Somnath Lahiri was a member of the Constituent Assembly who had put forward the proposal to make the right to privacy of correspondence a fundamental right. However, this proposal failed to get an affirmative response in the Assembly.
As years moved on, our Apex Court played an important role in addressing a myriad of cases that dealt with the right to privacy which led to it attaining a rightful position under the Right to Life and Liberty as provided under Article 21 of the Constitution.
In the case of Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors., the Supreme Court upheld that the right to privacy is protected under Part III of the Indian Constitution. The decision came in response to a reference made in connection with a legal challenge to India’s Aadhar national identity programme.
Another right which is an extension of the right of privacy has been evolving under the Indian constitution which is the right to be forgotten. This peculiar right is also known as the right to erasure. The journey of the Right to be Forgotten began with a landmark decision by the Karnataka High Court in the case of Sri Vasunathan v. Registrar General, in which a petition was filed to have the name of the petitioner’s daughter removed from a judgment that had harmed his daughter’s reputation as it appeared on various search engines.
As a result, under Article 21, the right to be forgotten has been integrated with the right to privacy.
Legal Framework in India
Constitution of India :
The right to life and liberty as provided under Article 21 also now includes the right to privacy which is a right to be left alone.
Indian Contract Act, 1872 :
Section 27 of the Indian Contract Act allows parties to include a clause in their contracts that safeguards data, such as a confidentiality clause.
Information Technology Act, 2000 :
With the advancement of technology and India’s development of a digital economy, the Act’s importance has grown, as it now covers data protection. It establishes a legal framework to prevent database misuse and imposes severe penalties for cybercrime.
Indian Penal Code (IPC), 1860 :
Some of the sections of the IPC, 1860 that highlight the need to protect the privacy of an individual are sections 354C and 354D on voyeurism and stalking. Section 228A provides punishment for disclosing the identity of the victim of certain offences, especially in sensitive cases.
Journey of the Personal Data Protection Bill
In 2017, with the aim of laying out a concrete framework for data protection, Justice B.N. Srikrishna Committee was established which later went on to propose a draft for a Personal Data Protection Bill.
The PDP Bill is a comprehensive framework emphasizing obtaining prior consent to use individual data and the reasons for processing such data by companies that are called Data Fiduciary. This applies to the government, any Indian corporation, Indian citizens or bodies formed in India, and foreign companies that deal with the personal data of Indian nationals.
Data Fiduciaries would be obligated to maintain transparency and accountability by incorporating some of the following measures :
- Including security safeguards;
- Regular audit of its policies;
- Appointing a data protection officer; and
- Establishing a grievance redressal mechanism for individuals to be able to address their complaints.
On the other hand, the PDP Bill offers the Data Principal or rather the individuals with certain rights like :
- Getting information from the fiduciary on the status of their data being processed;
- To make corrections regarding any inaccurate or incomplete information or even in order to update any personal data;
- Data portability is the right to have one’s personal data transferred to other fiduciaries; and
- Right to be forgotten ensures restriction of disclosing any personal data by the fiduciary.
Intermediaries on social media facilitate online connection by allowing people to share information. As a result, the Bill stipulates that intermediaries with users over a certain threshold are more likely to have an impact on electoral democracy or public order as a result of their acts.
Thus, the PDP Bill proposes to improve data privacy and data management standards in a manner similar to the European Union’s General Data Protection Regulation.
Unfortunately, the provisions covered under this Bill exempt the government agencies from adhering to the requirements of this Bill on grounds pertaining to sovereignty and security of the State and public order thereby diluting the right to privacy. This is because a simple directive from the Central Government authorizing any government agency to process personal data can give them the authority to undertake surveillance without any explicit safeguards in place.
Conclusion
Overall, this Bill is exactly what our country needs to replace the current obsolete and diverse data protection regime. At the same time, this will be a positive move for companies and the government to work together on a more transparent basis, accompanied by innovation and growth, which will help the digital economy flourish even more. It all functions as a single huge umbrella that encompasses a slew of specific requirements for personal and non-personal data, data localization, monitoring social media platforms, enforcing data protection authorities, and more. As a result, the government should act swiftly to pass the Personal Data Protection Bill 2019.
