Data Protection in India | 24 May 2021
Why in News
Recently, the Ministry of Electronics and IT (MeitY) has sent a notice to WhatsApp asking it to withdraw a controversial update to its privacy policy which might be a threat to Data Protection of Indians.
Key Points
- About the Issue:
- According to WhatsApp’s updated privacy policy, users would no longer be able to stop the app from sharing data (such as location and number) with its parent Facebook unless they delete their accounts altogether.
- Its privacy updates are designed to make the business interactions that take place on its platform easier while also personalising ads on Facebook. That is how it will have to make its money.
- According to the Government, the messaging app discriminates against Indian users vis-à-vis users in Europe on the matter of a choice to opt-out of the new privacy policy.
- WhatsApp users in Europe can opt-out of the new privacy policy owing to the laws in the European Union (EU) called the General Data Protection Regulation (GDPR), which shield them from sharing data from Facebook or grant them the power to say no to WhatsApp’s new terms of service.
- According to WhatsApp’s updated privacy policy, users would no longer be able to stop the app from sharing data (such as location and number) with its parent Facebook unless they delete their accounts altogether.
- Data Protection (Meaning):
- Data protection is the process of safeguarding important information from corruption, compromise or loss.
- Data is the large collection of information that is stored in a computer or on a network.
- The importance of data protection increases as the amount of data created and stored continues to grow at unprecedented rates.
- Data protection is the process of safeguarding important information from corruption, compromise or loss.
- Need:
- According to the Internet and Mobile Association of India (IAMAI)'s Digital in India report 2019, there are about 504 million active web users and India’s online market is second only to China.
- Large collection of information about individuals and their online habits has become an important source of profits. It is also a potential avenue for invasion of privacy because it can reveal extremely personal aspects.
- Companies, governments, and political parties find it valuable because they can use it to find the most convincing ways to advertise to you online.
- Laws for Data Protection across the Globe:
- European Union: The primary aim of the General Data Protection Regulation (GDPR) is to give individuals control over their personal data.
- US: It has sectoral laws to deal with matters of digital privacy such as the US Privacy Act, 1974, Gramm-Leach-Bliley Act etc.
- Initiatives in India:
- Information Technology Act, 2000:
- It provides for safeguard against certain breaches in relation to data from computer systems. It contains provisions to prevent the unauthorized use of computers, computer systems and data stored therein.
- Personal Data Protection Bill 2019:
- The Supreme Court maintained the right to privacy as a fundamental right in the landmark decision of K.S. Puttaswamy v. Union of India 2017 after which the Union government had appointed Justice B.N. Srikrishna Committee for proposing skeletal legislation in the discipline of data protection.
- The Committee came up with its report and draft legislation in the form of the Personal Data Protection Bill, 2018.
- In 2019, Parliament again revised the Bill and much deviation from the 2018 Bill was evident. The new Bill was named as Personal Data Protection Bill, 2019.
- The purpose of this Bill is to provide for protection of privacy of individuals relating to their Personal Data and to establish a Data Protection Authority of India for the said purposes and the matters concerning the personal data of an individual.
- Information Technology Act, 2000:
- Concerns Related to Personal Data Protection Bill 2019:
- It is like a two-sided sword. While it protects the personal data of Indians by empowering them with data principal rights, on the other hand, it gives the central government with exemptions which are against the principles of processing personal data.
- The government can process even sensitive personal data when needed, without explicit permission from the data principals.
- It is like a two-sided sword. While it protects the personal data of Indians by empowering them with data principal rights, on the other hand, it gives the central government with exemptions which are against the principles of processing personal data.
Way Forward
- In this digital age, data is a valuable resource that should not be left unregulated. In this context, the time is ripe for India to have a robust data protection regime.
- It is time that requisite changes are made in the Personal Data Protection Bill, 2019. It needs to be reformulated to ensure that it focuses on user rights with an emphasis on user privacy. A privacy commission would have to be established to enforce these rights.
- The government would also have to respect the privacy of the citizens while strengthening the right to information. Additionally, the technological leaps made in the last two to three years also need to be addressed knowing that they have the capacity of turning the law redundant.