Plugging the Privacy Gaps

Context: Personal Data Protection Bill 2019 needs to be debated thoroughly as it provides an opportunity for India to forge an agenda that will act as a standard-setter in national data protection legislation.

Judicial Pronouncements in India related to Privacy

  • MP Sharma v. Satish Chandra (1954) and Kharak Singh v. Uttar Pradesh (1962): Privacy of individuals is to be protected in certain circumstances while there is no constitutional right to privacy.
  • Puttuswamy v India (2017): Declared privacy as a fundamental right.

Possible consequences of DPB:

  • Commercial consequences: Centred around citizens’ privacy.
    • Firms have to meet new privacy regulations: since most of the emerging technologies will be founded on the creation, use, and sale of data.
      • Digital firms have to obtain permission from users before collecting their data.
      • Companies have to delete user data based on the user request- similar to “right to be forgotten” available to European internet-users.
  • Political consequences: largely against the freedom of privacy.
    • Government can even access “critical” or “sensitive” personal data: E.g. Information related to religion can be accessed by the government in the name of protecting national interest.
    • Government has discretionary powers related to Data Protection Authority (DPA): DPA will be charged with managing data collected by the Aadhaar programme.

Factors which necessitate a privacy bill:

  • Rising emerging technologies: According to Ernst and Young, emerging technologies in India will create $1 trillion in economic value by 2025.
  • Rising importance of data: Due to which over 80 countries had passed national laws for protecting the collection and use of their citizens’ data by companies and the government. 
  • Power to the state: “critical” or “sensitive” personal data, related to information such as religion, or to matters of national security, must be accessible to the government, for national interests.
    • BN Srikrishna warned that government-access exemptions risk creating an “Orwellian state”.
    • Unfortunately, recent developments show a turn towards surveillance state.g. use of facial recognition technology during anti-CAA protest and linking it with the database of Election Commission and e-Vahan.
  • Casual treatment of privacy by the government: reflected in Aadhaar programme, Aarogya Setu contact-tracing app.

Conclusion: India should utilise the opportunity in legislating DPB by forging a path-breaking agenda that will act as a standard-setter in the still-developing field of national data protection legislation.