A NEW DATA PRIVACY LAW

Data is the life-blood of today’s digital economy and is driving new businesses that challenge conventional wisdom about markets. With the proliferation of smart-phones, every tap creates a digital footprint: valuable information that can be exploited by companies to generate everything, from customer preference to consumption patterns.
Critically, the traditional notion of data being merely sensitive personal information is now being challenged as companies are also exploiting real-time data generated from daily activities such as one’s route preference whilst booking cab rides using an app. Even Government’s drive to digitise India on the back of initiatives such as JAM (Jan Dhan-Aadhar-Mobile) and the increased focus on digital payments is fuelled by data. As dependence on data continues to grow, so does the vulnerability of data subjects. Hence, any debate on data privacy must recognise the need for a comprehensive data privacy law, which not only contributes to and complements the constitutional right to privacy but also enables data subjects to harness the benevolence of technological advances.
                        India’s existing data privacy framework dates only to the year 2009, introduced to address growing concern relating to ‘data protection’ and ‘data privacy’. This framework was primarily introduced through Sections 43-A and 72-A of the Information Technology (Reasonable Security Personal Data or Information) Rules 2011 were issued. These regulate the collection, disclosure, transfer and storage of sensitive personal data and information.
A well-functioning data privacy regime should ideally set the rules of the game for all actors, cut out any regulatory uncertainty and strike a balance between protecting the right of privacy of data subjects with the business needs of data collectors. In 2012, the AP Shah report studied global best practices with a view to rebooting the existing domestic framework; it identified transparency, consent, and accountability as the fundamental buildings blocks of the ideal data protection regime. The report also observed that any new data privacy framework must aim to harmonise principles such as the principle of notice, choice and consent, limitation on collection and purpose, disclosure, openness, security and accountability. These would also be relevant today.
Moreover, with technology constantly evolving, an approach based on standards would enable the law to keep pace with rapid changes in technology, as against objectives rules that would fail to be relevant with constant technological developments. Perhaps the biggest shifts required from the existing regime is with respect to its applicability. It is imperative to bring government agencies within the ambit of the new framework. Although drafting a legislation that is applicable to both the private sector and the Government alike is a daunting task, it may be streamlined method of ensuring that data subjects are adequately safeguarded. While ‘consent’ is the cornerstone of any data privacy regime, the adequacy of such consent from the data subjects is sometimes debatable, especially in the context of standard-formwrap agreements. Recent studies show that the problem has been exacerbated manifold; people are often forced to accept unfavourable terms of service, since most apps are designed to quit immediately if one does not click on ‘I agree’ button. Behavioural research also points to the inability of data subjects to manage their own area. This is attributed to a combination of lack of understanding and general disinclination. To counter this, researchers have argued that perhaps regulating only the collection of data collectors and data processors could also be regulated such that there is a prohibition on using certain data in a manner that is detrimental to data subjects. This could be a useful supplement to temper the current prior consent-based approach where data subjects often surrender their data without truly understanding the wider ramifications of exploitation of such data.

Several stops and starts and multiple draft privacy Bills later, the Government has now taken the step to constitute a committee under Justice(Retd.) BN Srikrishna to suggest and draft a new data protection Bill. While the Supreme Court has strongly reiterated with a judgement in unison, by all the nine members of the Constitutional Bench, that right to privacy should be elevated to a separate fundamental right, a robust and well-functioning data privacy legislation will go a long way in complementing the constitutional right to privacy in not only creating the right incentives for all stakeholders but also providing an efficient redress mechanism for data subjects.

Comments

Post a Comment

Popular posts from this blog

Bharat Stage 'BS' Emission Norms Explained, What does it mean and how does it Impact

Image
Bharat Stage Emission Bharat Stage Emission standards are emission standards instituted by the Government of India to regulate the output of air pollutants from internal combustion engine equipment, including motor vehicles. The standards and the time line for implementation are set by the Central Pollution Control Board under the Ministry of Environment & Forests and climate change. The standards, based on European regulations were first introduced in 2000. Progressively stringent norms have been rolled out since then. All new vehicles manufactured after the implementation of the norms have to be compliant with the regulations.Since October 2010, Bharat Stage (BS) III norms have been enforced across the country. In 13 major cities, Bharat Stage IV emission norms have been in place since April 2010 and It's enforced for whole country from April 2017. In 2016, the Indian government announced that the country would skip the BS-V norms altogether and adopt BS-VI norms by
Read more

What is SGST, CGST & IGST ?

Goods & Service Tax or GST will be levied on goods and services. It will replace all the various taxes and bring them under one umbrella to make compliance easier. It will replace the following taxes: (i) Taxes currently levied and collected by the Centre:  Central  Excise duty  Additional  Duties of Customs (commonly known as CVD)  Special  Additional Duty of Customs (SAD)  Service  Tax AND (ii) Taxes currently levied and collected by the State:  State  VAT #Central Sales Tax  Entertainment  and Amusement Tax (except when levied by the local bodies)  Taxes  on lotteries, betting and gambling *Why are we getting 3 taxes -SGST, CGST, IGST*? India is a federal country where both the Centre and the States have been assigned the powers to levy and collect taxes. Both the levels of Government have distinct responsibilities to perform, as per the Constitution, for which they need to raise resources. A dual GST will, therefore, be keeping with the Constitutional requirement of fisca
Read more