Oil was once considered the ‘black gold’ by mankind but with the advent of the new wave of industrialization and the advancement in technology, the title could be rephrased into ‘binary gold’. It is safe to say that data in the form of 0s and 1s is the new fuel for the digital economy and digital lives. As India powers into the information era, the policy makers are confounded with the regulation of the use of personal data and information. In the Year 1997, the Supreme Court of India in it’s Judgement of People’s Union of Civil Liberties v. Union of India had laid down the framework of right to privacy in Indian context and after 20 years of that judgement, the Supreme court in its judgement of KS PUTTASWAMY V. UNION OF INDIA has declared right to privacy as an fundamental right. However Supreme court’s judgement even after two years has not led to much into development of protection of data, and India’s inability to regulate the personal data. In India there are no specific law or legislation which are protecting data, but there are some legislations and rules enacted for the same which cover this subject. The Constitution of India grants privacy of data via right to privacy which has been held as an intrinsic part under article 21 of the constitution. The term “RIGHT TO PRIVACY” has been subject to Judicial Interpretation and it is not clear nor explicitly defined anywhere. The term right to privacy can be traced back to British era where the privacy of Paradeneshi women was kept in mind. The existing legal framework has recognized rights of citizens and no one can violate it, it also has stated that even state cannot violate this right of citizens except due procedure of law.
The term data protection and data privacy are interconnected and are often used interchangeably. Data privacy has been recognized under article 21 of the constitution of India and it has been even recognized under Universal declaration of Human rights and International Covenant on Civil and Political rights, Data protections is a mechanism to secure data which cannot be accessed by any third party without the consent of the owner. Data protection does not ensures that it is a data privacy because it protects data from third party, also data protection without privacy is not really possible because privacy gives control over your data and protection ensures that it is not used for any illegitimate purposes. Data privacy mainly focuses on regulation which controls the data shared with any entity, privacy also ensures that the given information is not being sold online, while protection focusses on keeping information in safe hands.
EVOLUTION OF RIGHT TO PRIVACY
The Supreme Court in the case of M.P. Sharma and Ors. v. Satish Chandra had dealt with the question whether the “Right to Privacy” is an fundamental right or not. It was Challenged in this court that warrant which is issued under section 94 and 96(1) of Code of Criminal Procedure is violating right to privacy of a person or not. The Supreme Court held that power of search and seizure does not contravene privacy. In the case of Govind v. State of Madhya Pradesh, it was held by supreme court that the police regulation are not in conformity with personal freedom of people and right to privacy is an fundamental right. In the landmark Judgement of KS puttaswamy which declared right to privacy as a fundamental right had empowered the citizen to seek judicial relief in cases where data privacy rights are breached?
LAWS GOVERNING DATA PROTECTION
The Indian Government had recently passed the personal data protection bill 2019. The absence of a comprehensive data protection legislative framework has been a point of concern for India. At present, section 43A of the Information Technology Act, 2000 and the Sensitive Personal Data Rules, 2011 govern the personal data protection mechanism in India. The present Sensitive Personal Data Rules, 2011 and Information Technology Act, 2000 based legal framework are ineffective in regulating and protecting data protection. The Personal Data Protection Bill 2019 is a basis on the report of committee chaired by retired Hon’ble Justice B.N Srikrishna, which is same in line with General Data Protection Regulation. This bill introduced the concept of data fiduciary and data principles in Indian context. Data Principals are defined as the‘natural person to whom the personal data’belongs.The term Data Fiduciaries has been defined as‘any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of the processing of personal data’. The bill says that the collection of data is only allowed when one has given the consent for the same. The section 12 of this bill says that consent of the person should be clear without any ambiguity and it can be withdrawn without data complication. The Information Technology Act 2000 is one of the legislation which was brought by parliament to provide a legal framework for various e-platforms. The PDP Bill empowers the officer of data protection authority to enforce any actions against the person without the approval of court. The bill says that data can be processed even without consent of the individual if the state wants it, and it is quite uncertain and irrational because even person who are representing the government can misplace the data, The provisions under the Information Technology act are dealing with collection and processing of data by the corpotate body.
India has been persistently working towards having law for data protection, but there are still some loopholes. The Indian legislature needs to look upon to the merits of protection of data and data privacy and get insights from around the world and implement them and start developing a exact new branch of laws, there are various treaties and conventions focussing on data protection and there are various laws around the world and it can help India to curb the issue of data protection and if they are adopted and implemented in India in it’s truest way possible. But as an aware Indian, it is my opinion that we, the people of India, need to become more vigilant. Think twice before allowing apps an access to the data stored on your personal devices. Be practical in approach so that a collective consensus shall develop regarding the grave nature of the problem. Only then can a holistic set of solutions be provided to the existing conundrum.
I. People’s Union of Civil Liberties v. Union of India, AIR 1997 SC 568.
II. Justice K.S. Puttaswamy(Retd) v. Union of India, (2017) 10 SCC 1.
III. M. P. Sharma And Others vs Satish Chandra, District, 1954 AIR 300.
IV. Govind v. State of Madhya Pradesh, 1975 AIR 1378.
This blog is authored by Vinish Maheshwari, a student of Gujarat National Law University.