The law to protect data needed soon

The problem of data leaks damaging the privacy of individuals is well-known, so too its effect on Indians who have suffered along with the rest of the world. What we need to see now is action in the form of tough new legislation to ensure the problem does not recur. A comprehensive law is needed to curb the practice of the commercial exploitation of data, its outright theft and myriad associated ways of compromising the data and identity of people. Europe, led by Germany, acted first in bringing in tough new laws to curb the misuse of personal data. India is yet to formalise its stand on this. Seminal work in this regard has been completed now by a panel headed by Justice B.N. Srikrishna, which has made a series of recommendations and it is up to the government to initiate the process of drafting a law and for Parliament to pass it.

The panel has outlined the definitions of sensitive personal data like a person’s biometrics, his religion, finances and health, sexual preferences, etc, while calling for a law that should delineate and prohibit data leaks which are abhorrent to privacy. Punitive fines are called for against international tech giants like Facebook and Google, which are extensively used by Indians on the Internet. The panel goes beyond that in asking for a fundamental change in the Aadhaar data law too in order to ensure that the world’s biggest database of people is not further compromised in handling data. Also, the panel has introduced revolutionary concepts in declaring that besides the data that companies hold, those stored by Aadhaar, tax authorities and social security databases are also sacred and as sensitive. It remains to be seen how quickly the government takes the recommendations of the panel as well as those made public by Trai through its inter-ministerial consultation process before presenting the law in Parliament.

An important principle the Srikrishna panel has initiated is that personal data of a user must be made over for use only after “informed consent” and that they should also be capable of being withdrawn by the user. This would mean the big tech titans of the Internet will be forced to comply and can defy it only at the peril of being fined hefty amounts. The amount of information a user gives away quite innocently or by disregarding the small print is still huge. However, tighter regulations would mean that not only the tech giants but also companies that deal with Aadhaar as the prime identity establishing data in India would have to change their methods of operation to uphold the primacy of the right to privacy in matters of personal information. We are in for a new era in the protection of personal data provided we act soon.