Data Protection Fallacies in India
Key aspects in the developing world are the advent of data technologies which in turn bring in a host of challenges associated with the transfer, storage, and use of the data of individuals. The development of Artificial Intelligence, 5G networks with high-speed data transfers, storage of digital files, digital healthcare, are some of the multitudes of developments appearing in waves globally as technology is found and improved upon. Therein, one of the key considerations globally is the provisions of a sufficient cover for the protection of an individual’s data. Currently, in the world, there is an unprecedented use of personal data, and subsequent recording of such data around the world, by governments, corporates, and other entities. The key instances highlighting the same can be the biometric and generic data of individuals stored by the Indian government in the form of Aadhar, in more common cases, it is the recording of details when you apply for a passport or pan card, the address you are filling into the online retailer website for buying particular goods , reflect just a few of the many instances where you are sending your data into the databases of various entities.
The response to the same can be highlighted by the developments on the Data Protection Regulations in the past decades with a keen focus on the General Data Protection Regulation (GDPR) in the European Union, one of the most robust data protection mechanisms currently. To this tune, the Personal Data Protection Bill 2018/2019, was introduced in the Parliament, recognising the lack of a specialised law that could shore up the lacking data protection laws and cyber laws in India, which are currently only serviced by the Information Technology Act 2000, and the Criminal Laws in India. Yet, with the introduction of the renewed 2019 bill, there has been much hue and cry over the ambit of protection effectuated to the private individual in actuality.
The act has highlighted the challenges which could develop when proper considerations are not provided to the proposed legislations in this field. The bill itself proposes the formation of a Data Protection Authority in India which has been afforded unprecedented discretionary powers for the adjudication of any problems regarding the storage of data by the data fiduciaries, and the processing of data by both Indian and foreign groups. However, the act though explicitly talking about the application of security, has no proper ambit of the Right to Privacy associated with it. Privacy is an important concern and has been affirmed by the Apex Court of the country too, but the law itself is insufficient to address the concerns that the society raises on these issues. The Data Protection authorities' unbridled ability and use is not the only problem which can be summed up from the bill.
The government has seemingly brought out regulatory mechanisms as well as compensatory and penal provisions in order to safeguard the secure personal data of the data principal . Yet, it is important to highlight that there is no real check as to how the government itself stores and utilises the data. The exemptions provided under the act, which allow the government to record the personal data of individuals without their explicit consent, as has been highlighted in many parts of the act, is one of grave concern. The government has been allocated the means to take data on the requirements of interests of the nation, and the relations with “foreign powers” but till the extent to which the government is thus allowed to take this data is ambiguous. Are there any provisions for the collected data to be removed from the governments database if the need subsides? What are the considerations that need to be made with the advent of media channels which can be mass surveyed by the government? These thought invoking questions have been smartly left out in the open for the interpretation from the mass public, wherein the government can be clearly seen to have the ability to use their discretion towards the collection of the data of any individual in the country, as well as maybe the data which is brought into the country for transactions based in India, by foreign groups. These aspects are definitely required to be further debated and addressed in this act, considering the blatant aberrations possible through the powers thus accrued.
In conclusion, there are many aspects of the act which require to be readdressed. The considerations of the Right to Privacy debate, and the requirements of overriding guiding mechanisms for prevention of misuse of the power allotted to the government are required to be provided. The proper channels need to be provided for the discussion of the lapses in the bill with key figures in the data protection regime. While the bill remains focused on implementing aspects of the GDPR it should also apply provisions to sustain the robust protection mechanisms available to the individuals in the EU. New initiatives and developments are also rampant in the technology world. This includes the advent of technologies like Artificial Intelligence and aspects of storage and processing like Big Data. These aspects must be considered in advance for the upcoming legislation, which will be definitely harder to update than the emerging trends with technological advances in the world. Some individuals also weigh in that it is their right to have their stored personal data stored to be removed. This has been a hotly debated , with focus on the Right to be Forgotten. This topic however is unaddressed and still in objectivity, in the developmental phase of Data protection regulations in India. However, in the future the country will have a Data Protection bill, it would be a forward step into uncharted and confusing territories. In hope, these lacunae and advancements are addressed in iterations of the law, from which robustness is necessary, to sustain community and security of individuals.
PRS Legislative Research; ‘The Personal Data Protection Bill, 2019’ <https://www.prsindia.org/billtrack/personal-data-protection-bill-2019> [Last Accessed on 19th of July 2020]
Angelina Talukdar; ‘India: Key Features Of The Personal Data Protection Bill, 2019’ <https://www.mondaq.com/india/data-protection/904330/key-features-of-the-personal-data-protection-bill-2019> [Last Accessed on 19th of July 2020]
‘Data Privacy Bill 2019: All you need to know’ <https://www.pwc.in/consulting/cyber-security/data-privacy/personal-data-protection-bill-2019-what-you-need-to-know.html> [Last Accessed on 19th of July 2020]
Prasanna Mohanty; ‘Personal Data Protection Bill 2019: Unrestrained power to central government may undermine privacy’ <https://www.businesstoday.in/current/policy/personal-data-protection-bill-2019-central-government-power-may-undermine-privacy-of-citizens-people/story/392186.html> [Last Accessed on 19th of July 2020]
Arun Prabhu; ‘The Personal Data Protection Bill, 2019: An Analysis’ <https://corporate.cyrilamarchandblogs.com/2019/12/personal-data-protection-bill-2019-analysis-india/> [Last Accessed on 19th of July 2020]
Anirudh Burman, Suyash Rai; ‘What Is in India’s Sweeping Personal Data Protection Bill?’ <https://carnegieindia.org/2020/03/09/what-is-in-india-s-sweeping-personal-data-protection-bill-pub-80985> [Last Accessed on 19th of July 2020]
Anirudh Burman; ‘Will India’s Proposed Data Protection Law Protect Privacy and Promote Growth?’ <https://carnegieindia.org/2020/03/09/will-india-s-proposed-data-protection-law-protect-privacy-and-promote-growth-pub-81217> [Last Accessed on 19th of July 2020]
‘Data Protection Bill, 2019’ <https://www.lexology.com/library/detail.aspx?g=147e3531-3445-4c64-b944-a3933ee195c4> [Last Accessed on 19th of July 2020]
Apar Gupta; ‘The Data Protection Bill only weakens user rights’ <https://www.thehindu.com/opinion/lead/the-data-protection-bill-only-weakens-user-rights/article30405339.ece> [Last Accessed on 19th of July 2020]