In the digital age,
privacy has become an intensely discussed and debated topic. In India, we are
seeing that with the ongoing Aadhaar case in the Supreme Court, a new public
discourse has started around the issue of digital privacy, and where the law
currently stands on this subject.
The debate on privacy and data protection
has become a pressing issue as the constitutional bench of nine judges, headed
by the Chief Justice of India, is set to decide whether the right to privacy is
a fundamental right and a committee headed by former Justice B N Srikrishna has
been formed to suggest a draft Bill on data protection. It is in this series of
important events that may contribute to India’s focus on data protection that
the Data (Privacy and Protection) Bill, 2017, must be noted.
WHAT IS DATA
PRIVACY AND DATA PROTECTION?
A right to protect
one’s data on online platforms constitutes data privacy. Such data could either
be concerned with an individual, enterprise or even a government. Going by the
definition of personal data laid down by the European Union’s data protection
guidelines, “information concerning an identified and identifiable natural
person” covers the scope of personal data. Therefore, if we follow this
definition, the personal information provided by individuals during biometrics
would be included. But data put out through biometrics or for economic purposes
remains at risk in India since no legislation has been chalked out to protect
such personal data.
IT ALL STARTED?
Member of Parliament Baijayant “Jay” Panda
tabled the Data (Privacy and Protection) Bill, 2017 in the Lok Sabha recently,
proposing the right to privacy as a fundamental right for Indian citizens.
This is not the first time a Bill proposing
such a right has been laid down in Parliament. As a matter of fact, Panda
himself had presented a Bill dating back to 2009, titled ‘The Prevention of
Unsolicited Telephonic Calls and Protection of Privacy Bill’, which aimed at
prohibiting unsolicited telephone calls by business promoters or individuals to
persons who didn’t want to receive such calls. It stated that every person
shall have the right to privacy and freedom to lead and enjoy his life without
any unwarranted infringement. Apart from Panda, Rajeev Chandrasekhar (2010),
Vivek Gupta (2016) and Om Prakash Yadav (2016) have in the past introduced
Bills pertaining to citizen data privacy.
SIMPLE TERMS, WHAT IS THE DATA (PRIVACY AND PROTECTION BILL 2017) & WHAT
DOES IT INCLUDE?
Data protection is a daily part of our
lives. We come across data protection issues at work, when browsing the
internet, while dealing with public authorities, when we shop, when we book
online tickets, etc.
As digitisation increases more and more data is being captured .How this data
is used and held is becoming increasingly important.
(Privacy and Protection Bill, 2017)
1. has proposed Right to Privacy as
Fundamental Right of citizens.
2. follows a right based approach and demands the consent of individual for
collection and processing of personal data
3. gives final right to modify or remove personal data from any database, whether
Private or Personal solely to an individual
4. includes Data collectors and Data processors (Defined) who ensure that they
collect, process data in a lawful and transparent manner
5. creates obligation on data intermediaries to implement security measures to
ensure security of data collected
6. lays that in case of Data breach, Data intermediaries are mandated to inform
individuals in a fixed time
7. promotes creation of an end user-facing position of data protection officer
for grievance redressal, with a provision for appeal to the Data Privacy and
Protection Authority (DPPA)
8. lawful interception and surveillance by the state for purpose of National
9. authorises DPPA to penalize, imprison and order compensation for losses
suffered by private individuals against the Govt. or any other private
10. may also engage in impact assessment, consultation and inspection by the DPPA
The Ministry of Electronics and Information
Technology released a white paper by a “committee of experts” appointed led by
former Supreme Court judge, Justice B.N. Srikrishna, on a data protection
framework for India.
The government has sought public comments
till 31 December, 2017 on the white paper, which is aimed at securing digital
transactions and addressing customer and privacy protection issues.
Public discourse around data privacy is
probably at its zenith in India today. As digitization increases, large volume
of data is generated and there are no measures that safeguard privacy of this
data, nor regulate data retention by platforms collecting it. Hence, we are in
need of a strong data protection law.