Data Protection Fallacies in India

Updated: Aug 24, 2021

Key aspects in the developing world are the advent of data technologies which in turn bring in a host of challenges associated with the transfer, storage, and use of the data of individuals. The development of Artificial Intelligence, 5G networks with high-speed data transfers, storage of digital files, digital healthcare, are some of the multitudes of developments appearing in waves globally as technology is found and improved upon. Therein, one of the key considerations globally is the provisions of a sufficient cover for the protection of an individual’s data. Currently, in the world, there is an unprecedented use of personal data, and subsequent recording of such data around the world, by governments, corporates, and other entities. The key instances highlighting the same can be the biometric and generic data of individuals stored by the Indian government in the form of Aadhar, in more common cases, it is the recording of details when you apply for a passport or pan card, the address you are filling into the online retailer website for buying particular goods , reflect just a few of the many instances where you are sending your data into the databases of various entities.

The response to the same can be highlighted by the developments on the Data Protection Regulations in the past decades with a keen focus on the General Data Protection Regulation (GDPR) in the European Union, one of the most robust data protection mechanisms currently. To this tune, the Personal Data Protection Bill 2018/2019, was introduced in the Parliament, recognising the lack of a specialised law that could shore up the lacking data protection laws and cyber laws in India, which are currently only serviced by the Information Technology Act 2000, and the Criminal Laws in India. Yet, with the introduction of the renewed 2019 bill, there has been much hue and cry over the ambit of protection effectuated to the private individual in actuality.

The act has highlighted the challenges which could develop when proper considerations are not provided to the proposed legislations in this field. The bill itself proposes the formation of a Data Protection Authority in India which has been afforded unprecedented discretionary powers for the adjudication of any problems regarding the storage of data by the data fiduciaries, and the processing of data by both Indian and foreign groups. However, the act though explicitly talking about the application of security, has no proper ambit of the Right to Privacy associated with it. Privacy is an important concern and has been affirmed by the Apex Court of the country too, but the law itself is insufficient to address the concerns that the society raises on these issues. The Data Protection authorities' unbridled ability and use is not the only problem which can be summed up from the bill.

The government has seemingly brought out regulatory mechanisms as well as compensatory and penal provisions in order to safeguard the secure personal data of the data principal . Yet, it is important to highlight that there is no real check as to how the government itself stores and utilises the data. The exemptions provided under the act, which allow the government to record the personal data of individuals without their explicit consent, as has been highlighted in many parts of the act, is one of grave concern. The government has been allocated the means to take data on the requirements of interests of the nation, and the relations with “foreign powers” but till the extent to which the government is thus allowed to take this data is ambiguous. Are there any provisions for the collected data to be removed from the governments database if the need subsides? What are the considerations that need to be made with the advent of media channels which can be mass surveyed by the government? These thought invoking questions have been smartly left out in the open for the interpretation from the mass public, wherein the government can be clearly seen to have the ability to use their discretion towards the collection of the data of any individual in the country, as well as maybe the data which is brought into the country for transactions based in India, by foreign groups. T