We have seen issues related to data protection in news recently all over the globe. Be it Aadhaar issue of India or The General Data Protection Regulation (GDPR) of European Union.
India has 40 crore internet users out of which 25 crores are social media active users, moreover the big data initiative and the recent addition of Right to Privacy in the Fundamental Rights (K.S. Puttaswamy case) are all the more reasons to talk about Data Protection in India.
WHY WE NEED DATA PROTECTION LAWS:
- To balance between the rights of the individual and the public good that comes from the digital economy.
- Lack of dedicated framework for data protection across country.
- The law may help in protection of personal information of citizens.
- The act will help citizens against being victimized by state.
- It will indirectly help in reducing cyber and financial crimes.
- A push towards increasing digital security infrastructure will come in handy with data protection.
- It is also important for digital economy’s sustainable growth.
WHAT ARE THE ISSUES?
- There are multiple standards being followed as of now. There is no clarity on what kind of security standards should be followed by the data fiduciary.
- Government’s accountability needs to be clearly defined regarding use of personal data without consent.
- After GDPR mandate that every EU citizen’s data be stored within the EU. The Facebook and Twitter has noted drop in their revenue and visitors’ numbers. Which implies that it may discourage people from using internet or social media.
- Monitoring Provisions i.e., frequency of data security audits needs to be continuous and at regular interval.
- Offence and Penalties should be defined precisely.
CHALLENGES REGARDING DATA PROTECTION:
- Most of the data storage companies are based abroad. They also export data to other jurisdiction making it difficult to apply Indian laws. India lacks the capability for data localization i.e. to store data within country.
- Uniform data protection framework is difficult in India due to presence of private players in the sector.
- India is regulating the data protection with the help of various laws like:
- Section 43A of IT Act 2000 for corporate entities
- Consumer Protection Act, 2015 and,
- Copyrights Act, 1957
- It is usually difficult to trace the perpetrator invading the data privacy.
Various Committee and Bills regarding Data Protection:
- Justice A. P. Shah panel, 2011 on Data Privacy.
- Data Privacy and Protection bill, 2017
- TRAI guideline for Data Security
- Justice B.N Srikrishna committee.
Now that, privacy of an individual is State’s constitutional duty, it is important to have stringent data policies. Justice B. N. Srikrishna committee recently submitted its report on Draft Protection Framework and Draft bill on Data Protection. Moreover, with initiatives like Data Localization India is on the way towards some of few countries with secure data initiatives.
Justice B.N Srikrishna committee Features:
- Fiduciary relationship
- Definition of Personal Data
- Consent based data processing
- Ownership of personal data
- Regulatory Authority
- Amendments to other laws