Data Privacy and Data protection Law in India

Farha Kadir

In the world of the UN recognized 197 nations, only 49 countries including European Union, USA and Canada celebrate the Data Privacy Day. This wonderful day is celebrated on 28th of January to spread awareness and promote the privacy and data protection policies. It protects the personal rights of an individual to keep his life private and no one can disclose any information about any individual on any public forum without his consent.

This is one of the reasons why privacy policies of any application or a company can be upgraded for a nation like us, where all the choices that we do have is either accept and use the app or leave the app and move on. Such a situation recently led to mass movement to applications like signal and telegram as an alternative to WhatsApp. Why such a policy upgrade notification pops up in India and not in the USA or European Union. They are blessed with their data privacy laws. If there would have been a data privacy law in place similar to General Data Protection Regulation (GDPR), such a panic would never have been in place and such an upgrade would not concern any of the citizens.

We have fundamental rights to bring equality, protection from exploitation, right to life but till date India does not have a comprehensive legislation in place for data protection and privacy. It is hard to digest that there are just 12 nations across the world outside the European Union who has data protection laws, considered adequate by the European Union.

These 12 countries are USA, Canada, New Zealand, Switzerland, Jersey, Argentina, Isle of man, Andorra, Israel, Uruguay and Faroe Islands, Guernsey. Apart from these nations there are few other nations who have data protection laws like Japan, Hong Kong, China which are considered too inadequate to protect the personal information and data rights.

Do we have a law for data protection?

In the name of data privacy and data protection, all we have is the Information Technology Act of 2000. This act does not protect the data and personal information but provides a clause for compensation to the grieved and exploited individual.

Congratulations! If you have bags full of money, you have all the opportunity to use one’s personal data, abuse his or her data privacy and after the individual object just pay him or her compensation. All is well that ends well!

No wonder why we start getting ads of a product on social media platforms after we have spoken about it over a call or even discussed it in a closed room, shh!! Somebody is listening, the applications inside your mobile phone. Every time we install an application, we get a pop-up, “Accept and Continue” or “Back”. To use the application you got to agree on sharing your personal information or back and leave it.

After you have uploaded an image anywhere on the web, it’s so hard to get it removed, as in case take the example of Google, suppose you See your image on Google images and now you want to remove it off the web, it’s going to be a very tedious and painful task to remove it. All these IT giants and social media-based companies have been abusing our data privacy rights but what can we do about it? Nothing!

It is not like there have not been debates over these issues or discussions to make laws with respect to data protection and privacy. In a landmark judgement in Aug 2017 (Justice K.S Puttaswami & another Vs. Union of India)the Supreme Court of India held that the ‘right to privacy’ is a fundamental right guaranteed by Part III of the Constitution of India. In 2019, the “personal data protection Bill 2019” was introduced in the lower house of the Parliament by Mr. Ravi Shankar Prasad ,Minister of Electronics and Information Technology.

Inspired by the GDPR, this bill aimed at bringing a comprehensive and dedicated legal framework to India’s current data protection legislation. It seeks to cover mechanisms for protection of such personal data , expand the rights of the individual and also to establish a “Data protection authority of India” but alas!, the bill has been pending for nearly 2 years now and it’s all due to insufficient information.

There is much criticism and controversies with respect to the actual enactment and proper implementation of the final piece of legislation. The bill was criticised by Justice ...BN Srikrishna and he termed it as an attempt to turn the country into an ‘Orwellian State’ as it allows the centre to exempt the governmental agencies from data access restrictions.

In the era of high-technology artificial intelligence, where the head of the country is trying to bring everything on the digital forum, where all our bank data, personal biometrics, business data are lying on the internet servers and electronic devices without any basic data protection law.

In this digital Era where every information is available at the fingertips but in our country the bill is still pending in the legislature due to lack of information. The proposed bill has been still stuck in various parliamentary procedures and other sets of formalities. This can’t be incompetency, as our nation is going hand-in-hand with the world, be it in space, real estate infrastructure, telecom etc. still the lawmakers do not have enough information. However , the good news is that it has heightened awareness of data protection and privacy rights among the people and it is expected that it will soon see the light of the day.

It is obvious that our country desperately needs a strong data protection law in Correlation to everything getting digitized and over the Web, creating numerous loopholes for data breach and its abuse. The lawmakers need to take it on priority as the other nations and set up a proper infrastructure for data protection, so that every individual can go digital, in a hassle free and smooth manner without any hesitation.

Author can be mailed at farha.kadir@gmail.com