Privacy, data protection and significance of implementing new laws in India.
Introduction
Privacy is the state where a person can keep things private upon himself and is not interrupted or disturbed by such an act. A person is said to have the right to privacy under any circumstances. But there are several situations where the privacy of individuals is curtailed.
Data protection is another element that comes under privacy and creates a diplomatic discussion. Data protection is a delicate issue and should be dealt with utmost care. In the present digital world, the essentiality is at its peak to protect the privacy and data of any individual.
It is high time that the Indian government should look forward to the enactment and application of several cyber laws and data protection bills. This essay deals with the present status of privacy, data protection, and cyber laws in India, also about the changes/essentiality of amendments required in the present laws, and the implications of the landmark judgment of K S Puttaswamy V. UOI .
What is Privacy?
Privacy is the ultimate freedom of every individual, indeed it is a basic human right. Every individual must be given the liberty to keep things private himself in a democratic society. Privacy develops from the very beginning of every person’s life. Reputation, family, sexuality, etc are some important aspects that come under the privacy of every individual.
Keeping personal information upon himself is a choice that he makes. Privacy is a state which is free from intrusion, interference, or encroachment. Privacy plays a major role in everyone’s lives in the present digital age.
The Internet has now become a popular means of communication. In a democratic, republic, sovereign, and secular country like India, no person shall be forced to share his private or personal information with the public.
When the constitution was made, the right to privacy was not a fundamental right under Article 21 of the Indian constitution. Article 21 includes the fundamental rights of the people such as the right to life. Articles 14,19 and 21 are called the golden triangle of the Indian constitution. The basics of the fundamental rights of every Indian citizen lay down under it.
The importance of the right to privacy as well as the protection of data did grow as when years passed. Right now, privacy plays a pivotal part for every citizen, and the right to its protection has become so vital in the present society.in the case of Justice K S Puttaswamy v. Union Of India & Ors, (right to privacy verdict) 2017, it was held by a nine-judge bench that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under article 21 and as a part of the freedoms guaranteed by part 3 of the constitution.”
This consentient judgment made by the nine-bench gave a new perspective to the protection of fundamental rights. The judgment of K S Puttaswamy overruled the previous judgments of Kharak Singh V. State of UP and MP Sharma V. UOI . The nine bench formulated 2 questions for resolution in the case of Puttaswamy and they were;
Whether there is any fundamental right to privacy under the constitution and if so, where it is located, and what are its contours?
What is the ratio decidendi of m P Sharma and Kharak Singh cases and whether those cases are fairly decided?
The court decided after a broad discussion that like any other fundamental element of freedom, the right to privacy is also an intrinsic and sensitive element and its violation will amount that of the same effect as the violation of the right to life and liberty will amount to under Article 21 of the Indian constitution. Privacy has great importance as a human right.
Article 12 of the Universal Declaration of Human Rights treats privacy as a distinct human right. It states that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,
Everyone has the right to protection of the law against such interference or such attacks” . And,
Article 17 of the International Covenant on Civil and Political Rights states that; No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home, or correspondence, nor to unlawful attacks on his honor and reputation. Everyone has the right to the protection of the law against such attacks.
India, being a signatory of both documents, must protect the International human rights of the citizens of the country. There is a national human rights committee in India to protect the National human rights interests too. All these provisions protect the privacy of human beings with great importance.
Data Protection
Data protection is a part of privacy whereas privacy is a vast area that beholds the concept of human rights as well as autonomy within it. Data protection is an important area when there comes to the interference of a third party upon a piece of information collected regarding something by a party from another one.
In the present digital age, the collection and processing of digital data are very easy and have quite great importance too. Every application we install on our gadgets asks for our data. There are terms as well as conditions to use them. When the data collected by different parties are not stored the right way, they are misused in one way or another.
Every individual has the right to deny the data requests, under the right to privacy, but are forced to give it since the private and public sectors demand it. The data, which has been collected by the parties should be secured.
The parties who collect the data should make the privacy and data policy clear(like that done by Whatsapp in 2016 as end-to-end encrypted security for the sharing of information and data). The security of data has great importance.
There are laws required in India to protect data collection. There are no data protection bills in India yet. But it is high time that India needs to adopt a data protection law. The several bills suggested in the parliament regarding data protection were withdrawn.
India has a set of rules under the IT Act regulating how businesses use sensitive personal data .but such rules are barely enforced in the country. Data regulation and individual privacy come hand in hand. There are cyber laws in India to protect cyberspace. However, the applicability and effectiveness are still vague.
There are several instances where the privacy of individuals in India is still violated under the condition that the Right to Privacy is not absolute, the state has the power to curtail the right to privacy of individuals during state emergencies.
During the Covid-19 pandemic, the right to privacy of people was violated in the form of the collection of personal data from citizens by making them install the Arogya Setu application and disclosing the user’s details in public, as well as the use of drones throughout the country in the name of maintaining social distance. These activities directly or indirectly violated the privacy of the citizens of India, As said in Anivar A Aravind V. UOI.
Data protection seemingly starts to have a huge problem when it comes to computers, computer systems, or computer networks. Cyber crimes indeed start with the involvement of a computer. There are cyber contraventions and cyber offenses that come under cyber law.
Cyber contravention is the unauthorized access made to a computer or a computer system whereas, whereas cyber offenses are specific criminal violations that lead to unauthorized access to a computer, computer network, or computer system. Informed consent is an important aspect of data collection.
Any data may be collected without informed consent, but there might be the presence of consent. Informed consent is different from that consent. A person should share his personal information with the knowledge of complete risk and facts included in such a matter. Transparency is very much required for data collection.
The collection of data without giving out proper information about the situation will amount to fraud or misappropriation. Thus, informed consent is not something that comes under health law but has a great effect on privacy and data collection. There’s famous case law regarding the protection of data in the US- Apple V FBI case .
In this case, after the terrorists attack, the FBI demanded information stored on the iPhone of one of the suspects by amending the system. But, the apple company responded that the data of users are end-to-end encrypted and are not accessible.
The company also made clear that access to the data is only through a passcode and they won’t give anyone access to the information since it is a part of their policy. But later, the Apple company had to give access to information to the FBI and it was made clear by the court that the state has several limitations on privacy when it comes to national security.
Importance of implementation of new privacy and data protection laws in India
Presently, India has IT Act 2000 to differentiate different offenses which come under the cyber world and their respective punishments. But these are not enough to guard the privacy or the data of the public. IT Act should be amended to give or facilitate more safeguards for the privacy and data of individuals.
Technology has improved and evolved so far that the laws should also be able to make it up to the digital era. Cybercrimes and cyberterrorism are increasing day by day and these should be prevented by the implementation of suitable laws. The request for a Data protection bill was made with a view that it is high time to adopt such a bill.
The IT Rule of 2011 is that which deals with laws of privacy in India. The sensitive personal data or information shared with private entities are to be protected by them and any breach of the protection of personal information shared by the client will be liable to pay damages to the aggrieved (affected) party. This was implemented in the IT Rule of 2011.
The pandemic had a huge effect on the violations of the privacy of people since the cyber-attacks have had a great effect on the country. The future Personal Data Protection Bill should be of the nature that Personal data should be protected by preventing the leakage of data collected. The PDPB should strengthen data protection regulation and digital rights hand in hand.
The Personal Data Protection Bill is the most awaited Bill in India as it was started in 2019 and is still under development. The Ministry of Electronics and Information Technology established a Committee in 2018 and they are the team developing the PDP Bill. The PDP Bill still required a lot of amendments and so, Joint Parliamentary Committee released the JPC report. The PDP Bill was still withdrawn by August 2022 claiming that a lot more construction is required.
Conclusion
The right to privacy and data protection is a vast area and the protection of these rights are so essential that the breach of the right to privacy or privacy protection will amount to a violation of part 3 of the Indian Constitution.
The right to privacy is not an absolute right, it could be curtailed when there’s a state or national emergency, but till then, the importance of the right to privacy elongates. Cyber laws in India should be made stronger and the implementation of new data protection bills are so essential in the present society.
Everything is digital and in the coming future, a lot more will be tempted to be in a digital manner. To safeguard all personal information and data, PDP Bill should be enacted and there should be prevention of cyber terrorism and cyber attacks.
The landmark judgment of K S Puttaswamy did gave a new dimension to privacy in India. Privacy is now a part of Article 21. It is treated equally as a right to life and liberty. Indian laws have to develop and give more importance to the privacy and data protection of its citizens.
