The type of information collected by the operating websites can be classified as either individually identifiable information or mass undisclosed information.Identifiable information can be defined as information that can be used to identify an individual like name, address, telephone number, credit card number, or email address and also IP address.
The Supreme Court of India on July 19 said that the right to privacy cannot be an absolute right and that the state may have some power to put reasonable restrictions. A nine-judge Constitution bench, headed by Chief Justice JS Khehar, is revisiting the question of privacy 55 years after the Supreme Court decided that it is not a basic right for citizens.
With regards to the privacy debate of the Aadhaar scheme, Justice DY Chandrachud, part of the nine-judge bench, observed that right to privacy cannot be linked to data protection. He questioned, how do we define privacy? What are its contents? Its contours? How can the State regulate privacy? What obligations does the State have to protect a person’s privacy?
Baijayant Jay Panda, Member of Parliament from the Biju Janata Dal, introduced a private members bill on data privacy and protection on Friday, July 21.
Discussing the non-absolute nature of the fundamental rights, he says, “The nine-judge bench is now looking at the source of the right to privacy in our Constitution and develop judicial tests to ascertain its contours. This will be a historic step. I am gratified that several judges’ oral observations seem to be in line with the stand taken by my Bill that privacy is a right but it cannot be absolute.”
He adds: “It needs narrowly defined exceptions to be specified for national security and other limited reasons. Data protection is a subset of privacy and hopefully, the Supreme Court will pave the way for a robust data protection ecosystem. We are at a tipping point where we must define rights of individuals and liability of those who have our data.”
However, the sanctity of data generated by netizens has become a hotly debated topic given the growing emphasis on Digital India and financial inclusion. With 391.50 million internet subscribers, as on December 31, 2016, and the government’s robust aim of doubling the internet penetration across the country by 2020, there is a need to educate the masses on their privacy rights, benefits/threats of collection and processing of their data.
Government has taken an Initiative too
The government is mulling a new data protection law to protect personal data of citizens, while also creating an enabling framework to allow public data to be mined effectively. The move assumes significance amid the debate over the security of individuals’ private data, including Aadhaar-linked biometrics, and the rising number of cyber-crimes in the country.
“The Ministry of Electronics and Information Technology (MEIT) is working on a new data protection law. A proposal to this effect has been sent to the Prime Ministers’ Office for approval,”
Once the PMO approves it, the ministry will set up a “cross-functional committee” on the issue.“We want to include all stakeholders. It will be a high-level committee, and all current and future requirements of the sector will be discussed.”
Two chief aims
“We are working with two main aims – to ensure that personal data of individuals remain protected and is not misused, and to unlock the data economy.”That a lot of benefits can be derived from the data that is publicly available, by using technology and big data analytics. “The information can be used for the benefit of both individuals and companies,”
“The underlying infrastructure of the digital economy is data. India is woefully unprepared to protect its citizens from the avalanche of companies that offer services in exchange for their data, with no comprehensive framework to protect users,” Currently, India does not have a separate law for data protection, and there is nobody that specifically regulates data privacy.
“There is nominally a data protection law in India in the form of the Reasonable Security Guidelines under Section 43A of the Information Technology Act. However, it is a toothless law and is never used. Even when data leaks such as the ones from the official Narendra Modi app or McDonald’s McDelivery app have happened, section 43A and its rules have not proven of use,” Some redress for misuse of personal data by commercial entities is also available under the Consumer Protection Act enacted in 2015, according to information on the website of Privacy International, an NGO. As per the Act, the disclosure of personal information given in confidence is an unfair trade practice.
What Websites can do!
Websites would be required to provide consumers with a notice of what information they collect and how they use it and even offer consumers choices as to how that information is to be used beyond the use for which the information was provided and reasonable access to that information and an opportunity to correct inaccuracies. Websites would be required to take reasonable steps to protect the security and integrity of that information. The websites that collect personal information from children, 12 and under, need to provide actual notice to the parent and obtain parental consent.
Aadhar linking risks Data Protection
Saikat Datta, the author of India’s Special Forces and Policy Director at the Centre for Internet and Society , says Aadhaar breaches the first lesson of cybersecurity by providing access to all information via a single point.
He says: “The Constitution is very clear- it does not try to limit the power of the individual; it has been defined to limit the power of government over you. The very fact that the government is sitting on 1.3 billion Indians’ information is a danger by itself. The government now has the enormous power to manipulate you, thereby changing the social contract on the basis of which India as a union was formed. India can very easily become a totalitarian state, and you won’t even come to know.”
The purpose is to prevent violations of fundamental human rights such as unlawful storage of personal data, or the abuse or unauthorized disclosure of such data.
Legistify connects you with the best lawyers in India and top Chartered Accountants in India with simple telephonic conversation or email. Call us at 011-33138123 or send us an email at firstname.lastname@example.org to get started.