you are here: HomeNewsOpinion

Why India must fortify its data privacy laws

Our interests in protecting access to our bodies, personal spaces, intimate relationships, etc. are jeopardised if our personal data is leaked to potential abusers of information 

February 26, 2021 / 01:39 PM IST

Some years ago, when I bought a phone from my mobile service provider, I was asked to give my personal information (name, address, date of birth, email address, alternate phone number) at the time of purchase. Soon thereafter, I started receiving sales calls from other mobile phone services, to which my personal information appear to have been provided without my permission.

Similarly, as soon as I searched for dog food on the Internet, I began to see advertisements for pet food on my Facebook feed. Is there a way to regulate the trading of personal information in the modern age? The answer might be found in the Data Protection Bill that is currently under consideration in Parliament.

Why is data protection important?

Normally one would not expect to defend the protection of privacy, but a perception has been created in India that data protection is mainly a rich person’s problem, and that if they have nothing to hide, the protection of personal data (while an issue worth considering) is not an issue worth the dignity of a right. This perception needs to be corrected, and privacy scholars have addressed this problem.

For example, privacy scholars have pointed out that data protection is not just a gloss on the protection of various privacy-related interests, but are integral to their protection. Our interests in protecting access to our bodies, personal spaces, intimate relationships, etc. are jeopardised if our personal data is leaked to potential abusers of information.

Close

Further, people fail to realise that much like other human interests, privacy cannot be secured without some positive rights and a structure of accountability; hence the need to have an affirmative consent from individuals before personal information is accessed and processed, and the need for a grievance redress mechanism when data collectors fail to secure personal information.

Finally, data protection is important because, as privacy scholars such as Bert-Jaap Koops have pointed out, there is a difference between access to and control over information. Even if a person has given access to their information, there ought to be systems in place to ensure the person has control over how this information is processed. Hence, the need to ensure continuing control over personal information and providing individuals with the ability to correct any false or misleading information.

Daniel J Solove, another prominent privacy scholar, has stated that even if the information one has provided access to is innocuous, the government, either maliciously or inadvertently, can abuse the information stored with it. One’s records might be falsified, or might be considered as raising security issues; and all of a sudden, what was a piece of benign information earlier might be information that can get one arrested.

The way ahead

The Personal Data Protection Bill 2019 is an important step in India’s reckoning with the looming crisis of data privacy. The Bill is ambitious in its scope. It does not merely protect individual rights in personal data. It creates an infrastructure in which such rights can be exercised, grievances addressed, offenders penalised and even sent to jail for certain abuses of personal information.

Most importantly, it aims to institutionalise the protection of personal data, with the establishment of data protection officers, regular data audits, data protection impact assessments, a code of practice to promote good practices in this domain and, above all, a data protection authority to ensure the regulatory ecosystem is managed by persons who are not beholden to any one of the stakeholders in the domain.

There has been some concern that the Bill allows the government to access personal information unhindered on the grounds of welfare, crime, security or health. This aspect of the Bill must be reviewed to ensure individual privacy concerns are met adequately. However, an equally important issue pertains to the actual working of the data protection authority and the adjudicatory authorities mentioned in the Bill, once it becomes law.

If the supervisory and adjudicatory authorities are either not staffed properly or do not discharge their duties with rigour and integrity, the promise of the Bill will remain unfulfilled.
Nigam Nuggehalli is Dean, School of Law, BML Munjal University, Haryana. Views are personal.
first published: Feb 26, 2021 01:29 pm

stay updated

Get Daily News on your Browser
Sections