This article is written by our intern Lavanya Gupta, a law student from Sushant University.
Abstract
The advancement of innovation and the dynamics of the legal world provide insight into the challenges of data protection and information assurance in today's world. Confidentiality is becoming everyone's need due to mechanical advancement and the emphasis on securing singular free information. A study of current cases and reports related to the bill was reviewed by breaking down all the key points of interest.
The Personal Information Assurance Act increases the state's intensity to direct state conduct and determine protection schemes. The conflict between the right to protection and information security and how the fee to ensure correct information takes effect in the new period was also discussed. The objective of the exploratory work is to examine the state of security and information assurance in India as a matter of law.
Introduction
After two years of deliberation, in December 2021, the Joint Parliamentary Committee (JPC) on the Personal Data Protection Bill (PDP), 2019, recommended limiting the scope of the law to "the right to digital privacy", while expanding its mandate to include -personal data (NPD).
It is therefore important to consider how such a "data protection" framework would support the goal of protecting the "privacy" of individuals, a fundamental right affirmed by the Supreme Court in 2017.
Traditionally, the concept of privacy has been limited to the home, family, and private property.
In 1890, the Harvard Law Review article "The Right to Privacy", co-authored by Samuel Warren and Louis Brandeis, raised privacy concerns caused by the unwanted disclosure of something honest. but shameful, and begged for the right to be left alone with curiosity look even in public spaces, for example, through media gossip and surreptitious photography.
Wearable cameras were a novelty back then, but billions of people carried smartphones with built-in high-resolution digital cameras. The use of CCTV to prevent crime and investigate is often opposed by apprehensions of mass state surveillance. Likewise, concerns about surveillance capitalism are being triggered by Big Tech's extensive and rich data practices.
Need for a comprehensive law
Sure, some Indian laws include privacy protection, but only in a particular context. The need for an exclusive and comprehensive law to protect privacy has been raised for several decades, often triggered by certain events or even government action.
The role of the judiciary in general and of the Supreme Court of India, in particular, is crucial in these developments. For example, its 1996 wiretapping guideline led to Indian Telegraph Rule 419A under the Indian Telegraph Act, 1885 - a law older than the Harvard article cited above. The media is prohibited from disclosing the identities of victims of sex crimes and minors breaking the law.
To be sure, the Indian government conducted consultations on the legal framework for privacy in 2010 even before Aadhaar registration started. This was followed by the Planning Committee which previously convened a panel of experts led by Justice A.P. Shah, who chaired, and proposed a set of nine principles in 2012.
During its long evolution since 2010, directive law has undergone a subtle but significant shift away from "private data protection." privacy "to "data protection", leading to a common but mistaken perception of the two, even as the Supreme Court has recognized that "information privacy is an aspect of protection". data protection".
What’s in? What’s out?
In 2019, the government established another committee on the data governance framework chaired by Kris Gopalakrishnan. In December 2020, it recommended the creation of the NPD Authority, as a statutory regulator, separate from the PDP Body, proposed as part of the PDPB, 2019. However, the JPC made two important recommendations in PDB 2021.
On the one hand, he includes the NPD, arguing that the line between PD and NPD is blurring. On the other hand, it excludes non-digital data from the scope of the law. Incidentally, non-numeric and numeric data are always replaceable. It's not uncommon to have protection against damage caused by data stored on the hard drive, but isn't it if it has already been printed or written to the registry?
Indian Government’s withdrawal
The Indian government has withdrawn its long-awaited personal data protection bill, which has caught the attention of some privacy advocates and tech giants, who are concerned. The law would limit how they handle sensitive information while giving the government broad access.
The move is a surprise as lawmakers have recently indicated that the bill, announced in 2019, could soon see the light of day. New Delhi has received dozens of amendments and recommendations from a parliamentary panel, including lawmakers from Prime Minister Narendra Modi's ruling party, which "identified many relevant but out of reach issues". The vigilance of modern digital privacy laws," India said. Senior IT Minister Rajeev Chandrasekhar.
The government will now work on a "comprehensive legal framework" and introduce a new bill, he added. The Personal Data Protection Bill sought to grant Indian citizens rights to their data.
India, the world's second-largest internet market, has seen an explosion of personal data over the past decade as hundreds of citizens log on for the first time and start using dozens of apps. But there is uncertainty about the power that individuals, private companies, and government agencies have over it.
“The Personal Data Protection Bill of 2019 has been reviewed in detail by the Parliamentary Joint Committee. 81 amendments have been proposed and 12 recommendations have been made to work towards a comprehensive regulatory framework for the digital ecosystem. Based on the JCP report, a comprehensive regulatory framework is being developed.
Therefore, in this context, it is proposed to withdraw the 'Personal Data Protection Bill, 2019' and introduce a new Bill following the full legal framework," the minister said on Wednesday, Indian computer scientist, Ashwini Vaishnaw, in a written report.
The bill has drawn criticism from many industry stakeholders. The New Delhi-based Internet privacy organization Freedom Foundation said the bill "provides substantial exemptions for parts of the government, prioritizes the interests of big business, and does not fully respect your fundamental rights about your private life".
Concerns generated by various companies
Meta, Google, and Amazon are among the companies that have expressed concern about some of the joint congressional committee's recommendations about the proposed bill.
The bill also stipulates that companies can only store certain categories of "sensitive" and "critical" data, including financial, health, and biometric information in India.
"I hope the bill isn't completely scrapped, with all the work done. Throwing it out completely would create some sort of legal vacuum from the aspect of protecting lives. No one wants this. there," Nikhil Pahwa, editor of MediaNama, which covers politics and media, said in a series of Twitter posts. "The new bill should be submitted for public comment.
It should be recognized that civil society and broader industry participation contribute to better laws and rules." CPM does not involve many key members of civil society. The government messed with the 2021 IT rules and CERT-in guidelines. He has to be reasonable with the regulations, or it will hurt India's digital future.
Conclusion
After two years of deliberation, in December 2021, the Joint Parliamentary Committee (JPC) on the Personal Data Protection Bill (PDP), 2019, recommended limiting the scope of the law to "the right to digital privacy", while expanding its mandate to include -personal data (NPD). The bill also stipulates that companies can only store certain categories of "sensitive" and "critical" data, including financial, health, and biometric information in India.
On the one hand, he includes the NPD, arguing that the line between PD and NPD is blurring. On the other hand, it excludes non-digital data from the scope of the law. Traditionally, the concept of privacy has been limited to the home, family, and private property. The advancement of innovation and the dynamics of the legal world provide insight into the challenges of data protection and information assurance in today's world.
Comments