Robust data protection law a must for digital india

India claims to be an IT superpower. Unfortunately, we are not a world leader when it comes to data protection and privacy laws.

India claims to be an IT superpower. Unfortunately, we are not a world leader when it comes to data protection and privacy laws. The anemology needs to be corrected. During the just-concluded Supreme Court hearing in the Aadhaar case, which centred around privacy as a fundamental right, the Modi government has appointed an expert committee, headed by former Supreme Court judge B N Srikrishna, to ‘identify key data protection issues’ in India and recommend methods to address any potential problems.
The 10-member committee—which includes representatives from the Department of Telecommunications (DoT), the IT ministry, the Unique Identification Authority of India (UIDAI) and some academics—will not only study the various issues around data protection in India, but also draft a data protection bill that will be taken up for consideration by the Centre.


While the apex court’s verdict is awaited, many scenarios can be contemplated. It could declare privacy a fundamental right, but hold that the Aadhaar scheme doesn’t contravene it. Alternatively, it could accept the proposition that different levels of privacy need different levels of protection. If it holds that Aadhaar infringes the fundamental rights, that could be a bombshell. Whatever the decision, India needs to strengthen its data protection and privacy laws.The government’s decision to focus on data protection comes in the wake of a wave of privacy and data breaches in India from corporates as well as government agencies that have leaked the Aadhaar and personal data of over 100 million Indian citizens.  Given that the IT Act of 2000 was last amended almost 10 years ago in 2008, it is high time the laws in this fast-changing sector were re-examined. Also, regulatory oversight and enforcement have not been effective to ensure compliance by the organisations. 


However, the lack of civil society representation in this committee is worrying. Given that most of the members of the committee have spoken against a right to privacy in the past, the composition of the committee is heavily skewed in the direction of the government’s slated policy that data privacy cannot be a fundamental right.Formulation of a law for data protection requires a multi-stakeholder approach, and there is a key component of that missing, and there are not enough independent academics.


Moreover, DoT committees are typically unlike TRAI consultations. While the TRAI, easily the most transparent of regulators in India, invites public comments, conducts open house discussions, allows for counter comments, the government committees vary in their approach and there is never an open-house discussion. There was a public comments process on MyGov that the DoT undertook, for their committee on Net Neutrality. Under the last government, the DIPP also took public comments on e-commerce, where submissions were invited.


It remains to be seen whether this committee will be as open as TRAI. But given that it has been asked to submit its report within eight weeks, it seems unlikely. Since the implications of a strong data protection legislation will have repercussions on all data collected, stored, and used in various forms, it is vital that this should be done after public debate, involving all stakeholders. While the court decides whether privacy is a fundamental right, no one can dispute that a robust data protection act is needed without delay as we move towards Digital India.
yogesh.vajpeyi@gmail.com

Related Stories

No stories found.
The New Indian Express
www.newindianexpress.com