regular-article-logo Sunday, 04 June 2023

Editorial: Gaps remain

India’s data protection law, mirrors China’s, which also lets the govt snoop on personal data

The Editorial Board Published 24.11.21, 01:09 AM
Representational image.

Representational image. Shutterstock

Data is the new gold. So said Prime Minister Narendra Modi two years ago, addressing supporters and potential investors during a public event in the American energy capital of Houston. On Monday, Mr Modi’s government moved a step closer to enacting a law detailing rules for mining this new, lucrative commodity. A joint committee of Parliament has finalized its report on the personal data protection bill, a draft legislation that promises — for the first time — data privacy rights for Indian citizens. Parliament is expected to debate and, possibly, vote on the bill in the upcoming winter session. The bill requires companies to give notice and seek consent from individuals before using their data, restricts the purposes for which they can use the data, and mandates that firms can only collect data relating to the services they provide. At the moment, two sections of the Information Technology Act that allow citizens to seek compensation for improper disclosure of their data are the only protection Indians have. With 900 million Indians expected to have internet access by 2025, a law that safeguards data privacy is the need of the hour.

But the bill does not apply equally to all stakeholders involved in this new gold rush. As the Congress leader, Jairam Ramesh, has pointed out, Sections 35 and 12(a)(i) of the bill give the government blanket powers to exempt its agencies from the proposed law without any parliamentary oversight. The draft legislation also requires that all data of Indian citizens be stored on servers located within the country. In a nation still awaiting answers to revelations that Israeli spyware was used to snoop on the government’s critics, these clauses will only amplify fears of abuse by the State. Unlike the Indian bill, other major democracies have sharply defined circumstances involving national security where governments are authorized to secretly access and use the data of citizens. The European Union’s General Data Protection Regulation and a similar British law guarantee data protection from the government. India’s model, on the other hand, closely mirrors China’s data protection law, enacted in August, which also lets the government snoop on personal data and insists that data be stored locally. If the Indian bill passes in its current form, it would undermine a landmark 2017 Supreme Court judgement that described privacy from the government as a fundamental constitutional right. That would be unfortunate. India is not China.

Follow us on: