Updated: May 2
This article has been authored by Kudrat Mann and Utkarsh Sharma, second year students at Dr. B.R. Ambedkar National Law University, Sonipat, Haryana.
The closer we move towards advances in the field of electronic communication, the greater the threat to individual privacy becomes. The vulnerability of personal data also increases with increasing consumer statistics of online communication mediums.
Why Data Privacy is the talk of the town?
Indian Legislation & Judicial Response towards Data Privacy
The right to privacy has got its present status as a fundamental right after being long scrutinised and neglected by the judiciary in a series of judicial decisions since Independence. In the case of MP Sharma & others v. Satish Chandra the Apex Court held that the drafters of the Constitution did not intend to subject the power of search and seizure to the fundamental right of privacy. The Court opined that the language in the Indian Constitution is not similar to the fourth amendment of the U.S. Constitution and hence questioned the existence of the very right of privacy as a fundamental right.
In the case of Kharak Singh vs The State of U. P. & Others theSupreme Court upheld the clauses of the Police regulation except for the night domiciliary visits on the ground that the right to privacy is not a fundamental right guaranteed by the Constitution.
It was only in the case of Justice K.S. Puttaswamy (Retd) vs Union of India in 2017, where the Apex Court recognised the right to privacy as a fundamental right of the Constitution. The Court accorded individuals the right to privacy under Article 21 and as part of the freedoms guaranteed under Part III of the Constitution. This judgement acted as a catalyst in legislative attempts towards data privacy. A Committee was formed under Justice B.N. Srikrishna to devise a stringent legal framework on data privacy which further gave shape to the Data Protection Bill 2018.
The Data Protection Bill 2018 which is under consideration of the Joint Parliamentary Committee (JPC) deals with the provisions of personal data, sensitive personal data and critical data. This Bill shall govern the personal data by government, private entities and entities which are incorporated overseas. The Bill shall regulate the cross-border storage of data in which the data fiduciaries shall have to keep a serving copy of all personal data in a server located in India which can be broadly termed as data localization. The critical personal data as stated by the Central Government shall only be kept in the territory of India. The Bill also has provisions regarding the Data Protection Authority which can levy penalties on data breach which can attract a penalty of two per cent of the turnover worldwide of the previous financial year and five crore rupees.
Data Localisation- Immunity to Cross Border Transfer &- Impediment to Tech Giants
The concept of data localization is a celebrated concept of recent times as the states are looking for the security of personal data of their citizens and are planning to restrict the storage of data of the populace in foreign states. The Reserve Bank of India on similar lines introduced the concept through the guidelines of Storage of Payment system Data which directed all payment service providers to ensure that data relating to their payment systems should be stored in the jurisdiction of India. The Data Protection Bill 2018 also sheds light on the provisions of data localization especially in the aspect of cross border transfer of personal data. Critical personal data is the most prominent aspect to emphasize data localization in India.
The data localization shall help the state in securing personal data of the citizens which is also their fundamental right after the landmark judgement of 2017. The author believes that the said provision shall help in evading the circumstances of influencing the voters through social media in a particular state from foreign think tanks and research centers by collecting electoral behaviour of the voters which in turn shall protect the truest essence of democracy. The aforesaid provision shall also help the law enforcement agencies and cybersecurity cells in tracking and identifying the offenders. However, this provision will also face challenges of building infrastructure, financing and a skilled workforce to establish data storage centers.
The above-mentioned provision has several benefits in implementation particularly in the interest of the masses but simultaneously there are some genuine concerns on the side of tech giants. The major concern of the tech giants is that it will emphasize on a protectionist policy among the states and create a domino effect which shall further affect the ease of doing business, infrastructure as well as the financial and technological burden on them. Another major criticism of this provision is that it gives the state access to the data of the users which can be misused if the cybersecurity system of the state is weak which will further create a sense of apprehension among the user base of that particular state.
Way Forward & Conclusion