Pre-cum-Mains GS Foundation Program for UPSC 2026 | Starting from 5th Dec. 2024 Click Here for more information
Context
Protecting individual rights should be at the core of data protection legislation
Report of the Data Protection Committee
When the government set up the committee on Data Protection in India, led by Justice B.N. Srikrishna, it said that the objective “is to ensure growth of the digital economy while keeping personal data of citizens secure and protected”.
Provisional Views
The Committee has recently released its provisional views on the formulation of a data protection framework and invited public comments
A Commendable job
The Committee does a commendable job on a number of counts
- It has covered a wide range of issues pertaining to data protection and privacy
- While it has looked at the issues from the prism of what is relevant in India, it has also brought in perspectives from other countries.
Scope for Strengthening
But there are some important ways in which the Committee can strengthen its final report.
Core Principles
First, it would be useful to anchor the report in some core principles.
- The Committee must lay out the normative framework which we, as a nation, must aspire to with respect to data protection.
- Technology will evolve rapidly and the law will need to keep pace with changes. But the overall vision of empowering the individual should be at the heart of all legislation.
Privacy has a value to the economy
Second, it would be important for the Committee to state that privacy is not just a right or a moral obligation, but it has value to the economy
- It enhances trust and increases voluntary participation in the digital economy
- In some places, the report appears to imply that while the ideal is important, practical considerations demand that we settle for less
- While the question of balance is an important one, that should not be seen as a licence to be lenient to privacy-violating data practices
Privacy and Innovation link
There is a fundamental link between privacy and innovation
- No one will innovate in a surveillance-oriented environment or in a place where an individual’s personal information is compromised
- The ultimate control of data must reside with the individuals who generate it; they should be enabled to use, restrict or monetise it as they wish
- Therefore, laws should enable the right kind of innovation — one that is user-centric and privacy-protecting
The medium to long-term challenges of building a data protection framework in any other diluted way will be very difficult to handle — for the individual, the entrepreneur and the government.
Data Protection Agency
- Third, while the Committee has proposed the creation of a strong Data Protection Authority (DPA), there are some aspects that can make such an agency effective
- Some of the recommendations, such as applying the law to both government and private data collectors, fines against violators and direct compensation to complainants, are progressive
- But for the DPA to be effective, it must have the authority to impose penalties. The Right to Information Act, which grants such an authority to the information commissions, is a good example to learn from.
Practical Constraints
The report points out several practical constraints in the implementation of many of the rights it envisages — the challenges arising from the different ways data is currently stored, the burden of meeting privacy rights, the need for exemptions, etc. For this law to be successful, recognising and addressing these constraints is important.
Time period for Data Controllers
This brings up the need for allowing a time period for data controllers to fully comply with the new law. In the case of the RTI Act, there was a period of 120 days for government departments to comply
EU gives 2 years
The EU’s General Data Protection Regulation gives data controllers two years to prepare themselves to comply with the new regulation
Higher standards of data protection needed
- The nature of personal data is such that once it is out in the public domain, it is nearly impossible to put the genie back in the bottle
- This calls for getting data controllers to abide by higher standards of data protection, even if it means having a moratorium period that allows them to prepare themselves for such standards
- In the long run, the costs of such compliance will be far lower than the potential damage that lenient exemptions to data controllers can cause.
Data Protection important
Increasingly, India is being seen as a pioneer in digital technologies
- This rapid pace of transformation has raised larger questions around inclusion, data protection and privacy
- The signalling value of a strong data protection law in India would be significant and will allow the country to lead by example
- We need to think about the principles we adopt — from narrowly tailored exemptions to strong independent enforcement
- Ultimately, this law will shape how secure individuals feel while engaging in the digital world, and the kind of innovation we will see in decades to come.
Discover more from Free UPSC IAS Preparation For Aspirants
Subscribe to get the latest posts sent to your email.