Mains Paper: 3 | Environment and Ecology
Prelims level: Data Privacy and Protection Bill
Mains level: Explain the data protection bill and how it can be improved.
• August 24 marked a year since the Supreme Court’s landmark judgment recognising the right to privacy of every individual as a fundamental right under the Constitution of India.
• However, in an age when nearly 2.5 quintillion bytes of data is generated every day.
• The right to privacy has large implications, particularly on the manner in which the state and others collect and use our data.
• Whether it is submitting a form for a college application or downloading the latest app for our phone, we unknowingly share information about ourselves with a wide range of entities, without realising the repercussions involved.
• Cambridge Analytica’s website rightly said, “Data drives all we do”.
• The scandal which was exposed revealed how they manipulated data to influence the commercial and political choices of common citizens.
How data privacy protection is important for India?
• World’s largest biometric database in the form of Aadhaar, ostensibly to regulate the transfer of benefits from the government to needy citizens.
• However, the numerous instances of data leaks in relation to Aadhaar reveal the
• State’s callous attitude to data protection, while it aggressively pursues the sync-ing of Aadhaar numbers with essential services which have nothing to do with the government, from our mobile phones to our private bank accounts.
• In the absence of a robust data protection framework, we Indians are all sitting ducks in the world of data fraud and misuse.
• Draft Personal Data Protection Bill, 2018, drafted by the Justice B N Srikrishna Committee, which is likely to be adopted by the government as their official Bill.
Features of this bill
• It is built on a strong foundation of the Right to Privacy, as laid down by the Supreme Court.
• Your rights over your data imply that it cannot be handled in any manner in the absence of consent.
• However, today, consent has become a matter of formality.
• For consent to be effective, it must be unambiguous, free, voluntary, affirmative, revocable and obtained prior to its usage to a specific and easily comprehensible contract.
• To ensure consent remains effective, the data must be destroyed after the purpose is served.
• Despite this, there is a skewed power equation between the data processor and the individual, which any good data privacy law must redress.
• The government’s draft Bill grants “the right to be forgotten” but deceptively defines it as disallowing further disclosure of data.
Should have proper mechanism of data localization
• If the data is to be used for a purpose different from the one consent was obtained for or if the duration for usage is longer than it was obtained for, or if there is any other change to the terms for which consent was granted, then effective consent must be obtained afresh for the new terms.
• At the same time, circumstances such as medical emergency, authorisation by law and investigation of cognisable offences which need the immediate use of personal data without effective consent, should be allowed.
• Similarly, your right to privacy can only be diluted when there are no other means to resolve a threat to security of the state.
• The state may carry out surveillance or interception of communication only after authorisation by a privacy commission, an independent impartial well-resourced authority established in my Bill.
• The surveillance and interception must be limited to the necessity of the measure and must be proportionate to the threat it wants to overcome.
• From medical to security, the data so obtained must remain confidential and should be destroyed immediately after the immediate threat has passed.
Right to privacy is a serious matter
• The right to privacy can remain a pillar of our Constitution only if the exceptions are rare and subordinate to your rights.
• The independence of the commission is maintained by keeping out all those who may have a commercial stake in any activities relating to the right to privacy.
• Its effectiveness is enhanced through its power to impose civil and criminal liabilities.
• You also have to be notified about the purpose, duration and manner of surveillance and interception you were subjected to.
• Such a measure also ensures that a person may have recourse to judicial remedy if the state has misused its powers.
• We have to ensure that the state actors cannot become the threat themselves.
Steps need to be taken by Govt.
• The government’s Bill, unfortunately, fails to hold state actors accountable for any form of violation of privacy, even those as grave as interception or surveillance.
• The government has not only used the guise of privacy to strengthen its possibly privacy-violating state actors but has also reduced its own transparency and accountability.
• The government’s Bill primarily holds private entities accountable for the exploitation of personal data and dilutes the reach of the Right to Information Act;
• The Bill avoids authorising state actors to use right to privacy as an armour to evade their democratic responsibilities.
• The Bill immunises an individual’s right to privacy from any and all misuse, in contrast to the government’s draft Bill, which makes state actors unsusceptible to public scrutiny.
• For all these reasons, the government must remove these anomalies and improve its draft along the lines of my Bill.
• Better still, I invite it to adapt my Bill and pass it.
• It’s time to choose: Either we dam the new oil of data, or we allow our democracy to be damned.
Link – https://tt93a.app.goo.gl/yFvNSw3DAu56uuJ97