Membership Jobs

Search...

ARTICLES
March 27, 2018

Rate This Article

(2 Votes, Average Rating: 5.00 out of 5)

DATA (PRIVACY AND PROTECTION) BILL, 2017:

WHAT TO EXPECT
-,[]
-,[]
As digitization increases, large volumes of data are generated and there are no
measures to safeguard the privacy of this data nor regulate data retention by the
platforms collecting it. Hence, we are in need of a strong data protection law

In the new media age, privacy has become a fiercely debated topic. In India, we
observe that with the ongoing Aadhaar case in the Supreme Court, a new common
discussion has started around the issue of digital privacy and where the law currently
stands on this subject.

The debate on privacy and data protection has become a burning issue as the
constitutional bench of nine judges, headed by the Chief Justice of India, is set to
decide whether the right to privacy is a fundamental right, and a committee headed by
Justice B. N. Srikrishna, former judge of the Supreme Court, has been constituted to
suggest a draft Bill on data protection. It must be noted that it is this series of
important events that may contribute to India’s focus on data protection and the Data
(Privacy and Protection) Bill, 2017.

WHAT IS DATA PRIVACY AND DATA

PROTECTION Advocate Prashant Mali is
A privilege to ensure one’s information online a Bombay High Court
constitutes information security. Such
Lawyer. His area of
practice is Cyber Law &
information could either be about an
Privacy. He is the Founder-
individual, undertaking, or even a government.
President of Law Firm
Following the definition of personal data laid Cyber Law Consulting
down by the European Union’s data protection (Advocates & Attorneys)
guidelines, “Information concerning an
identified and identifiable natural person” covers the scope of personal data. Hence, if
we follow this definition, the personal information provided by individuals during
biometrics would be included. But data put out through biometrics or for economic
purposes remains at risk in India since no legislation has been chalked out to protect
such personal data.

WHERE IT ALL STARTED

Recently, in the Lok Sabha, Member of Parliament Baijayant “Jay” Panda tabled the
Data (Privacy and Protection) Bill, 2017, proposing the right to privacy as a
fundamental right for Indian citizens.

This is not the first time a Bill proposing such a right has been laid down in
Parliament. As a matter of fact, Panda himself had presented a Bill in 2009 titled “The
Prevention of Unsolicited Telephonic Calls and Protection of Privacy Bill”, which aimed
at prohibiting unsolicited telephone calls by business promoters or individuals to
persons who didn’t want to receive such calls. It stated that every person shall have
the right to privacy and freedom to lead and enjoy his/ her life without any
unwarranted infringement. Apart from Panda, Rajeev Chandrasekhar (2010), Vivek
Gupta (2016), and Om Prakash Yadav (2016) have in the past introduced Bills
pertaining to citizens’ data privacy.

WHAT THE DATA (PRIVACY AND PROTECTION BILL 2017) PORTENDS

Data protection is a daily part of our lives. We come across data protection issues at
work, when browsing the Internet, while dealing with public authorities, when
shopping, when booking online tickets, etc. As digitization increases, more and more
data is being captured. How this data is used and held is becoming increasingly
important.

THE DATA (PRIVACY AND PROTECTION BILL, 2017)

1. Proposes Right to Privacy as Fundamental Right of citizens

2. Follows a right-based approach and demands the consent of individuals for

collection and processing of personal data

3. Gives final right to modify or remove personal data from any database, whether
private or personal, solely to an individual

4. Includes data collectors and data processors (defined) who ensure that they collect
and process data in a lawful and transparent manner

5. Creates obligation on data intermediaries to implement security measures to ensure

the security of the data collected

6. Lays down that in case of data breach, data intermediaries are mandated to inform
individuals in a fixed time period

7. Promotes creation of an end user-facing position of data protection officer for

grievance redressal, with a provision for appeal to the Data Privacy and Protection
Authority (DPPA)

8. Allows lawful interception and surveillance by the state for the purpose of National
Security
9. Authorizes DPPA to penalize, imprison, and order compensation for losses suffered
by private individuals against the government or any other private institution

10. May also engage in impact assessment, consultation, and inspection by the DPPA

RECENT DEVELOPMENTS
The Ministry of Electronics and Information Technology released a white paper by a
“committee of experts” led by former Supreme Court judge, Justice B. N. Srikrishna, on
a data protection framework for India.

The government had sought public comments till December 31, 2017 on the white
paper, which is aimed at securing digital transactions and addressing customer and
privacy protection issues.

Public discourse around data privacy is probably at its zenith in India today. As
digitization increases, large volumes of data are generated and there are no measures
that safeguard the privacy of this data nor regulate data retention by the platforms
collecting it. Hence, we are in need of a strong data protection law.

Data Privacy Law Has To Be In Tandem With The Aadhaar Act LEGAL ERA MAGAZINE
speaks to Advocate PRASHANT MALI, BOMBAY HIGH COURT, about data privacy, data
security and everything in between

LE: ACCORDING TO YOU, WHAT IS THE BASIC MEANING AND PURPOSE OF THE DATA
PROTECTION BILL, 2017?
This Bill grants a statutory Right to Privacy under Section 4. However, this Right to
Privacy is only pursuant to Articles 19 and 21. While a statutory recognition of the
Right to Privacy may be applauded for being a baby step in the right direction, it will
have to pass the test of reasonable restrictions when it is codified. The Bill aims to
define and protect the right to digital privacy and to constitute a Data Privacy
Authority to protect personal data. This Bill is an attempt at empowering citizens with
this right.
 LE: DO YOU FEEL THAT THE PRIVACY BILL IS
IN FAVOR OF THE MASSES OR DO YOU THINK
IT IS A POLITICAL AND INDUSTRIAL
GIMMICK? WHAT IS THE TERRITORIAL SCOPE
OF THE PRIVACY BILL, 2017? WHAT ABOUT
EXTRATERRITORIAL APPLICATION OF DATA
PROTECTION LAWS IN INDIA AS FAR AS THE
BILL IS CONCERNED? WHAT CATEGORIES OF
EXEMPTION CAN BE INCORPORATED INTO
THE DATA PROTECTION LAW?
The law must have extra-territorial effect
with respect to data of Indian residents, and
must provide appropriate redress mechanisms
for privacy violations outside India if the
infringer has a business presence in India.
The applicability of the law should be extra-territorial as it is as of now in the
penalties and liabilities prescribed under Section 43A and 72A of the IT Act, have also
been given extra-territorial applicability and would apply to contraventions committed
by non-Indian companies, irrespective of the nationality of the data subject whose
information is collected, processed or transferred. While the practical enforcement of
penalties against a company is unlikely where such company has no presence in India,
authorities may resort to other means, including blocking access to servers or
networks located in India in the event of repeated and significant contraventions or
failures by a company to comply with obligations under the Privacy Rules. Data
already in the public domain, anonymous data, data on deceased persons, journalistic
data, research data, historical data, data related to investigation, data related to
national security etc. should be exempt.

LE: WHAT ARE YOUR VIEWS ON CROSS-BORDER TRANSFER OF DATA?

I feel that transfer can only be to countries with a similar or comparative level of data
protection laws or having explicit treaties with India. The bill is silent on the issue of
data sovereignty, which has become a persistent issue in the wake of technology
enabling seamless moving of data across international borders. Covering this lacuna
along with addressing the collateral issue of data storage only can make it a
comprehensive privacy bill. Well defined provisions against the contractual
determination of governing law, jurisdiction and dispute resolution may be considered
to ensure that foreign entities comply with Indian law, and do not find ways of
working around it by way of contracts or by other means.

LE: CURRENTLY, THERE ARE A VARIETY OF LAWS IN INDIA WHICH DEAL WITH
PROCESSING OF DATA, INCLUDING PERSONAL DATA AND SENSITIVE PERSONAL
DATA. THESE LAWS OPERATE IN VARIOUS SECTORS, SUCH AS THE FINANCIAL
SECTOR, HEALTH SECTOR AND THE INFORMATION TECHNOLOGY SECTOR. SHOULD
THESE LAWS BE INSPECTED AND SUITABLY AMENDED BEFORE PASSAGE OF THE
DATA PROTECTION LAW, 2017?
All regulators currently have mandate for Privacy, in fact I have written a whole
research paper around it in the current issue of NUJS, International Journal of Law &
Privacy. I feel This Data Protection Law, 2017 or 2018 or 2019 whenever it is
incarnated should supersede The IT Rules, The Telecom Act & all other Regulatory
Privacy rules of all sectors. I feel the Aadhaar Act has more privacy provisions than any
other laws, how will they complement the new law is also to be seen.

LE: DO YOU THINK THAT THE LAW WILL BREAK THE IMPASSE AMONG LEGISLATORS
THIS TIME?
I am personally optimistic but the experience of legislators legislating and the history
of the same bill since 2006 is disheartening. Even though PM Modi and the Law
minister have taken all the right steps towards formulation of public opinion for the
bill, I feel the intelligence agencies and opposition political parties find no grounds for
the Law being made. I also feel defining Privacy would be a herculean task for
parliamentarians, moreover adding reasonable restrictions to the same would be
another issue. I wish the Hon. SC could have defined “Privacy” in its last Right to
Privacy Judgment then things could have been easy. I personally feel Privacy would be
like an obscenity which gets defined differently in different decades.

LE: WITH SECTION 33(2) OF THE AADHAAR ACT, THE STATE CAN CITE 'NATIONAL
SECURITY' AND ACCESS IDENTITY INFORMATION AND AUTHENTICATION RECORDS
OF CITIZENS. ISN’T THIS A BLURRING OF LINES BETWEEN 'DATA SECURITY' AND
'PRIVACY'?
Yes! it is. Data Privacy law has to be in tandem with Aadhaar Act and the state would
take this stand. If you look today as well, all states invade citizen’s privacy under the
garb of National Security. Section 33(2) of the Aadhaar Act is no different. I feel, as
India is drafting a brand new Law, it can take precautions to balance between Privacy,
National Security & Criminality.

LE: WHAT ACCORDING TO YOU SHOULD BE THE SAFETY GUIDELINES FOR PRIVACY
AND PEOPLE? WITH ADVANCING TECHNOLOGY AND EASY AVAILABILITY OF THE
DATA, HOW STRICT SHOULD BE A PRIVACY LAW IN THE COUNTRY TO CONTROL
DISRUPTION. YOUR OPINION PLEASE.
I strongly feel the last section of the Bill should have mentioned about the state’s role
in providing “Privacy literacy” related awareness and education to Indian citizens. I
feel until any state doesn’t inculcate Privacy culture among data users and make them
aware about safeguards, they will remain vulnerable. India is seriously late to protect
its data. We may be serious and may bring a law but are deficient and yet not ready
with technology to implement the same. The architecture must address the following
questions: how people give consent, how their data is released, how it is stored and
encrypted? When that data is given to another party for use, what is the criteria for
usage? Implementation of the said law cannot be overnight, it would need timelines
and meticulous planning in the Indian context.

Disclaimer – Statements and opinions expressed in this article are those from
the editorial and are well researched from various sources. The content in the
article is purely informative in nature.

RELATED POST
RADICAL CHANGE REQUIRED TO INDIA'S ANTI-CORRUPTION LAW GOOGLE-V-EQUUSTEK-SOLUTIONS-
TAKE INDIA TO THE NEXT LEVEL MUST TAKE CUES FROM ITS THE-COST-OF-DOING-BUSINESS
FOREIGN COUNTERPARTS

MOST READ
CAN OUR ANCIENT KNOWLEDGE OF AYURVEDA BE PROTECTED?

WARRANTY AND INDEMNITY INSURANCE IN INDIA

GETTING A PATENT ON YOUR INNOVATION

TOUGH EXIT FOR PE PLAYERS

RBI'S CHECKS AND BALANCES FOR NEW PRIVATE BANKS

"GOODS AND SERVICE TAX THE SEESAW PUZZLE"

FOLLOW US

PUBLICATION & ENQUIRIES

  +91 8879635570/8879635571

   editor@legalera.in

Contact Us | Marketing Services | About Legal Era | Membership | Privacy Policy

Copyright © 2017 Legal Media Group All Rights Reserved