ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 26th June. Click Here for more information.
Contents
Source: The post is based on the article “Where’s That Law?” Published in The Times of India on 2nd August 2022.
Syllabus: GS 2 Important Provisions of the Constitution of India; Government Policies and Interventions for Development in various sectors and issues arising out of their Design and Implementation.
Relevance: Fundamental Right to Privacy
News: In May, The Unique Identification Authority of India (UIDAI) issued an advisory warning against sharing Aadhaar numbers with unauthorized entities.
Five years ago, the SC ruled the right to privacy as a fundamental right. However, there is a statutory vacuum in the laws related to privacy. India doesn’t have a data protection law.
However, the Sri Krishna committee was constituted to make recommendations on the data protection law. Consequently, the GOI introduced the Personal Data Protection Bill 2019. But the government didn’t conform to these recommendations and gave the government, sweeping exemptions from privacy norms. The government was endowed with powers to overrule the proposed Data Protection Authority, reducing it largely to an appendage rather than an independent regulator.
Civil society was worried about these exemptions, as these give space to the government to undermine privacy.
The joint committee of Parliament examining the Bill noted that it is difficult to distinguish between personal and non-personal data.
There are incidents of theft of data from public and private agencies collecting biometric information like fingerprints. For example, people have lost money from bank accounts due to Aadhar.
There are also threats like the Pegasus malware that infects mobile phones.
There is opacity in the data collection operations of tech companies.
What should be done?
With the era of 5G and ever-greater sharing of data between smart devices, and coming big jumps in computing power, there is a dire need for the data protection law in India.
Such a law is urgently needed to clarify the ownership, storage, and processing of personal data collected by public and private entities.
The law will codify the responsibilities and liabilities of these entities.
