DATA PROTECTION AND IT LAWS

Rupreet Kaur Dhariwal

THE FUTURE OF PERSONAL DATA IN THE 21ST CENTURY IN INDIA

INTRODUCTION

The subject of privacy has been widespread globally. In recent years in the world of law, politics, and the business industry, and India has been no exception to the same. The right to privacy is a fundamental right under Article 21 of the Constitution of India, which establishes our fundamental rights.

Personal data and information provided or received in a spoken, written, or electronic form are not protected in India by a stand-alone personal data protection law. Though there are safeguards in place, they are scattered among a variety of regulations, standards, and recommendations.

The most important provisions are enumerated in the Information Technology Act 2000, as revised by the Information Technology Amendment Act, 2008, in conjunction with the Information Technology (Reasonable security practises and procedures) 2011 (SPDI Rules). It is the main law governing cybercrime and electronic commerce legislation in India. In the face of the increasing menace of data breaches, the demand for data protection Bill is being strengthened in the country by a dramatic increase in cyber-crimes. 

THE PERSONAL DATA PROTECTION BILL, 2019

The Ministry of Electronics and Information Technology (MEITY) formed a 10-member committee led by the retired Supreme Court Judge B.N. Srikrishna to make suggestions for a draft Bill on personal data protection after the Supreme Court’s landmark verdict in the supra case of Justice KS Puttaswamy, which held that privacy is a constitutional right. The committee delivered its report titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians” along with a draft bill on personal data protection after working on it for a year. On December 11, 2019, Mr. Ravi Shankar Prasad, Minister of Electronics and Information Technology, introduced the amended Personal Data Protection Bill, 2019 (Bill) in the Lok Sabha.

Both the Houses of Parliament recently granted the Joint Parliamentary Committee a fourth extension to submit its report on the Personal Data Protection Bill, 2019 (“PDP Bill”).  The earlier delay for submitting the report till the second half of the Budget Session was granted. Several news publications predicted a favourable draft report of the PDP Bill and its final draft during the Budget Session. Parliament, on the other hand, was adjourned sine die (no definite period) before Holi, bringing the Budget Session to an end sooner than anticipated.

SALIENT FEATURES OF THE ACT

(a) Government, any Indian enterprise, any Indian citizen, or any individual or entity constituted under Indian law;

(b) It will not, however, apply to data that is anonymized. In the context of personal data, anonymisation refers to any irreversible process of altering or converting personal data into a form in which a data principal cannot be recognised, as long as the procedure respects the Authority’s norms of irreversibility. The term “anonymized data” refers to information that has been anonymized.

  • Data is divided into three categories under the bill: personal data, sensitive personal data, and critical personal data.

(a) Personal data refers to information about an individual’s features, qualities, or attributes of identification that can be used to identify them, whether obtained online or offline.

(b) Sensitive and prone financial data, biometric data, caste, religion or political convictions, and any other type of data established by the government, in collaboration with the Authority and the relevant sectoral regulator, are all examples of personal data.

(c) Critical Personal Data includes whatever personal data as the Central Government may designate as important personal data.

WHAT DOES A NEW EXTENSION AND AN INDEFINITE DELAY IN ENACTING A PRIVACY LAW IMPLY?

While informational privacy is a low priority in the legislative order of business, government technology adoption is at an all-time high, and data-driven governance is growing more prevalent by the day, especially during the pandemic.

Although, the Government of India is taking efforts towards adopting the technology capacities it seeks, these initiatives are combined with the unrestricted collection of a largely unregulated stack of the citizens of India’s personally identifiable data.

According to the Government’s data presented in Parliament, India reported 1.16 million cyber security cases in 2020, which is three times more than in 2019. Allegations have recently appeared regarding the use of Pegasus spyware for spying purposes by a number of Governments. In India, it is unknown if the spyware was deployed by the Centre or by a third party. The Bill must account for the vulnerabilities to data security and privacy posed by modern surveillance technology.

DATA PROTECTION UNDER INTERNATIONAL LAW: DOES INDIA FIT THE CRITERIA?

The state must strive to “promote respect for international law and treaty responsibilities in the dealings of organised persons with one another,” according to Article 51 of the Constitution of India, which is a component of the Directive Principles of State Policy.

Privacy is a basic human right particularly recognised by Article 12 of the Universal Declaration and Article 17 of the International Civil and Political Rights Covenant (“ICCPR”). The ICCPR was referred to in the Protection of Human Rights Act in 1993 as an instrument for human rights, which requires states to take action to implement that right and to protect themselves against private intrusion.

In this information day and age, a solid and timeless legislation is vital for India that has the capacity to prove compliances that guarantee data being transferred from overseas. Specifically from the European Union (EU) and The United Kingdom (UK) areas which emerge as the global leaders on privacy and data protection regulations, such a rule is a forerunner to transparent transmission.

As a result, it is critical for India to establish a clear set of laws to ensure valid cross-border data transfers and to provide the same level of data protection to residents of India and other regions. A key change in global data protection law, in which the European Court of Justice overturned the EU-US privacy shield and read down the inviolability of standard contractual terms, has bolstered the necessity.

CONCLUSION AND THE WAY AHEAD

According to the Preamble, the bill protects individuals’ privacy in relation to their personal data, specifies the flow and usage of personal data, establishes a trust relationship between persons and entities processing personal data, and protects the rights of individuals whose personal data are processed in order to create a framework for organisational and technical measures.

The Bill also proposes to create a Data Protection Authority of India to address unlawful and harmful processing. The necessity to preserve privacy, as a matter of basic right and to show readiness to comply with generally accepted data protection standards within the world community, is of utmost priority, however, each of the efforts to modify, forms the building blocks for the enactment of the Personal Data Protection Bill (PDP).

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Articles
error: Copyright Protected