PERSONAL DATA PROTECTION ACT: NEED OF THE HOUR

Apex Courts 9 Bench unanimous judgement in Justice Puttaswamy case pronouncing that, “The right of privacy is a fundamental right; It is a right which protects the inner sphere of the individual from interference from both State and non-State actors and allows the individuals to make autonomous life choices” had attracted various reactions from all the sections of society when pronounced in 2017.

The then Union finance minister Shri Arun Jaitley, a legal acumen in himself, reacted that “Privacy issue went to Supreme Court because previous UPA government brought Aadhaar without legal framework. We framed Aadhaar law ensuring privacy as fundamental right will be protected. Supreme Court accepted privacy is a fundamental right but not an absolute right; judgment is a positive development."

The past and present Law minister, Shri Ravi Shankar Prasad said “The government welcomes the Supreme Court order on right to privacy. SC has affirmed what government had said in Parliament while moving Aadhar Bill. Privacy should be a fundamental right subject to reasonable restrictions."

 “Welcome the SC verdict upholding Right to Privacy as an intrinsic part of individual’s liberty, freedom and dignity. The SC decision marks a major blow to fascist forces," the Congress vice-president Rahul Gandhi tweeted. It was a “sound rejection" of the BJP’s ideology of “suppression through surveillance", Gandhi said.

R. Chandrashekhar, President, Nasscom in 2017 said, “This landmark judgment will ensure that protection of citizen’s privacy is a cardinal principle in our growing digital economy. Besides, it will enhance citizens’ trust in digital services, a prerequisite for widespread digital adoption. The ruling also significantly boosts India’s attractiveness as a safe destination for global sourcing."

Soli Sorabjee, India’s most respected legal luminary commented that “It is a very progressive judgment and protects the fundamental rights of the people. Privacy is a basic right which is inherent in every individual. The unanimity of the bench in giving this decision shows a very good approach of the Supreme Court. Any judgment which enlarges the fundamental rights of the people should be welcome."

These reactions were of 2017 and many expected government to come out with a law soon for protection of Privacy of the individual as a committee was set up under stewardship of Retired Justice Srikrishna to draft the act for Data Protection in 2017 itself.

Much water has been passed between pronouncement of judgement, setting up the committee and today. An Act for protection of Fundamental Rights of People is still a distant dream. It was in July 2018 that the Justice BN Srikrishna-led committee timely submitted its draft bill to the Ministry of Electronics and Information Technology (MEITY) to create a powerful data protection law in India. The draft was finalized after a year of consultations with various stakeholders and came just after the European Union General Data Protection Regulation (GDPR) came into force in May 2018. The Personal Data Protection Bill, 2019 is more important because of the urgent need to regulate data protection and data privacy, be it for online platforms, apps, social networks or even online services including by the government. It was expected when the Winter Session of the Parliament began in November 2019, that key bill, the Personal Data Protection Bill, 2019, will be passed. But it did not happen and presently the bill is before the Committee of Parliament for deliberations and consultations.

The 25% growth from 437.4 million in 2017 to 564.5 million currently in digital users should come as some sort of eye-opener. In a country where digital education, digital security or digital awareness is not priority of any of the digital service providers, the digital users are left on mercy of cyber criminals. These cyber criminals are carrying out innovative cyber attacks which are beyond imagination of the digital users. The most favoured white collared cyber crime is DATA THEFT. It is committed before open eyes of the digital users and digital users are not able to recognise the crime of data theft being committed. There are many high end cyber crimes which cannot be even noticed or detected by 90% of the digital users. Present digital era’s description as Golden Era of Cyber Crimes is not misconceived or ill-founded.

Recently, in view of information available with government of India that 59 Apps are engaged in activities which is prejudicial to sovereignty and integrity of India, defence of India, security of state and public order, the government of India has banned these apps , all of which are originated from China. The government said that the Ministry of Information Technology has received "many representations raising concerns from citizens regarding security of data and risk to privacy relating to operation of certain apps". As per government press release, The Computer Emergency Response Team (CERT-IN) has also received many representations from citizens regarding security of data and breach of privacy impacting upon public order issues”.  So, on this backdrop with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules 2009 and in view of the emergent nature of threats these apps were banned.

The measure reason as stated by government is the Risk to Privacy as well as risk to data of the citizen. It is open secret that most of the apps are designed to collect huge personal data from the users. The terms and conditions of each of the app very categorically mention the permissions to be provided by gadget owner prior to installing that specific app. With our permission only, these apps are installed in our devices and hence there are very few who regret this decision of providing permission to camera, messages, contacts, GPRS Location, enabling calls and many more such activities by the apps. This is true for all the apps whether having origin in China or from any other part of world. You will rarely find any app/program which is not interested and designed for collection/storage of personal data. In short we need to have a permanent solution for Protection of the Personal Data of the individual as banning any app is short term solution.

Data is the lifeline of today’s business activities in digitalised world and on backdrop COVID 19 where most the world is opting for Work from Home and making maximum use of online platforms, the data theft threat is looming large in cyberspace. Yes , the incidents on Chinese Border has added fuel and security dimension to this Data Theft and Data security of the citizen and banning the 59 apps of Chinese origin by government can be justified. But bigger issue of Data Security and Protection of Privacy by other apps remains to be resolved. What can be said about big social media giants like Facebook, Whatsapp, Instagram or online meeting platforms like Zoom? Are these companies not involved in compromising Security of individual citizen and thereby invading constitutional guaranteed Privacy Right of the Indian citizen?

The most recent incident of trolling of Hon. Chief Justice of India for just sitting on a high-end mobike without headgear and mask and subsequent clarification/warning about not invading Privacy of Hon Chief Justice of India justifies the need of passage of Personal Data Protection Act by the parliament. When Hon Chief Justice’s privacy is vulnerable, what could be said about Privacy of we individual citizen? Are all citizens so powerful like Hon. CJI? What remedies are available to individual citizen for protection of their Right to Privacy? Under which law the reliefs can be sought?

Putting of Personal Data Protection Act in place is the only solution. The preamble of act itself describes the objects of the act as the act to provide for protection of the privacy of individuals relating to their personal data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the rights of individuals whose personal data are processed, to create a framework for organisational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorised and harmful processing, and to establish a Data Protection Authority of India for the said purposes and for matters connected therewith or incidental thereto.

The preamble states that the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy and whereas the growth of the digital economy has expanded the use of data as a critical means of communication between persons and which needs to be protected.

So the significance of Personal Data Protection Act can be found in its preamble only and various rights available, after passage of this Act, to Data Principal like correction of Information, Erasure of information, discontinuing the use of information after the purpose of consent is over and deletion of information etc. highlights how personal data of the individual can be protected.

As most of the apps are exploiting our sensitive personal information without our explicit consent and this can be verified by huge spike in cyber crimes recently, the best way to deter/ control these apps and make citizen more powerful is by passage of Personal Data Protection Act. This act will give much needed tools to the citizen as well as government to check culprits involved in theft of personal data or invasion of Data privacy.

  

To allow the individuals to make autonomous life choices including choice about his Data sharing, the Hon Apex Court mandated a need of law which can give an individual, right about his personal data protection. This object can only be achieved by passage of The Personal Data Protection Act and its effective implementation. Hence in my view, passing and enforcing The Personal Data Protection Act is need of hour and should be top priority of the government.