Data protection law in India

Reading time: 4-5 minutes.

The right to privacy is a fundamental right. It is necessary to create a collective culture that fosters a free and fair digital economy, respecting the informational privacy of individuals, and ensuring empowerment, progress and innovation.

In today’s digital age, a primary point of concern for any individual is breach of data. Until 25th of May, 2018, India’s data protection regime was primarily governed by the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011. However, these laws were miserably failing to protect the interest of the individuals in today’s time.

On July 27, 2018, a ten-member expert committee chaired by retired Indian Supreme Court Justice B.N. Srikrishna on data protection framework in India submitted a 176-page report with a draft bill titled “The Personal Data Protection Bill, 2018” to MietY.

Why should you care about it?

If you are an ardent user of social media platforms, then the prevalent privacy laws in the country, no doubt, have far reaching implications for you. Pre-set or default consent forms hardly give you a choice on sharing data. The constant messages that ask for your permission to access your camera, location, call history contact list call for for a robust data privacy law.

What does the bill state?    

The proposed Data Protection Bill, 2018 puts individual consent imperative to data sharing. The bill asserts that the right to privacy is a fundamental right and unless the users have given their explicit consent, their personal data will not be shared or processed.

The bill’s mandate on data localization is one of the most awaited and watched provisions by tech companies in abroad. As per the drafted bill, both citizens and internet users will have the final say on how and for what purpose their personal data can be used, and they will have the right to withdraw consent. In certain conditions, there will also be the option of ‘right to be forgotten’ that has been included in the draft.

Why does India need to take data protection seriously?

Let’s look at some trends on how the Indian economy is moving towards being more and more data driven. At the last count, India has claimed first place across the world with 270 million Facebook users followed by the US which has 240 million Facebook users.

Indians are leaving behind so much private data and information on this social media platform which is accessible to the world. The number of mobile wallet users in India is already over 250 million with Paytm having more than 100 million users and growing at a rapid pace.

India is the world’s fastest growing mobile payment market. There is little wonder then that the Reserve Bank of India (RBI), the country’s central bank, has promulgated ‘Know Your Customer’ (KYC) norms for wallet companies. The amount of private data that is being left behind with wallet companies is also enormous.

Everything we do online reveals a small piece of our real existence. We enter our name, family name, home address, etc in a multitude of forms along with mobile numbers and information on past education and employment.

We search for information about articles we are interested in, we buy online, we enter all kinds of information and opinions on social media. All websites where we enter this data get to know a very small part of us. 

Indians don’t shy away from sharing their Aadhaar card number but what they don’t know is that the said number contains all their private information. And a scammer can steal their personal identity just from their Aadhaar card number and can commit fraud or even take a loan in their name.

Why is the bill important?

The Personal Data Protection Bill, 2018 is important as it addresses the privacy and data protection framework for about a billion users of the internet. Data privacy concerns have been the point of debate for many giants today.

The recent admission by Facebook that the data of about 87 million users, including 5 lakh Indian users, was shared with Cambridge Analytica adds to data privacy concerns experienced worldwide.

What are the penalties under the bill ?

Under section 69 of the Bill, two levels of penalties are prescribed: The first level is of up to Rs. 5 crores or 2 percent of the total worldwide turn-over, and the second is of up to Rs. 15 crores or 4 percent of the worldwide turnover.

These are prescribed for violations of the data protection law and are to be awarded by the Adjudicatory Officers, or the adjudicating wing of the Data Protection Authority. The actual penalties applicable will vary based on the violation under consideration.

 In conclusion…

Be aware before giving consent for the use of your data. In case of data breach by any company or individual, don’t be afraid to complain to the authorities. Remember, right to privacy is your fundamental right and no one can interfere with it.  

-This article is brought to you in collaboration with Prashuk Jain from Narsee Monjee Institute of Management, Banglore campus.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s