Académique Documents
Professionnel Documents
Culture Documents
Search...
ARTICLES
March 27, 2018
In the new media age, privacy has become a fiercely debated topic. In India, we
observe that with the ongoing Aadhaar case in the Supreme Court, a new common
discussion has started around the issue of digital privacy and where the law currently
stands on this subject.
The debate on privacy and data protection has become a burning issue as the
constitutional bench of nine judges, headed by the Chief Justice of India, is set to
decide whether the right to privacy is a fundamental right, and a committee headed by
Justice B. N. Srikrishna, former judge of the Supreme Court, has been constituted to
suggest a draft Bill on data protection. It must be noted that it is this series of
important events that may contribute to India’s focus on data protection and the Data
(Privacy and Protection) Bill, 2017.
This is not the first time a Bill proposing such a right has been laid down in
Parliament. As a matter of fact, Panda himself had presented a Bill in 2009 titled “The
Prevention of Unsolicited Telephonic Calls and Protection of Privacy Bill”, which aimed
at prohibiting unsolicited telephone calls by business promoters or individuals to
persons who didn’t want to receive such calls. It stated that every person shall have
the right to privacy and freedom to lead and enjoy his/ her life without any
unwarranted infringement. Apart from Panda, Rajeev Chandrasekhar (2010), Vivek
Gupta (2016), and Om Prakash Yadav (2016) have in the past introduced Bills
pertaining to citizens’ data privacy.
3. Gives final right to modify or remove personal data from any database, whether
private or personal, solely to an individual
4. Includes data collectors and data processors (defined) who ensure that they collect
and process data in a lawful and transparent manner
6. Lays down that in case of data breach, data intermediaries are mandated to inform
individuals in a fixed time period
8. Allows lawful interception and surveillance by the state for the purpose of National
Security
9. Authorizes DPPA to penalize, imprison, and order compensation for losses suffered
by private individuals against the government or any other private institution
10. May also engage in impact assessment, consultation, and inspection by the DPPA
RECENT DEVELOPMENTS
The Ministry of Electronics and Information Technology released a white paper by a
“committee of experts” led by former Supreme Court judge, Justice B. N. Srikrishna, on
a data protection framework for India.
The government had sought public comments till December 31, 2017 on the white
paper, which is aimed at securing digital transactions and addressing customer and
privacy protection issues.
Public discourse around data privacy is probably at its zenith in India today. As
digitization increases, large volumes of data are generated and there are no measures
that safeguard the privacy of this data nor regulate data retention by the platforms
collecting it. Hence, we are in need of a strong data protection law.
Data Privacy Law Has To Be In Tandem With The Aadhaar Act LEGAL ERA MAGAZINE
speaks to Advocate PRASHANT MALI, BOMBAY HIGH COURT, about data privacy, data
security and everything in between
LE: ACCORDING TO YOU, WHAT IS THE BASIC MEANING AND PURPOSE OF THE DATA
PROTECTION BILL, 2017?
This Bill grants a statutory Right to Privacy under Section 4. However, this Right to
Privacy is only pursuant to Articles 19 and 21. While a statutory recognition of the
Right to Privacy may be applauded for being a baby step in the right direction, it will
have to pass the test of reasonable restrictions when it is codified. The Bill aims to
define and protect the right to digital privacy and to constitute a Data Privacy
Authority to protect personal data. This Bill is an attempt at empowering citizens with
this right.
LE: DO YOU FEEL THAT THE PRIVACY BILL IS
IN FAVOR OF THE MASSES OR DO YOU THINK
IT IS A POLITICAL AND INDUSTRIAL
GIMMICK? WHAT IS THE TERRITORIAL SCOPE
OF THE PRIVACY BILL, 2017? WHAT ABOUT
EXTRATERRITORIAL APPLICATION OF DATA
PROTECTION LAWS IN INDIA AS FAR AS THE
BILL IS CONCERNED? WHAT CATEGORIES OF
EXEMPTION CAN BE INCORPORATED INTO
THE DATA PROTECTION LAW?
The law must have extra-territorial effect
with respect to data of Indian residents, and
must provide appropriate redress mechanisms
for privacy violations outside India if the
infringer has a business presence in India.
The applicability of the law should be extra-territorial as it is as of now in the
penalties and liabilities prescribed under Section 43A and 72A of the IT Act, have also
been given extra-territorial applicability and would apply to contraventions committed
by non-Indian companies, irrespective of the nationality of the data subject whose
information is collected, processed or transferred. While the practical enforcement of
penalties against a company is unlikely where such company has no presence in India,
authorities may resort to other means, including blocking access to servers or
networks located in India in the event of repeated and significant contraventions or
failures by a company to comply with obligations under the Privacy Rules. Data
already in the public domain, anonymous data, data on deceased persons, journalistic
data, research data, historical data, data related to investigation, data related to
national security etc. should be exempt.
LE: CURRENTLY, THERE ARE A VARIETY OF LAWS IN INDIA WHICH DEAL WITH
PROCESSING OF DATA, INCLUDING PERSONAL DATA AND SENSITIVE PERSONAL
DATA. THESE LAWS OPERATE IN VARIOUS SECTORS, SUCH AS THE FINANCIAL
SECTOR, HEALTH SECTOR AND THE INFORMATION TECHNOLOGY SECTOR. SHOULD
THESE LAWS BE INSPECTED AND SUITABLY AMENDED BEFORE PASSAGE OF THE
DATA PROTECTION LAW, 2017?
All regulators currently have mandate for Privacy, in fact I have written a whole
research paper around it in the current issue of NUJS, International Journal of Law &
Privacy. I feel This Data Protection Law, 2017 or 2018 or 2019 whenever it is
incarnated should supersede The IT Rules, The Telecom Act & all other Regulatory
Privacy rules of all sectors. I feel the Aadhaar Act has more privacy provisions than any
other laws, how will they complement the new law is also to be seen.
LE: DO YOU THINK THAT THE LAW WILL BREAK THE IMPASSE AMONG LEGISLATORS
THIS TIME?
I am personally optimistic but the experience of legislators legislating and the history
of the same bill since 2006 is disheartening. Even though PM Modi and the Law
minister have taken all the right steps towards formulation of public opinion for the
bill, I feel the intelligence agencies and opposition political parties find no grounds for
the Law being made. I also feel defining Privacy would be a herculean task for
parliamentarians, moreover adding reasonable restrictions to the same would be
another issue. I wish the Hon. SC could have defined “Privacy” in its last Right to
Privacy Judgment then things could have been easy. I personally feel Privacy would be
like an obscenity which gets defined differently in different decades.
LE: WITH SECTION 33(2) OF THE AADHAAR ACT, THE STATE CAN CITE 'NATIONAL
SECURITY' AND ACCESS IDENTITY INFORMATION AND AUTHENTICATION RECORDS
OF CITIZENS. ISN’T THIS A BLURRING OF LINES BETWEEN 'DATA SECURITY' AND
'PRIVACY'?
Yes! it is. Data Privacy law has to be in tandem with Aadhaar Act and the state would
take this stand. If you look today as well, all states invade citizen’s privacy under the
garb of National Security. Section 33(2) of the Aadhaar Act is no different. I feel, as
India is drafting a brand new Law, it can take precautions to balance between Privacy,
National Security & Criminality.
LE: WHAT ACCORDING TO YOU SHOULD BE THE SAFETY GUIDELINES FOR PRIVACY
AND PEOPLE? WITH ADVANCING TECHNOLOGY AND EASY AVAILABILITY OF THE
DATA, HOW STRICT SHOULD BE A PRIVACY LAW IN THE COUNTRY TO CONTROL
DISRUPTION. YOUR OPINION PLEASE.
I strongly feel the last section of the Bill should have mentioned about the state’s role
in providing “Privacy literacy” related awareness and education to Indian citizens. I
feel until any state doesn’t inculcate Privacy culture among data users and make them
aware about safeguards, they will remain vulnerable. India is seriously late to protect
its data. We may be serious and may bring a law but are deficient and yet not ready
with technology to implement the same. The architecture must address the following
questions: how people give consent, how their data is released, how it is stored and
encrypted? When that data is given to another party for use, what is the criteria for
usage? Implementation of the said law cannot be overnight, it would need timelines
and meticulous planning in the Indian context.
Disclaimer – Statements and opinions expressed in this article are those from
the editorial and are well researched from various sources. The content in the
article is purely informative in nature.
RELATED POST
RADICAL CHANGE REQUIRED TO INDIA'S ANTI-CORRUPTION LAW GOOGLE-V-EQUUSTEK-SOLUTIONS-
TAKE INDIA TO THE NEXT LEVEL MUST TAKE CUES FROM ITS THE-COST-OF-DOING-BUSINESS
FOREIGN COUNTERPARTS
MOST READ
CAN OUR ANCIENT KNOWLEDGE OF AYURVEDA BE PROTECTED?
editor@legalera.in