‘Data Protection’ means ‘Your Data, Your Right’. There has been a lot of debate over this lately. The Justice Sri Krishna Committee recently came out with a report that demands a law be formulated to protect the data shared by individuals over different platforms.
While some have called the report ‘landmark’, others called it a ‘baby step’. However, with Justice Sri Krishna setting a guiding principle, there is still a lot that needs to be done.
Who will have the prime ownership of the data? What conditions will be considered ‘consent’ and where and when will it be applicable? How will one prevent government interference in an individual’s data? These are just few of the questions that crop up in light of the report. The Supreme Court has already directed the Centre to ‘secure’ citizens’ data, calling it their fundamental right.
Analysts who have read and studied the report say that what’s personal will be decided by the Government. However, the report states what ‘sensitive personal data’ is – an individual’s religion, caste, community, sexual orientation, health and biometrics.
Many such aspects have been stated to be ‘sensitive personal data’, the exchange or use of which by any firm or organisation should be prohibited, with certain conditions applicable.
However, under special circumstances, an individual’s consent to obtain or use these details might not be necessary. For example, these details will be protected by not mentioning an individual’s name, but the data can be used for trendsetting purposes.
According to analysts, the report has pushed for empowering the citizens when it comes to data privacy by non-official and non-governmental organisations. However, analysts suggested that the citizens may be on the losing side when it comes to data protection from the government.
The state police has the power to access the private information of an individual. Even if a law is formulated for data protection, the state police will eventually have the surveillance power.
Will Intelligence Agencies and Foreign Firms Be Held Accountable?
One of the widely-debated points is intelligence agencies having access to the citizens’ data. Considering the current political scenario, the power given to intelligence agencies to access an individual’s private data needs to be brought under the framework of law and they should be held accountable for breach.
In today’s time, where the world in connected by the internet, international organisations have more access to an individual’s data than the government itself. To deal with this problem, the report recommends keeping Indian citizens’ data within India.
According to recommendations in the report, a copy of an individual’s data will be available in India as well as with the organisation abroad. However, it doesn’t guarantee the protection of data available abroad, in e-commerce transactions or e-mail accounts.
If a law is formulated, it will have to be analysed carefully. For example, for extradition treaties, if an act is an offence in both countries involved in the treaty, only then information on the offender is exchanged between the two countries – say country A and country B.
However, the companies or organisations involved in exchanging the data between countries A and B can’t be held accountable for data breach by the other because the company from country A won’t come under the jurisdiction of country B and vice-versa.
Even if a law is formulated, its implementation and the government’s intention to respect an individual’s privacy sounds quiet challenging in the current political scenario.
The report also recommended giving more autonomy to Aadhaar. A regulator for redressal of grievances regarding Aadhaar has also been recommended. However, the report did not set clear guidelines of data breach threats relating to Aadhaar.
(The story was originally published on Quint Hindi and was translated by Eshwar Gole)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)