The strife for the affirmation of privacy as a right is backed by a remarkable set of judicial precedents. The Indian judiciary has always tabled its stance upon the prominence of privacy whether as ratio decidendi of the case or as an obiter dictum. The terminology represents a space of non-intrusion by any entity until permission for such interference has been duly granted. In the minority judgment of Kharak Singh v. State of Uttar Pradesh1, privacy was recognized to possess a constitutional status under Articles 21 and 19(1)(d) of the Constitution of India. Furthermore, the term was assessed in the series of cases into which the most celebrated judgment of Justice K.S.Puttaswamy (Retd.) v. Union of India2 transformed the narrative of privacy by annexing the protection of personal data with the right to privacy.
A General Notion Of Personal Data
Personal data in general terms refers to particulars of an individual that can aid in identifying the person directly. The information relating to health history, finances, political choices, genetics, societal identity, commercial identity, etc., are of a nature through which the person can be deftly identified. Subsequently, such distinguishable information may lead to abuse of its sensitivity in manifolds. The idea of the legislature to penetrate the realm of personal data protection was to curb its maltreatment.
The legislature acknowledged the necessity of crafting a legal framework to curb the breach of personal data and embracing the privacy deciphered in the Puttaswamy judgment. In 2018, the first Data Protection Bill was prepared by a committee of experts having retired Justice B.N. Sai Krishna in Charge. The bill was later withdrawn as the Joint Parliamentary Committee recommended 81 amendments to it. Moreover, it was later presented by the Minister of Information and Technology, Ashwini Vaishnav on 18th November 2022 and was unlatched for public comments till 2nd January 2022. It embodies 30 sections segregated into 5 chapters and 1 schedule.
Changes Proposed In The Bill
Some of the major changes posited in the bill are aligned below: –
- The bill seeks to effectuate the crusade for women empowerment by incorporating the pronouns ‘she/her’ to refer to any gender.
- The footing of Data Fiduciary, Data Principal, Personal Data and its breach is clarified under the definition clause.
- Cross-border data exchanges will be under the surveillance of the Central Government as per section 17 of the bill.
- Consent for processing data will be deemed granted if the data falls necessary within the categories mentioned in section 8 including data related to employment.
- The personal data of children has received a spot in the bill.
- The position of Significant Data Fiduciary is retained to administer the entire channel.
- Data Principal has the right to acquire information related to the usage of data from the Data Fiduciary.
- Composition of a Data Protection Board under section 19.
- Insertion of the gate to undergo alternative mechanism for dispute resolution under section 23.
- The bill has isolated the power in the clutches of the Central Government by inserting “as may be prescribed”18 times the bill.
- By entrusting exclusive jurisdiction to civil courts, the bill precludes the jurisdiction of civil courts.
- The appointment journey of the board will move through the aisle of Central Government which will impact its fairness.
- It is encroaching on other rights by imposing unreasonable restrictions, for example “in accordance with the applicable laws and in such manner as may be prescribed” which is interfering with the Right to be Forgotten.
Suggestive Measures: A Way Ahead
- The non-digital personal data must be appended to bridge the gap.
- Must limit the infinite power in the hands of the Central Government.
- The age of ‘child’ must be scrutinized to walk parallel with the demand of evolving world and mushrooming young population in India.
- The personal data of a woman is reckoned as highly sensitive, usage of pronouns will not shepherd any revolution until there will be some specific stringent penalties for its abuse.
The Personal Data Protection Bill, 2022 is a legal framework introduced by the Indian government to protect against the breach of personal data and embrace privacy. The bill contains 30 sections divided into 5 chapters and 1 schedule.
Personal data refers to particulars of an individual that can aid in identifying the person directly. This includes information relating to health history, finances, political choices, genetics, societal identity, commercial identity, etc.
The bill seeks to incorporate gender-sensitive language, clarify definitions of data fiduciary, data principal, personal data, and data breach, retain the position of significant data fiduciary, establish a data protection board, and provide alternative mechanisms for dispute resolution.
The bill has been criticized for centralizing power in the hands of the government, precluding the jurisdiction of civil courts, impacting the fairness of the board’s appointment process, and imposing unreasonable restrictions that interfere with other rights.
Suggested measures include appending non-digital personal data to bridge the gap, limiting the power of the government, scrutinizing the age of “child,” and implementing stringent penalties for the abuse of the personal data of women.