- Home
- Prelims
- Mains
- Current Affairs
- Study Materials
- Test Series
Latest News
EDITORIALS & ARTICLES
The facts of data privacy in 21st century
As we are living in 21st century, which is a digital world, data is a key for any country to become a super power. Along with that, it is equally important that each country must protect its citizen’s data and respect the privacy of individual and provide safeguard from big data giants.
Status of Data protection in India
Purpose of data protection law
- Currently, in India, there is a no separate law regarding data privacy.
- Personal Data Protection (PDP) bill,2019 is the India’s first attempt for data protection.
- PDP bill is prepared by a committee headed by justice B.N.Srikrishna.
- Article 51 of the Constitution of India, which forms part of the Directive Principles of State Policy, requires the state to endeavour to "foster respect for international law and treaty obligations in the dealings of organised people with one another".
- Under article 21 ‘right to privacy’ is the fundamental right.
Key provisions of PDP bill
Applicability: The Bill governs the processing of personal data by: (i) government, (ii) companies incorporated in India, and (iii) foreign companies dealing with personal data of individuals in India.
|
- Creating Data localisation and boosting domestic digital economy:
- Digital sovereignty is the right of a state to govern its network to serve its national interests, the most important of which are security, privacy, and commerce.
- Demonstrating preparedness to meet internationally accepted standards of data protection:
- It becomes inevitable for India to develop a robust and timeless regulation that has the ability to demonstrate compliance warranting the transfer of data from foreign jurisdictions.
- Preventing privacy harms and exclusion:
- There exists visible inequality in bargaining power between individuals and entities that process personal data, and it becomes important to mitigate the harms flowing from such imbalance.
- Remedy and prevent problems of free data flows and data sharing practices:
- Deficiencies in the regulation of data flow in India are merely a consequence of a simplistic assumption that data flows are an unadulterated good.
- Impact on government: Majority of personal data protection laws across globes have different laws when it comes to the activities conducted within/outside of a country that can harm national security or public interest.
- For example: In India, different act exists to provide safeguard. These includes:
- Information Technology Act, 2000 ("Act")
- Payment and Settlement Systems Act, 2007,
- Indian Telegraph Act, 1885
- SEBI Data Sharing Policy, 2019 and
- RBI Guidelines on Cyber Security Framework for Banks and Information Security, 2016
- For example: In India, different act exists to provide safeguard. These includes:
- Impact on organization: Multinational organizations have to frame new rules to follow with every passing legislation. The differences in legislation distracts the focus from their core competencies and thus affects their ability to create value for society.
- In extreme situations, it may even lead to the withdrawal of companies.
- Impact on Society: Large corporations have a propensity to exploit the loopholes due to the lack of consensus amongst governments. This behaviour prevents level-playing field for any emerging ideas, leads to the monopoly of a few, and directly impacts societal growth.
- It can remove the discrepancies amongst nations’ enforcement of their laws worldwide.
- It also allows concerted efforts to combat data terrorism, identity theft, data breach and fraud.
- This, in turn, sustains cyber security and privacy compliance within the nations.
- Mutually agreed rules of cross border data flows are essential to share the data for international research in health, agriculture, education, and other fields.
- It can provide assurances in an environment where it is hard to know what is fake or misinformation and whom to trust.
- It enforces existing privacy protections and thus enable citizens to exercise their privacy rights.
- As more and more social and economic activities have place online, the importance of privacy and data protection is increasingly recognized.
- 128 out of 194 countries had put in place legislation to secure the protection of data and privacy.
- Africa and Asia show a similar level of adoption with 55 % of countries having adopted such legislations from which 23 are least developed countries.
- The General Data Protection Regulation (GDPR) is a law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
- It also addresses the transfer of personal data outside the EU and EEA areas.
- Primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.
- China's Personal Information Protection Law (PIPL) will change the current landscape of scattered provisions on personal data protection.
- It aims to clarify the rules for processing personal data, the obligations of data handlers and processors, and the rights of data subjects.
- Recently, agreements on the protection of privacy and transborder data flows have been devised both between countries through bilateral agreements and within the multi-lateral organizations.
- Example of bilateral agreements - United States Mexico-Canada Agreement (USMCA)
- Example of multi-lateral organisations - Organisation for Economic Co-operation and Development (OECD), the Asia-Pacific Economic Cooperation (APEC), Council of Europe, etc.
- Although the decisions are reached by consensus, the commitments are non-binding on the members.
- The scale of participation is too thin to be genuinely regarded as a global agreement.
- These frameworks lack the ability to customise with the local needs.
- Personal sensitive information should not be used without the consent of individual.
- As data is a new oil, it should be processed judicially.
- There should be no third party between individual and data storing agency.
- Collaboration of Aadhar and PDP can bring a new revolution in data privacy policy.
- Puttuswamy I’ and ‘Puttuswamy II’ judgments also emphasized on ‘Right to Privacy’.
- The judicial scrutiny through these cases should be implemented.
- India can also provide the technology and build capacity for other nations.
- Example: CoWIN, UPI, Aadhaar, EVMs are India’s technological successes in which around 150 nations have shown their interest.
- India can leverage its technical, economic, and legal wisdom in several other sectors, such as climate change, solar energy, space research.