Withdrawal of the data Bill was a bad move
BN Srikrishna Committee:
- Gave report on “Data Protection Framework” and proposed a draft Personal Data Protection Bill.
- Justice K. S. Puttaswamy. vs Union of India:
- Also known as the Right to Privacy verdict.
- Supreme Court in this judgement held that Indians have a constitutionally protected fundamental right to privacy that is an intrinsic part of life and liberty under Article 21.
- It held that privacy is a natural right that inheres in all natural persons, and that the right can be restricted by state action only when that action passes these three tests:
1) First, such state action must have a legislative mandate;
2) Second, it must be pursuing a legitimate state purpose; and
3) Third, it must be proportionate i.e., such state action — both in its nature and extent, must be necessary in a democratic society and the action ought to be the least intrusive of the available alternatives to accomplish the ends.
What is the need for a strong data protection law?
- India currently has over 750 million Internet users, with the number only expected to increase in the future.
- The Government is also making a strong push for a ‘Digital India’, with increased focus on digitisation of access to health, ration, banking, insurance, especially after the COVID-19 pandemic.
- There is a greater focus on the inter-linking of data, whether through facial recognition, Aadhaar, or the Criminal Procedure (Identification) Act, 2022.
- At the same time, India has among the highest data breaches in the world.
- It has been reported that around 18 of every 100 Indians have been affected by data breaches since 2004, with 962.7 million data points being leaked, primarily personal data points such as names and phone numbers.
- Without statutory backing citizens will have limited actions to counter misconduct by corporations. This is because fundamental rights are, by and large, not enforceable against private non-state entities which also defangs the Supreme Court verdict in Puttaswamy case.
- Currently the only recourse available for people against corporate misconduct in data privacy is the Information Technology Act, or file civil/criminal proceedings before a court of law.
What can be done
- The Government could enact a fresh privacy legislation or a comprehensive data protection law (covering both personal and non-personal data).
- Alternatively, it could subsume data protection under its ongoing attempts at revising the existing Information Technology Act, 2000.
- It could also enact a digital markets law, along the lines of the European Union’s Digital Services Act, focusing on competition and innovation in the digital space.
Source: THE HINDU