What should be the key legal and policy cornerstones of India's data protection framework? Discuss in the light of Supreme Court verdict of August, 2017 upholding the right to privacy as a fundamental right.
In the age of information data is an asset. Business models use big data to identify the customer behaviour. Therefore with such commoditisation of data, there is a need to have a data protection law.
Unlike EU, India does not have a separate law on data protection. Legal protection of the personal information in India is provided by Section 43-A of IT Act. Under this provision, companies which compromise sensitive personal data are liable to pay compensation. Right to privacy is also inherent in article 21 mentioning the right to life and liberty and the latest law makes it explicit fundamental right.
Towards this, the executive and legislature actions will be needed to provide a data protection framework. The key legal and policy cornerstones of India’s data protection framework can be derived from AP Shah Expert panel report which included protection from unauthorized interception, protection from surveillance & use of personal identifiers, protecting physical and biological privacy aspects like DNA & retina scan. It also recommended that data protection law should take into account the aspect of consent, notice and informing the purpose while collecting data.
Though right to privacy is a fundamental right but it is subject to reasonable restrictions. Now the Parliament will need to define such reasonable restrictions. The challenge before legislature is also that the right to privacy is an open ended right, can’t be limited in absolute terms. This judgment is also going to have an impact on the uses of data collected Aadhaar.