The 21st century opened with high hopes and lofty ideals. This era bespoke of a technological explosion and the multitudinous ways in which information is shared. Substantially, a gargantuan figure is there in which ‘data’ is exchanged today. This is a connoted phase of ‘information and data exchange’. The data that we share can be in its vivid form i.e. it might be a personal data or sensitive information or something of general records from the government functionaries. Per se there can be a classification of these data. Undeniably, Globalization has rendered a wide reverence and acceptance to the technology and analogous to it is the rapid rate of the exchange of data that we share today.
But it has invited challenges to the ‘privacy of the data’ that we share. Now to succinctly introduce the concept of privacy, it is to aver that the word privacy may have different meanings, from a different perspective and in a different scenario. Probably this was our culture and living style, or, the ‘un-anticipation’ about upcoming and fast-growing technology that has not compelled the lawmakers to include the issue of privacy while framing the legal structure for the nation. The Latin word is synchronous to the meaning “separate from the rest”. It is the capability of an individual or group by which they seclude themselves or information about themselves and thereby reveal themselves selectively. Privacy can be understood as the right of an individual to decide who can access the information when they can access the information, what information they can access. In the Indian law in reference to Article-21 of the Indian Constitution as well as at the international level as Human Rights, privacy has been duly acknowledged to be transcendent in its nature and private to the person who shares data.
In the Indian regime, the legal and policy framework does not mitigate the threats to the privacy of data. There is a lack of proper privacy legislation model so it is extremely difficult to ensure the protection of privacy rights. But in the absence of specific laws, there are some proxy laws or incident safeguard that the government is using for privacy purpose. Certain legislative framework that provides indirect support to privacy concerns in India, like Article 21 of the Indian Constitution, Information Technology Act 2000, Indian Contract Act 1872, Indian Penal Code 1860, Indian Copyright Act 1957, Consumer Protection Act 1986, Specific Relief Act 1963 and few more. Howsoever, as irksome as it may sound, still our data is not private to us. There is lacuna in the legal framework which is giving loops to be intruded in and it may result in severe impairment of our privacy concerns. As stated earlier also, there is no comprehensive law and the privacy issue is dealt with some proxy law which has no convergence on the privacy issue. There is no classification of Information as public information, private information and sensitive information. There is no legal framework that talks about ownership of private and sensitive information and data. There is no certain procedure of creating, processing transmitting and storing the information. There is a lack of any guideline that defines about Data Quality, Proportionality and Data Transparency. And subsequently, also there is no framework that deals with the issue of cross-country flow of information.
In my view, to comprehend the data privacy issue, at the first instance the laws should be framed which are technology agnostic. The Personal Data Protection Bill, 2018 should be given the shape of law as soon as possible. The data that is shared is both to the private entities as well as the government. Thus, accordingly, the law must be convergent to technological implication. The notion is that the successive stages of Data collection, Data Storage, Data Process and Data Access must be regulated by law and monitored with rigour and binding provisions. There should always be human autonomy to the data that we share as also embarked in the K.S. Puttaswamy judgement. The accountability factor should be involved and proper representation should be there of the controller. But all these should prelude to a more structured law and regulatory framework which asserts the Data Privacy.
Innumerable case laws and principles can’t succour to the idealised concept of ‘Data Privacy’ but structured enforcement. ‘Data Privacy’ is sacrosanct to the enshrined and emerging principles of Article-21. All the domains and their vivid dimension should be meted out and be laid on papers with a coherent and manoeuvred guideline. ‘Data Privacy in India’ should not just remain as mere idle incantation but it must become a living reality for the subjects. The laws that will be framed should be scalable and accommodative to future needs also. It is needed not for individual Privacy but also for the economic growth of the country. Otherwise, welcome to the D-day of Data Privacy!