RIGHT TO PRIVACY AND PERSONAL DATA PROTECTION BILL

Protecting its citizens privacy in 21st century is a part of maintaining democratic character of a nation. Right to privacy is not exclusively mentioned in constitution of India but it is considered as a part of Article 21 which deals with right to life and personal liberty. It has been further interpreted by various cases and their judgements through the years.

Right to privacy is considered basic human right under Article 12 of Universal declaration of human rights act 1948 and India recognizes it through Article 14, Article 19 and Article 21 of Indian constitution which are Equality before law, Freedom of speech and expression and right to life and personal liberty respectively. On occasion India has taken note of importance of Right to privacy through judgements in wiretapping case, Aadhar case, Vineet Kumar case and alike.

Vineet Kumar case stated that tapping of phones should not be permitted unless it is case of public safety and emergency.

The recent case of new privacy policy by WhatsApp caused ruckus among citizens regarding protection of their privacy and immediate need of a legitimate way to deal with it. However, India recognized Right to privacy as fundamental right after Puttuswamy v/s Union of India case (2017) but it was under Article 21 itself. Under section 72A of IT act, breach of data privacy is punishable but it is only relevant in the case of corporate sector and to sensitive information.

India does not have a law dedicated to right to privacy yet. Although Personal data protection bill was put forward by justice Srikrishna committee.

PERONAL DATA AND PROTECTION BILL

Personal data and protection bill which was introduced in Lok Sabha in 2019 finally seems to be moving forward now that it has been through parliamentary scrutiny of a joint committee.

The bill restricts processing of personal data by Government, Companies inside and outside India which are dealing with personal data of Indians. The Bill labeled certain data such as financial data, biometric data, caste, religion and political beliefs as sensitive personal data.

A data fiduciary who is basically an entity or individual who owns the means to process these data is required to take certain accountability measures which includes implementing security safeguards such as data encryption and preventing misuse of data and instituting grievance redressal mechanisms to address complaints of individuals. They are also required to mechanize age verification and Parental consent if procession personal information of children. Therefore, Bill allows data fiduciary to process personal data if consent is provided by the individual. However, in circumstances where state requires data for providing benefits to individual, legal proceedings and respond to the medical emergency Personal data can be processed without consent.

The bill further proclaims that individual has certain rights including right to obtain confirmation from the fiduciary on whether their personal data has been processed, (ii) seek correction of inaccurate, incomplete, or out-of-date personal data, (iii) have personal data transferred to any other data fiduciary in certain circumstances, and (iv) restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary or consent is withdrawn.

The Bill seeks to amend the Information Technology Act, 2000 to delete the provisions related to compensation payable by companies for failure to protect personal data. The introduction of personal data and protection bill was a step forward towards democratic data governance and it would further take us closer to constitutionally guaranteed Right to privacy.   

Photo by Pixabay on Pexels.com