- 1 Problems on Data Security
- 2 Data Protection draft in India
- 2.1 Individual Rights are at the center of privacy and data protection.
- 2.2 A data protection laws must be based on Privacy Principles.
- 2.3 A strong privacy commission must be created to enforce the privacy principles.
- 2.4 The government should respect user privacy.
- 2.5 A complete privacy code comes with surveillance reform.
- 2.6 The right to information needs to strengthen and protect.
- 2.7 International Protection and harmonization to protect the open internet must be incorporated.
- 3 European Union Privacy Law
- 4 Conclusion
Problems on Data Security
Currently, India is facing a lot of problems with the data protection. The resentments are due to an improper legislative framework. Data protection has become a major problem in the country.
In a recent news from Uttar Pradesh, India. Two men dumped piles of potatoes outside CM’s house to highlight the plight of potato farmers.
In order to catch the culprits, cops tracked 10,000 phones, listening to each and every phone calls they made without their knowledge.
Privacy is no longer a privacy now.
Not only India, many other countries too facing this type of problems. You may have heard about the controversy of Cambridge Analytica, who stole public data from Facebook and tried to manipulate people with targeted ads.
This is the best time to pay attention to data security. India is missing cybersecurity and the same requires rejuvenation. Until there are strong cyber laws, cyber crimes cannot be reduced.
Every country should have a data protection regulator who can hold companies and governments accountable. Many companies collect users data without seeking any permission.
Companies mostly from IT and BPO sectors have access to all kinds of sensitive personal data of individuals across the world. This may include individuals with credit card details, personal details, financial details and more. Companies store these confidential data in electronic form which can be easily vulnerable in the hands of their employees.
Data Protection draft in India
A few years back in India, there was another controversy on leakage of aadhar data. It was easy to hack the aadhar database. Later, this case was brought into supreme court where government officials were found to be a defaulter.
Supreme court took a good decision by declaring that “Right to Privacy” is a fundamental right. It is intrinsic to people’s right to life. There should be a privacy law.
After a supreme court’s declaration, the government was forced to take a step for Data Protection.
Later, few organizations joined together and created a draft on Data Protection which named as Indian Privacy Code 2018.
The draft Indian Privacy Code contains seven principles.
These Principles are:
Individual Rights are at the center of privacy and data protection.
Today there are a vast amount of data which are being gathered in unaccountable ways which are beyond our control. So, a law on privacy protection should seek to protect natural persons, not be about protecting private industries.
We often hear that innovation and industries must be protected when such laws come into consideration. According to this draft, the best way to protect the industry is to build further trust between the industry and its users.
Today, since there is no accountability, we don’t know how our data is being used. People over a period of time may get switched off from the kind of services.
A data protection laws must be based on Privacy Principles.
This principle is about the reference to several human rights privacy. This starts from the influential report of Justice A P Shah, who in 2011 proposed several principles which should be reflected as user rights within such law.
This includes notice choice and consent which is important because we need to know how our data is being used and also have the ability to say that not to use our data and delete it if present.
A strong privacy commission must be created to enforce the privacy principles.
The third principle is about creating a strong and effective regulatory body called ‘The Indian Privacy Commission’.
Users by themselves may not be able to exercise all the rights given due to lack of transparency as well as the asymmetrical nature of the information that how or when or where the personal data is being used.
This is why it is important that a government body such as the privacy commission should have the power to investigate and also to lay down norms to make sure that this happens through a transparent process, making sure that this happens with enough public stakeholder consultation.
The government should respect user privacy.
The fourth principle is about the regulation of the government. Since we live in a welfare state, rely on it for all host of services like registrations of a vehicle, house, ration card, LPG etc.
The basis of the digital transformation is now putting a lot of this information within databases for which rights of individuals need to be protected.
It shouldn’t run the risk of excursions of rations of people suffering from hunger, or people from not getting the LPG cylinders on time.
A complete privacy code comes with surveillance reform.
This principle states that a complete privacy code comes with surveillance and interception reform.
Each action that we do, each movement that we make, even when we’re at rest, our digital devices constantly beeping out bits of data, revealing our information, time, frequency etc of our movements.
All these data has become very easy to gather, analyze, process, index and compile. This can be easily used to create a profile.
The right to information needs to strengthen and protect.
The sixth principle is about protecting the legislation of the Right to Information Act.
Ultimately both privacy and right to information or about the par of individuals and about making government accountable. It would be a tragedy if the privacy code would go towards undermining the Right to Information Act.
The Right to Information Act, 2005 has a distinct provision to protect privacy. Indian Privacy Code recommends that this should be maintained. But at the same time states that the privacy code will not override the Right to Information Act.
International Protection and harmonization to protect the open internet must be incorporated.
The final principle of the Indian Privacy Code is about recognizing that today our data flows internationally and these global data flows are necessary for availing the best innovative global services to the Indians, who are the second largest user base of internet users in the world.
This law should also enforce a certain amount of regulation on the foreign service provider(facebook, twitter, google, etc) to ensure that they gather the data in a way that it doesn’t connive the law.
This law should be harmonized with the international privacy principles of influential progressive legislations like GDPR.
People can share their views about this draft in https://saveourprivacy.in/
European Union Privacy Law
The European Union finally adopted the GDPR which stands for General Data Protection Regulation, is a new law on privacy protection. This law gives people more control over their privacy. It even seeks to punish companies who violate the privacy rights.
GDPR was adopted by European Parliament on April 2006. In May 2018, this law became enforceable. This is being applied to everyone who involved in processing data about selling goods or services to citizens of the European Union.
Organizations can be fined up to 4% of their annual global turnover. GDPR is seen to be the strictest data security framework in the world. For business there poses more restrictions on what they can do with the data in order to extract commercial benefits.
Implementing GDPR strengthens customer trust at a reputational. A risk associated with data security breach is very costly. GDPR is the best and necessary step taken by EU in order to safeguard data security in this digital world.
Data protection law is very important. It is as important as other fundamental rights. The data protection law should be supported in India and share the knowledge with everyone so that everyone becomes aware of it.
European Union did a great job with GDPR, other nations should also inspire by it and take a positive initiative.
If you have anything to say about it, comment below.