Author - R P Vats
Data protection of an individual is highly looked-for as India is rapidly transforming with the application of the cutting edge technology in every sector. India is taking its preliminary step towards drafting its first Data Protection Bill which was submitted to the government. On January 2019, Ravi Shankar Prasad, the Union Minister of Electronics and Information Technology had informed the government that the data protection law has been finalized and very soon it shall be presented in the parliament.
However, there were no specific data privacy laws in India to protect an individual’s privacy in the digital age. The Information Technology Act, 2000 (IT Act), contains provisions relating to cyber and related IT laws in India and outlines the scope of access that an individual might have to on data stored on a computer, computer system or computer network, but the provisions of the IT Act does not address the requirement for a stringent data protection law to be in place.
The Information Technology Act, 2000 has amended its provisions in order to meet challenges in cybercrime; however the amended Act is yet to come into force. The amendment has inserted two important provisions, which are sections 43A and 72A, which provided a right to compensation for improper disclosure of personal information. The Government had also issued the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under Section 43A of the IT Act. These rules had enacted additional requirements on commercial as well as business organizations in India regarding the collection and disclosure of sensitive personal data which have a number of similarities with the GDPR and the Data Protection Directive. Even though these rules were issued in 2011, there are no such examples of any implementation action which has taken place under these.
The Supreme Court in a landmark ruling Justice K.S Puttaswami & another Vs. Union of India, on Privacy in 2017 had ruled that privacy is a fundamental right, though it is not absolute. The judges of the Supreme Court held that the right to privacy was an intrinsic part of Article 21 that protects life and liberty. The judgement came out as a blow to Aadhaar as it limited the use of Aadhaar, for only welfare payments or for the filing of IT returns in 2018.
The Supreme Court held in the landmark judgement that every individual must possess the right to control commercial use of their identity and that the right of individuals towards exclusively commercially exploit their identity and personal data, to control the data that is available on the internet about them and to disseminate certain personal data for limited purposes alone comes from this right. This is the very first time that the Supreme Court has explicitly recognized the right of individuals on their personal data.
The government of India has set up a committee for considering the issues regarding data protection in India and recommends a draft statute on data protection. The above ruling by the Supreme Court is a vital milestone in the discourse on privacy as well as data protection in India.
The cases concerning sharing of user data by WhatsApp with Facebook and the other regarding collection of personal data (which includes biometric data) as part of implementing Aadhar, a government project for providing unique identification to every citizen is pending before the Supreme Court, and now it shall be decided by the application of the principles articulated in the Privacy Judgement and would shape the law regarding protection of personal data which includes enforcing it against private entities.
At present the requirement for a thorough and detailed data protection law has been recognized by the Government of India. The proposed Data Protection Bill 2018 is suggested to set the consent of the individual on the most important factor for data sharing. The bill states the right to privacy is a fundamental right and unless the users have furnished their consent explicitly, the personal data related to that individual shall not be shared or processed. The bill’s order relating to the data localization is going to be the most awaited as well as watched provisions by the tech corporations globally.
The proposed data protection bill which is about to be presented in the parliament very soon would also discuss about the concerns related to data privacy and data protection in India. However the Bill is required to focus on the loopholes of the existing data protection system prevailing in India and understand the requirement of an appropriate mechanism for a digitized India. The privacy of individuals has been one of the core assets of the evolving era of digitalization, the data protection Bill effective implementation would require to maintain a balance and chord between a right to privacy of an individual and easiness of carrying out business in India.