Data Protection Bill: To be or not to be passed?

Everybody today uses the internet for all sorts of things like bank transfers, bill payments, verifications, etc which means that there is lot of personal data on online resources which can be easily exploited by others. This calls for a data protection law that can make sure that such personal data is protected and thus this blog.

Data privacy and data protection basically refer to the right to protect one’s data on online platforms. Such data could either be concerned with an individual, enterprise, or even a government. The definition of personal data laid down by the European Union’s data protection guidelines, “Information concerning an identified and identifiable natural person” covers the scope of personal data. Therefore, by this definition, the personal information provided by individuals during biometrics would be included. But data put out through biometrics or for economic purposes remains at risk in India since no legislation has been chalked out to protect such personal data. the article discusses the need for a Data protection bill.

The data protection bill in India is currently facing many problems due to the absence of a proper legislative framework. There is a strong explosion of cybercrimes on a global scale. The theft and sale of stolen data are happening across vast continents where physical boundaries pose no restriction or seem non-existent in this technological world India is the largest host of outsourced data processing in the world could become the base of cybercrimes which is mainly the due absence of the appropriate legislation. The Data Security Council of India (DSCI) and the Department of Information Technology (DIT) must also rejuvenate its efforts in this regard on similar lines. However, the best solution can come from good legislative provisions along with suitable public and employee awareness. It is high time that we must pay attention to Data Security in India. Cyber Security in India is missing. And by creating awareness it will lead to a good result, for that measures should be taken.

Indian companies in the IT and BPO sectors handle and have access to all kinds of sensitive and personal data of individuals across the world, including their credit card details, financial information, and even their medical history. These Companies store confidential data and information in electronic form and this could be vulnerable in the hands of their employees. It is often misused by some elements among them. There have been instances of security breaches and data leakages in high profile Indian companies. The recent incidents of data thefts in the BPO industry have raised concerns about data privacy.

Also Read  Euthanasia: A Deep Analysis of Right to Die

There is no express legislation in India dealing with data protection. Although the Personal Data Protection Bill was introduced in Parliament in 2006, it is yet to see the light of day. The bill seems to proceed on the general framework of the European Union Data Privacy Directive, 1996. It follows a comprehensive model with the bill aiming to govern the collection, processing, and distribution of personal data. The bill is clearly a step in the right direction. However, due to the lack of information, the bill was still pending.

In a landmark decision, the Supreme Court on 24th August 2017,  unanimously declared that the right to privacy was a fundamental right under the Constitution. A nine-judge Constitution bench headed by Chief Justice JS Khehar ruled that “right to privacy is an intrinsic part of Right to Life and Personal Liberty under Article 21 and entire Part III of the Constitution”.

The ruling on the highly contentious issue was to deal with a batch of petitions challenging the Centre’s move to make Aadhaar mandatory for availing the benefits of various social welfare schemes.

While the Centre had argued that right to privacy is not a fundamental right, the petitioners had contended that when a citizen gives his biometrics and personal details to the government and when in turn it is used by commercial organizations, it is a breach of privacy.

The judgment was limited to the issue of the right to privacy and the question whether Aadhaar violates right to privacy will be dealt with the five-judge bench which has been hearing the petitions since 2015.

In this landmark judgment, other members of the bench comprising Justices J Chelameswar, SA Bobde, RK Agrawal, RF Nariman, AM Sapre, DY Chandrachud, SK Kaul and S Abdul Nazeer also shared the same view. The nine judges unanimously overruled the two earlier judgments of the apex court that right to privacy is not protected under the Constitution. Finally, Right to privacy deals as a fundamental right.

Also Read  International Institutional Mechanism for addressing Gross Human Rights Violation

After a lot of debate regarding data privacy and protection, as the constitutional bench of nine judges, headed by the Chief Justice of India, is set to decide whether the right to privacy is a fundamental right and a ten-member committee headed by former Justice BN Srikrishna includes representatives from the department of telecommunications (DoT), the IT ministry, the Unique Identification Authority of India (UIDAI) and the academic community will not only study the various issues around data protection in India but will also draft a data protection bill that will be taken up for consideration by the Centre. The Bill was introduced as a Private Member’s Bill in the Lok Sabha in July 2017.

The Data (Privacy and Protection) Bill, 2017, grants a statutory Right to Privacy under Section 4. However, this Right to Privacy is only pursuant to Articles 19 and 21. It is critical to appreciate the dangers of linking the same with Fundamental Rights under Articles 19 and 21, as the contours of the Right to Freedom of Speech and Expression and the Right to Life are malleable and done by the decisions of the judiciary, keeping the socio-political reality of a period in mind. However, it is seen that this Bill applies not only to private corporations or body corporate but is equally applicable to state entities, government agencies or any other persons acting on their behalf.

Individual profiling has been prohibited by the Bill and any instance of profiling would amount to an invasion of a person’s Right to Privacy. However, with respect to sensitive, personal data, Section 20(2) provides that no sensitive data shall be processed for any other purpose apart from its intended use but can be used by welfare schemes and social protection laws. Hence, this would imply that the Aadhaar scheme of BHIM (Bharat Interface for Money) would also have access to a person’s personal, sensitive information.

Also Read  Consequential Crimes by Pandemic

Lastly, the bill has made all offenses related to the breach of privacy of an individual. If there would be a violation of the right of an individual, it will be seen in a wide manner. As now Right to privacy is a fundamental right.

Also read Analysis of the Citizenship Amendment Bill 2016 w.r.t. Religion