By- Chandra Lekha

Privacy is one aspect in this modern tech-savvy world that haunts every individual. Data surrounds us and is generated in virtually everything we do, one type is the data we may voluntarily share, and the second type is the data which is generated literally every time people do something –whether it be using social media platforms or ordering a meal or using transportation, etc. Data collected may be personal data or sensitive personal data. The issue gets complicated when other parties enter the domain and get access to the information. One no longer controls that which has been disseminated to countless other spaces and expanded over the web.

With personal data being collected by private companies and state entities in vast amount, & their flow across natural jurisdictions without an adequate law in India has been a cause for deep concern.

The need for legislation was only underlined with the landmark judgment in Justice K.S Puttuswamy Vs Union of India that held the right to privacy to be a fundamental right.

The simple act of browsing a website can invite third parties and strangers to assess one’s personal information. The tracker cookies that sites drop without user’s knowledge in their browser can now build and share uncannily accurate profile of the user based on the sites they visit, and can deliver tailored advertisements.

As rightly pointed by polish sociologist Zygmunt Bauman, we are once consumers and commodities. Corporate marketers are gathering personal data from social media giants to understand the consumer behavior there by to overcome thin profit margins. As stated in a research paper social media giant like facebook builds a data intensive infrastructure on the web where data continuously flows between users , facebook, websites, apps, web masters, app developers and advertisers in order to gather more data to ad-tech industry. These data sharing indeed practices causes serious intrusion of privacy of users. These companies acquire users data in the guise of its policies leaving its users oblivious as to the purpose for which they are being harnessed.

The instance of contract involving data sharing between facebook and whatsapp has been challenged in the Supreme Court in Karmanya singh Vs Union of India on the ground that such policy is in violation of user’s right to privacy. And with the emergence of new technologies like AI and IoT , the risks of data breach are pushing their way along with their conveniences. The far reaching implications of the menace of data breach is that, it is now interfering with election process in major democracies by manipulating public opinion. It was estimated that the personal data of 5,62,455 users in India was improperly shared with British consultancy firm Cambridge Analytica after users accessed an App,” thisisyourdigitallife”, between November 2013 and December 2015.

Up until now, privacy laws in India offer little protection against misuse of personal information. Data protection in India is governed by some provisions of IT Act, 2000 and provisions of Sensitive Personal Data and Information , 2011, which so far has proved to be inadequate.

It is only after the apex Court declared right to privacy as a fundamental right, efforts are made by the state to bring in a second legislation-Personal Data Protection Bill- for governing data protection and privacy. In many ways the draft legislation resembles the GDPR, the model legal framework in EU. The bill essentially makes individual consent central for data sharing. It seeks to codify the relationship between individuals and entities/ state institutions as one between “Data Principals” and “Data Fiduciaries” so that privacy is safe guarded by design. This is similar to contractual relationship that places obligations on the entities entrusted with data and who are obligated to seek the consent of the principal for the use of personal information. The bill puts the onus on the Data Fiduciary to seek clear, informed, specific and free consent, with the possibility of withdrawal of data of the principal to allow for the use and processing of sensitive personal data.

The draft legislation seems to be a good move protecting data privacy in digital spaces but it is anybody’s guess as to when the data protection law is likely to see the light of the day meanwhile the noise around data privacy and data protection only seems to grow, bringing in new dimensions and challenges for us to explore.

Note- Views and opinions as expressed in this blog are solely of the author and Indian Legal Wing is not liable for the same. The information contained in this blog is for general information purposes only. We endeavour to keep all the information up to date and try our level best to avoid any misinformation or any kind of objectionable content. If you found any misinformation or objectionable contents in this website please report us at indianlegalwing@gmail.com