PERSONAL DATA PROTECTION LAW IN INDIA

INTRODUCTION

The right to privacy in embedded under Article 21 of the Indian Constitution, which guarantees the term “Privacy” cannot be conceptualised in a definite and strict sense. Article 21 is dynamic in nature and it has been recognised by law of torts, criminal law, cyber law and property law as well. Even though this right seems to be an intrinsic part of an individual life, but before 2017 it was not even considered to be a fundamental right.

It was via the efforts of judiciary that payed attention towards ‘Right to privacy’ specifically in the case of K.S. Puttaswamy v. Union of India[1] and due recognition was given to it. The right has been given importance not only on national level but also internationally via various conventions.

WHAT IS RIGHT TO PRIVACY ?

Before understanding as to what “Right to Privacy is ?”, we should first look into the meaning of the term ‘privacy’. Privacy means “the condition or state of being free from public attention to intrusion inter or interference with one’s acts or decisions.”

Now, coming to the definition of ‘Right Of Privacy’, according to Black’s Law Dictionary “The right to be let alone and the right of a person to be free from any unwarranted interference”.

Right to privacy guarantees our right to personal autonomy and right of a person and person’s property to be free from unwarranted public scrutiny or exposure. Any intrusion or exploitation of one’s privacy can be inferred as ‘Invasion of privacy’.

The main aim of this right is to protect personal writing and products form theft and misuse and publication of the same against the will of that person. In the current age when the technology is constantly changing  and advancing the threat to an individual’s privacy has increased in an alarming rate. Thus, right to privacy needs be seen in a much wider sense and from a different point of view of it being a basic human right in today’s time.

INDIA’S TAKE ON RIGHT TO PRIVACY

India came to recognise Right to privacy as a fundamental right slowly and steadily. Right to privacy is an amalgamation of constitutional, customary and common law. The debate over has been going on for a long time.

The question regarding ‘Right to Privacy’ in judicial context was first raised in M.P Sharma v. Satish Chandra[2], in which the eight – judge bench held that “there is no right to privacy enshrined within the Constitution of India”. The same decision was given in Kharak Singh v. State of Uttar Pradesh[3], by the six Judge bench. Now, if we talk about the these cases in brief, M P Sharma case was majorly about self-incrimination and observation regarding Right to Privacy was made as a Passing judgement. In the other case, the judgement was found to be confusing as on one hand, they said that intrusion into a person’s home is violative of that person’s personal liberty and on the other, they emphasised that there is no right to privacy in our constitution. This create a lot of confusion for courts dealing with similar issue in the future.

It was finally in the case of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors., in the concerned case, a  91 year old retired judge challenged the Union Of India to determine whether ‘right to privacy is a fundamental right guaranteed by the constitution.

This particular case was concerned with the government’s Aadhar scheme, a uniform Biometric system which was made mandatory to avail government services. This scheme according to petitioner violated people’s fundamental right to privacy which was a fundamental right guaranteed under Article 21. Accordingly, the nine-judge bench overturned the decision taken in M.P Sharma case and unanimously agreed that ‘Right to Privacy’ is a fundamental right guaranteed under Article 21 of the Indian Constitution.

RECENT DEVELOPMENT: PERSONAL DATA PROTECTION LAW

In today’s world where most of the people are using the internet or where the governments are performing most of their day to day function over online  platform, the need to protect personal data is of high importance. India lacked in having legislation for the protection of privacy and data security.

India usually wakes up to the quotidian episode of data leak or data infringement which is not a new phenomenon. If we compare personal data is way more important to a country than oil as it contains sensitive information not only regarding country’s finances and security but also of separate individuals which can be exploited by others. Internet has become a basic necessity of every individuals life just like food, water, air and shelter. In today’s world people tend knowingly or unknowingly tend to share their personal data, which in turn helps in smooth functioning of global network. But at times due to certain loophole people tend to steal this data for unlawful purposes causing data theft. The objective of moulding Personal Data Protection act was to make sure that an individual’s ‘Right to Privacy’ is not infringed under Article 21 as conceptualized in Puttaswamy case. It was the decision in this case which led to the drafting of the Personal Data Protection Bill 2018 and 2019.

MEANING

Personal data refers to the combination of information relating to a natural person. According to the European Commission personal data is defined as “the information that relates to an identified or identifiable living being. It is considered the most sensitive form of information about the identity of a person and needs a very strict form of invigilation as a safeguard.” Therefore, the idea of personal data protection was ` to keep the data secure from any kind of breach. Data protection refers to “the policies and procedures seeking to minimise intrusion into the privacy of an individual caused by collection and usage of their personal data and is need of the hour.”

PERSONAL DATA PROTECTION BILL, 2019

Being inspired from GDPR (General Data Protection Regulation) of the European Union (EU), the government proposed the Personal Data Protection Bill (PDP Bill) in the year 2019.   It was governed by IT Protection Act, 2000 and rules provided thereunder. It is governing the processing of personal data by the government, companies incorporated in India and foreign companies dealing with personal data of individuals in India. Further it has given utmost importance personal data classified as sensitive. Public data is available to public at large on their fingertips, such as name, age, occupation, etc., can be gathered easily. But Private data is a Private Property that cannot be dissipated from Sources without prior

consent from an individual. Examples are Health Records, Religious beliefs and financial information etc.

After the landmark judgement given in the Puttaswamy case, the Ministry of Electronics and Information Technology (MEITY) formed a committee of 10 members being lead by judge B.N Srikrishan for drafting a bill for protection personal data . Ater a year they submitted, their report titled as, ‘“A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians ” along with the draft bill on personal data protection. The bill was introduced to Lok Sabha by Mr. Ravi Shankar Prashad, current law minister and minister of Electronic and information and technology. Later, the Bill, was referred to Joint Parliamentary Committee (JPC) on 12th December, 2019 for recommendations. The JPC’s report, after timeline extensions granted, is now due to be submitted to the Parliament, tentatively during the Budget Session of 2021.

KEY HIGHLIGHTS OF THE BILL

  1. Applicability of the bill : the bill emphasised on the fact that its application is dependent on processing of personal data and not on territorial boundries.Also, under section 96 of the bill emphasised on the fact that the bill will prevail over inconsistent laws.
  2. Data Retention : the bill requires that after the period of the for it purpose of processing and conclusion is over the data needs to be deleted. Also, it for longer retention express consent is a must.
  3. Social Media Intermediaries : The bill identifies the intermediaries who enable online interactions between individuals possible. It identifies their role in providing a voluntary user verification mechanism for users in India because they can effect the electoral democracy of a country.
  1. Grounds for processing personal data: The Bill allows data processing  by fiduciaries only if there is consent by the concerned individual. But, in certain cases, personal data can be processed without consent.  These include: (i) if required by the State for providing benefits to the individual, (ii) legal proceedings, (iii) to respond to a medical emergency.
  2. Sharing of Non-personal Data of the Government : the government for certain purposes can ask fiduciaries to provide (i) non-personal data and (ii) anonymised personal data (where it is not possible to identify data principal) for better targeting of services.
  3. Exemptions: “The central government can exempt any of its agencies from the provisions of the Act: (i) in interest of security of state, public order, sovereignty and integrity of India and friendly relations with foreign states, and (ii) for preventing incitement to commission of any cognisable offence (i.e. arrest without warrant) relating to the above matters. Processing of personal data is also exempted from provisions of the Bill for certain other purposes such as: (i) prevention, investigation, or prosecution of any offence, or (ii) personal, domestic, or (iii) journalistic purposes.  However, such processing must be for a specific, clear and lawful purpose, with certain security safeguards.”
  4. Offences: “ Offences under the Bill include: (i) processing or transferring personal data in violation of the Bill, punishable with a fine of Rs 15 crore or 4% of the annual turnover of the fiduciary, whichever is higher, and (ii) failure to conduct a data audit, punishable with a fine of five crore rupees or 2% of the annual turnover of the fiduciary, whichever is higher.  Re-identification and processing of de-identified personal data without consent is punishable with imprisonment of up to three years, or fine, or both.”

SHORT-COMINGS OF THE BILL

The data Protection bill is something which the general public has longed for, thus the coming up of data protection bill is a welcome step towards protection of one’s privacy from being evaded on online platform. But so, the bill is not free of loopholes.

  1. The bill only weaken the right of individual as the government has the ultimate power to have access to personal data .Also, there has been no procedure prescribed for the same .
  2. With the changing political scenario of the State, the need for India to become a surveillance has emerged. Hence, making it impossible for individuals to have their privacy.
  3. The controversial provision under section 13 enables the state to process the personal data of an individual without his consent for employment purposes. This provision is in contradiction to the goals of the bill itself as it aims to protect personal data theft. Thus, it is the state here who is violating the citizens right to privacy.
  4. It is well laid out fact that a superior power is the necessity for an organisation to carry out work smoothly but on the contrary the Bill doesn’t provide a fair selection of the members of the authority. According to the B N Krishna committee, “the process for the formation of the DPA (Data Protection Authority) would comprise not only from the executive but also outside the executive group. On the other hand, the government’s power to appoint and remove members at its discretion also stokes fears about its ability to influence this ostensibly independent agency. Thus, making the Bill undemocratic in nature”.
  5. Section 25 of the Bill is a disappointing provision as it states that the discretion of the Data Protection Authority would be given more importance when an individual has to be informed about the breach of his/her data. This provision states that the Data Protection Authority would exercise more power on an individual’s personal data than the individual himself.

CONCLUSION

In conclusion, even though Data Protection Bill,2019 is a welcome step towards securing individuals ‘Right To Privacy’, which came in the wake of the judgement passed in Puttaswamy case. But there are certain loophole of anomalies which exist in the current bill, which need to be taken into consideration as if not taken care of the result will be completely opposite of what is desired. Thus, infringing individuals fundamental right.

Therefore, the esteemed committee lacked interdisciplinary approach and far- sightedness leading to major pit falls in the Bill. “India is ranked among the 15 least cyber-secure countries in the world from the list of 60 countries”. If amend are not made to make India a cyber-friendly nation and to protect personal data from being exploited even from our own government, even the incorporation of the bill in the legal framework would not save its grace.

REFERNCES

  1. https://www.natlawreview.com/article/privacy-and-data-protection-india-wrap-2020
  2. https://indianexpress.com/article/opinion/columns/personal-data-protection-bill-2019-privacy-laws-7135832/
  3. https://www.livelaw.in/breaking-right-privacy-fundamental-right-sc/
  4. https://www.thehindu.com/opinion/lead/the-data-protection-bill-only-weakens-user-rights/article30405339.ece
  5. http://www.legalserviceindia.com/legal/article-676-legal-analysis-of-right-to-privacy-in-india.html
  6. https://www.legalbites.in/evolution-right-privacy-india/
  7. https://www.mondaq.com/india/privacy-protection/880200/the-personal-data-protection-bill-2019-key-changes-and-analysis

[1] WRIT PETITION (CIVIL) NO 494 OF 2012

[2] 1954 AIR 300, 1954 SCR 1077

[3] 1963 AIR 1295, 1964 SCR (1) 332

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.