The government has been presented with the draft data protection bill, and with that the debate about privacy of individuals has once again been kick-started. With some senior bureaucrats deciding to come into the ring themselves, a bigger slugfest appears to be in store.
However, even as the merits of the proposed legislation are being considered, the Supreme Court on Monday declined the centre’s offer to place on record the report of Justice BN Srikrishna committee on data protection before the five-judge constitution bench, which had reserved the verdict on pleas challenging the validity of Aadhaar. In rejecting the offer, the chief justice of India said it was not necessary for the apex court to take up the draft legislation. Regarding the draft legislation, as happens with every issue in our country, at the time when a serious discussion should be happening so much noise is created that the real issue is being drowned out. While there can be no argument that protecting the privacy of individuals should be top priority for the government, it must first clarify privacy itself — whether bank details, PAN number, residential address and email accounts of individuals alone constitute privacy, or whether an individual’s internet activity, his likes and dislikes, his sexual orientation and eating habits should also come under the purview of privacy. There are several grey areas when it comes to privacy matters and these are being interpreted by people as per their convenience, thereby generating confusion.
In today’s world, the technology that an individual is bound to use ensures that three kinds of entities would have access to private details of individuals. These are telecom service providers, those whose browsers are being used to surf the internet and, lastly, the search engines. So, in reality, there is actually a trade-off between an individual’s privacy and ‘ease of living’. The fact is that a large number of people have decided to choose ‘ease of living’ and sacrificed a part of their privacy. It is probably this choice which has made search engines and browser company Alphabet, parent company of google what it is today — a multibillion dollar company.
So, let’s divide the issue of privacy into two parts. First, are the details which a consumer is ready to give in order to avail services and in the process he is giving up some of his privacy. Second, are the details that an individual is being asked by the government to improve governance. Now, the second case involves personal data which is being taken to facilitate governance. It is true that for governance to improve, both citizen and government have to come together. So, to some extent, the government needs to have the data of those individuals but it also involves compromising on privacy.
Now comes the issue of taking care of data that gets generated and ensuring against misuse. In the first case, companies collecting data in lieu of giving some free services should be responsible for protecting that data. They should not be allowed to trade the personal data they have collected. Data should not be traded with third parties when the individual has no idea that his personal details are being shared with people without his consent. If the company concerned fails to protect that data hefty fines should be imposed. Meanwhile, a law should be framed providing for adequate punishment to employees of such companies. Our policy makers should realise that no technology company can afford to ignore the Indian market. In case of the digital world, it is not only the demographic dividend but the absolute numbers of India that offer fertile ground for business growth. The authorities have to make sure that for companies to do business in India, they have to protect the privacy of individuals.
In the second case where the government is taking data, it is the government’s responsibility to protect the personal data of individuals, because protecting personal details of an individual is also an integral part of good governance. In case of negligence by the government, penalties should be imposed too. For instance, if there is breach of data by a government department or regulator, the affected individual should be compensated monetarily and the officials designated to protect that data should be penalised.
It is important that there should be stringent standards for data protection. In a couple of months when the new insurance scheme for marginalised sections of society is implemented, there would be a colossal amount of personal data available in electronic form. That can be used and misused in many ways. Hence, it is imperative to have a law to guard against misuse of individual data.