Strin­gent Data Pro­tec­tion Law is the Need of the Hour

The Economic Times - - Money & Banking - O N RAVI

de­mon­eti­sa­tion, the gov­ern­ment has ini­ti­ated a timely and much needed mea­sure to in­crease dig­i­tal pay­ment op­tions to weed out black money and cor­rup­tion from pub­lic life. As an in­te­gral part of the gov­ern­ment’s move to take the coun­try to­wards a to­tal cash­less econ­omy, these mea­sures would change the qual­ity of life of cit­i­zens.

One area that de­mands im­me­di­ate at­ten­tion is the need for a strong le­gal frame­work for pri­vacy and pro­tec­tion of data shared by the in­di­vid­u­als and en­ti­ties. Leg­isla­tive re­forms are not as quick as tech­no­log­i­cal in­no­va­tions, and this leads to doubts re­gard­ing the en­force­abil­ity of rights. Hence, si­mul­ta­ne­ous leg­isla­tive re­forms would be re­quired as part of the digi­ti­sa­tion pro­gramme.

The le­gal rights and li­a­bil­i­ties aris­ing out of han­dling of data of in­di­vid­u­als and en­ti­ties re­quire a care­ful ex­am­i­na­tion. Presently, the IT Act, 2000 and rules there­un­der cover the ex­ist­ing frame­work on pri­vacy and data pro­tec­tion in In­dia. Sec­tions 43A, 69 and 72A of the IT Act em­body the law on data pro­tec­tion. In 2014, a bill named, The Per­sonal Data Pro­tec­tion Bill, 2014 was in­tro­duced in Par­lia­ment which had a limited fo­cus. As these pro­vi­sions are min­i­mal, the le­gal frame­work in the shape of con­tracts un­der the In­dian Con­tract Act, 1872, comes to one’s res­cue if there is any vi­o­la­tion of pri­vacy rights.

With ev­ery in­no­va­tion in tech­nol­ogy, an in­no­va­tion in the art of mis­use and fraud, also takes place. In­dia, un­like coun­tries such as the UK, Aus­tralia and other Euro­pean coun­tries, does not have a ded­i­cated Data Pro­tec­tion Law. Though not specif­i­cally men­tioned in the In­dian Con­sti­tu­tion, the courts­may­ex­pandthescopeof fun­da­men­tal rights to in­clude the right to data pro­tec­tion. Some of the re­cent de­ci­sions of the Supreme Court have ex­panded the con­tours of pri­vacy to ar­rest the in­creas­ing as­saults on the pri­vacy rights of the cit­i­zens. If the courts fur­ther ex­pand the scope of the fun­da­men­tal rights to in­clude pri­vacy and data pro­tec­tion, then the ex­ist­ing frame­work of law may be in­suf­fi­cient to ad­dress the fu­ture le­gal chal­lenges. Hence, a com­pre­hen­sive Data Pro­tec­tion Law is re­quired for greater le­gal clar­ity and safe en­force­abil­ity of rights by own­ers of the data. This could­beachievedthrough a spe­cial leg­is­la­tion with the ob­jec­tive of af­ford­ing pro­tec­tion to the data and in­for­ma­tion of the nat­u­ral and le­gal per­sons. The fo­cus on im­ple­men­ta­tion of newer ar­eas of in­no­va­tions may get blurred when in­cluded as part of the gen­eral laws. Hence, a spe­cial law is needed.

The fol­low­ing could be the broad fea­tures of such a le­gal frame­work:

Per­sonal data must be clearly de­fined as any lack of clar­ity could ex­pose the pri­vacy rights to greater risks.

There should be a process of reg­is­tra­tion of the data and data col­lec­tors. This would cre­ate a cen­tral reg­istry for track­ing the flow of in­for­ma­tion. The au­thor­i­ties could then timely in­ter­vene and ini­ti­ate pe­nal ac­tions against of­fend­ers.

A cen­tral author­ity should be con­sti­tuted for mon­i­tor­ing the col­lec­tion of in­for­ma­tion and data, reg­is­tra­tion of col­lec­tors, reg­u­lat­ing the col­lec­tion and dis­sem­i­na­tion of data and to ini­ti­ate pe­nal ac­tion against of­fend­ers.

What con­sti­tutes “of­fence” un­der law must be clearly de­lin­eated. The pun­ish­ments un­der this leg­is­la­tion should be made strin­gent. This will safe­guard the in­ter­ests of the cit­i­zens who par­tic­i­pate in the space of digi­tised trans­ac­tions against the mis­use of their data. Knock­ing at the doors of jus­tice in the or­di­nary course of time may prove to be ex­pen­sive and a long drawn af­fair for them. Hence, pre­scrip­tion of a strin­gent pe­nal frame­work with a time­bound im­ple­men­ta­tion mech­a­nism will act as a de­ter­rent against mis­use.

Pe­nal pro­vi­sions should be ex­em­plary. Pe­nal pro­vi­sions of fine, in­clud­ing is­suance of dis­gorge­ment or­ders, non-com­pound­able of­fences, etc, should form part of such a law. Se­cu­rity mea­sures re­quired by the data col­lec­tors and con­trollers to pre­vent mis­use should be stip­u­lated.

Col­lec­tion, pro­cess­ing, us­age and the grounds of ex­cep­tions from the pro­vi­sions of this law should be clear.

A com­pre­hen­sive data pro­tec­tion leg­is­la­tion on the above lines will guar­an­tee a sense of safety to the own­ers of the data.

There is need for a strong le­gal frame­work for pri­vacy and pro­tec­tion of data shared by the in­di­vid­u­als and en­ti­ties

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.