29 March 2021
India’s rapid growth in terms of technology, economy and other factors has brought out the issue of Data Privacy and Protection. India so far has lacked any substantive legislative framework focusing primarily on Data Privacy and Protection. The need for this Legislature prompted the government to form a committee of experts to draft a data protection Bill and the first bill in the year 2006 was based on European framework of European data privacy directive 1996.
Existing legislative safeguards
Data protection safeguards in India are mainly provided by the Information Technology (IT) Act, 2000. IT Act, 2000 and IT Rules (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), 2011, together provide the basic legislative safeguards for data security, privacy and protection in India. The sections 43A and 72A were added by the amendment of IT Act, 2008. Section 43 and 43A of IT Act deals with unauthorized access of information and leakage of sensitive personal information along with the compensation to be paid to the victims in case of such breach of data. Cyber Appellate Tribunals have been set up to deal with such cases and various other breaches under the IT Act under Section 48. Section 72 of the IT Act deals with disclosure of information which is in breach of a contract and punishment for it, which may be imprisonment for a term which may extend to 3 years or with fine upto 5 lakh rupees or both.
Judicial Safeguard following the AADHAR Judgement
Data protection was first recognized by the Supreme Court in the year 2017 in the case of Justice KS Puttaswamy v. Union of India, widely known as the Aadhar Judgement. The court felt the need for a strong data protection law and demanded the government to enact the same, as the existing safeguards were not sufficient enough. The court further recognized the various principles of data protection which are data retention, data minimization, purpose limitation and data security for the purpose of enactment of a proper legislation on data protection which should conform with the right to privacy of the individual. The Judgement had made a remarkable impact on the Indian Data Protection systems from where the Personal Data Protection Bill, 2018 was carved out.
The government appointed the committee of experts headed by retired Chief Justice BN Srikrishna in the year 2017 for Data Protection Bill. The committee submitted the draft of the Personal Data Protection Bill in the year 2018. The said bill was presented in the Lok Sabha recently in December 2019 for discussion and approval. The bill has been criticized by many on various grounds. The bill has been termed as a regressive bill which is giving personal data of people in the government. The bill characterizes data on the basis of three categories which are:
The following sections of the clause makes the PDP, 2019 proposal open ended wherein the government can have access to certain data:
The 2018 draft remained silent on what considerations the government will factor for classifying critical data.
A Concluding Note
According to the Supreme Court in the Puttaswamy judgement (2017), the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy, whereas the growth of the digital economy is also essential to open new junctures of socio-economic growth. In this context, the government policy on data protection must not dissuade framing any policy for the growth of the digital economy, to the extent that it doesn’t infringe on personal data privacy.
Treelife Ventures Services Private Limited.
All Rights Reserved. © 2022.