data would be stored, where it’s being stored, how secure it would be, etc.

The major principles suggested by the committee are informed consent, data minimization, process limitation and the right to be forgotten embedded in the Bill

In addition, it featured ‘privacy by design’, a concept that puts privacy at the heart of systems and processes, taking privacy into account during the entire engineering and production processes of a data fiduciary.

Further, the panel’s focus was not confined just to protecting an individual’s right to privacy, but also extended to fostering an enabling environment for free and fair trade and industry. The latter was important, as it recognized the value of data in economic activity and nation-building.

What are the issues/Challenges present in the Personal Data Protection Bill?

It has drawn some criticism for blanket exemptions provided to the executive, with little or no judicial or parliamentary oversight. The Bill was sent to a Joint Parliamentary Committee (JPC) for assessment.

In its current form, the envisaged Data Protection Authority (DPA) does not have the autonomy of an ideal regulator and is largely executive-driven, with only minimal safeguards against political interference. Besides, its independence could be put at risk by a lack of technical competence.

What is the way forward?

In order to regulate the implementation of India’s new data protection law, we would need a strong DPA that protects citizens from any abuse of their personal data.

Source: This post is based on the article “We mustn’t lose time on enacting a data protection law” Published in “Livemint” on 26th Oct 2021.

Print Friendly and PDF