PSL Advocates and Solicitors | View firm profile
A BRIEF OVERVIEW:
In this rapid age of technology and internet, data is the biggest asset for an individual but, at the same time, his most vulnerable asset as well. Nearly every aspect of the daily life, including but not limited to, health services, banking, travel etc., requires us to share our personal information with some other person or organization for the same to be processed in order to extend the corresponding services to us. Some of that information is shared voluntarily and, some of it, involuntarily where we are forced to share that information in order to avail of the service required. A burning example of the latter would, arguably, be the access to the data which is virtually forked out of us in order to use mobile applications.
However, even in the case of the information shared voluntarily, we would not want the same to remain in the possession of someone else indefinitely or, worse, be further shared and used for the purpose other than the one it was intended to be used for at the time of its collection. But, unfortunately, this is the sad reality of the day and we, for all practical purposes, have no control over our personal information once it leaves our domain and one of the biggest victims of this is the privacy of the individual.
To rein in the issue, it was high time for political dispositions across the spectrum to sit up, take notice and carve out a judicious mix between the control of an individual over his or her data and collection of the same so as not to impede the flow of services.
Keeping the same in mind, the European Union has enacted the General Data Protection Regulations (GDPR) which aims at streamlining the interplay between personal data, privacy and consent so as to benefit both the individuals and businesses. Approved by the European Parliament in April, 2016, the GDPR came into effect in May, 2018 and, since, it is equally applicable to the organizations, although, not based within EU but providing goods and services within EU, as it is applicable to the organizations based within EU, nearly all the major businesses across the world would have to be compliant with the provisions of GDPR.
The severity of the menace and the determination of the EU to tackle the same can be gauged by the fact that the penalty for failure to comply with GDPR is a minimum of 10 Million Euros and can go up to 4% of the company’s annual global turnover which can act as a sufficient deterrent for the organizations for them not to fall foul of the law.
INDIA AND DATA PROTECTION:
India has been no stranger to the problem of data breaches and compromising of the privacy of an individual. The turning point came in the year 2017 when a 9-Judge Bench of the Hon’ble Supreme Court, by a unanimous verdict in the case of Justice K.S. Puttaswami vs Union of India, (2017) 10 SCC 1, declared the right to privacy as a fundamental right under Articles 14, 19 and 21 of the Constitution of India. In the meanwhile, the Government of India formed a committee under the chairmanship of Justice B N Srikrishna and entrusted it with the task of submitting its report on the issues related to data protection.
Pursuant to the Srikrishna Committee Report, the Government of India, in 2018, placed in public domain a draft Personal Data Protection Bill and sought the comments thereon. A perusal of the Bill of 2018 presented the same as a robust legislation with enough safeguards to protect the data and information of the individual from unwanted access to the same. While the private organizations were required to handle the data and information of individuals with utmost care and caution and their actions were sufficiently circumscribed with enough deterrents, even the Governments were not immune from the same and, should the State wanted to skirt the rigours of the provisions therein and allow the government authorities to have access to the data of an individual, it was supposed to tread a rather tedious legal path to do the same.
However, the Personal Data Protection Bill, 2019, as presented in the Parliament, contrasts with its predecessor of 2018 and, suffice it to say, it does leave us wanting. Unfortunately, the Government has diluted the provisions of the 2018 Bill pertaining to the powers of the State so much so that the experts are worried about the application and impact thereof.
The Bill of 2019, under Section 35 thereof, empowers the Central Government to bypass the provisions of the statute and exempt any agency of the Government from application of the Act for the purposes of rather abstract grounds of (i) in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order; or (ii) for preventing incitement to the commission of any cognizable offence relating to sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order.
The Government, further, diluted the 2018 Bill by providing this exemption to the authorities could be accorded vide a simple order by itself for reasons to be recorded in writing and subject to such procedure, safeguards and oversight mechanism to be followed by the agency, as may be prescribed.
As stated supra, this dilution is in contrast with the 2018 Bill, in that, in Section 42 of the 2018 Bill, the exemption to the Government was provided only on the grounds of security of the State and, further, this exemption was not permitted unless authorized pursuant to a law and was in accordance with the procedure established by such law, made by Parliament and was necessary for, and proportionate to, such interests being achieved.
It goes without saying that, irrespective of political dispositions, the provisions of the 2019 Bill has placed in the hands of the Government an unbridled authority to skirt the provisions of law as per its fancy and it does negate the underlying purpose thereof by compromising the privacy and prejudicing the interests of the individuals.
This dilution has not gone unnoticed and has ruffled many a feather in the academia and the experts have been vocal about the possible negative impacts of the same. In fact, as reported in an article by Economic Times[1] the chairman of the committee, Justice Srikrishna himself, has commented, in no uncertain terms, that this is dangerous and could turn India into an ‘Orwellian State’ which term, essentially, means a draconian control of its people by the State.
CONCLUSION:
Privacy, as laid down by the Hon’ble Supreme Court in the case of Justice Puttaswamy (supra), is the fundamental right of a citizen as guaranteed by the Constitution of India and no entity, not even the State, can be allowed to throw the essence thereof to the winds at its whims and fancies and undermine the basic interests of the people.
It would not be out of place to mention that this amendment in the statute negates the very basic essence of the law and the purposes wherefor the same was enacted. It is hoped that the Government takes a note of the voices of dissent and reinstates the original provision as provided by the 2018 Bill or at least restrains its unbridled authority provided by the 2019 Bill so as to preserve the Constitutional rights of its citizens.
Authored by :- Mr. Siddharth Jain, Co-Founding Partner
[1] December 12, 2019, Megha Mandavia, https://economictimes.indiatimes.com/news/economy/policy/personal-data-protection-bill-can-turn-india-into-orwellian-state-justice-bn-srikrishna/articleshow/72483355.cms?from=mdr