Data Privacy Laws in India
One crucial and prerequisite demand of data privacy laws is that it needs to strike a balance between the legal framework for data protection that it proposes and the ability to effectively protect the privacy of the individuals while emphatically ensuring innovation.
What pertinent question the recent privacy laws of India give rise to is that is the recently proposed data protection legislation in India effectively strikes their balance?
Last year, the Indian government passed the Personal Data Protection Bill. This had provided for the establishment of the first cross-sectoral legal framework for effective data protection in India which until now was emphatically missing.
However, according to various experts, India’s introduction of privacy laws does not address the privacy-related harms in the economy like India which is data sensitive and is going through a digitalization stage.
Instead, of addressing the privacy framework or the vertical, we can scrutinize whether the bill proposes a robust preventive framework.
This effectively in many ways oversupplies the government with the immense power to intervene and strengthen its authority which cannot be too beneficial for the economy or the social structure of India.
One direct consequence of the diabolical aspect is that it can lead to an immense increase in compliance costs. Such costs will have to be borne by the businesses across various sectors of the economy.
Other than the business consequence of the laws, it is to be noted that effective protection of the privacy of an individual is highly necessary as privacy necessarily serves as a means to protect various personal facets like free speech and sexual autonomy.
Given the rise of homophobia and specially caste-based violence in India, it is quite imperative that such rights are protected at all costs. Thus, it can be rightly stated that a robust framework for protecting personal data is the need of the hour which is a contentious subject that lies untouched by the government.
The privacy framework needs to be designed along with a more precise understanding of the role of privacy in the whole society.
What makes the laws even more contentious is the fact that the proposed diabolical framework is not only quite unlikely to protect the privacy of individuals adequately but also emphatically strengthens the role of the state in the data economy.
Given that the process of digitalization is underway in India, the placement of immense power in the hands of the state can prove to be quite diabolical.
On the other hand, more problematic is the consequence of diluting the property rights in data due to an emphatic rise in the state’s power to surveil. This can quite detrimentally lead to deleterious consequences for innovation in the economy which is the prerequisite demand for growth and newer technologies.
But why were these privacy laws needed in the first place? It is to be noted that the recent privacy laws are in, line with the larger context of India’s debate, that had been raged on the right to privacy.
As aforementioned, the proposed preventive framework will usually lead to significant compliance costs for various private businesses. This will be due to the fact that the bill will effectively regulate the data that is used in all sectors across the society for economic activity.
Thus, this will, quite simply, establish new compliance requirements that will need to be followed by the vast majority of affected businesses so as to be on the right side of the law.
Now, why it poses a big threat is due to the fact that most of the businesses in India are quite small. Thus, such overcomplicating, and demanding compliance requirements would be particularly onerous for them. Subsequently, this will also force the government to compel the businesses to share certain nonpersonal data with it.
This directly will have a negative impact on innovation and economic growth in the long run.
The list of detestable attributes of the privacy laws goes further. Another major issue that has been pointed out by various analysts is that the bill effectively proposes to design or construct the Data Protection Authority.
It is to be noted that the same authority or the body will be tasked with the power to regulate the provisions of the bill and frame fresh regulations on various issues.
These issues can be forming regulations on mechanisms for taking consent, or perhaps the limitations on the use of data. In fact, the body is also powered to form or alter rules for the cross-border transfer of data.
Thus, it can be rightfully stated that the supervisory mandate of the body known as the Data protection authority is rather quite sweeping and immense.
The power is particularly immense as the body has the power to effectively regulate a wide array of preventive obligations. These preventive obligations can involve various facets like security safeguarding and transparency requirements, that have to be implemented by businesses.
Thus, given various contentious aspects of the bill, will the government wake up to the discrepancies and will try and mitigate the unwarranted consequences of the bill? It is something only the government’s agenda and long-term goals can answer.
Tags: data protection act, data privacy act, personal data protection act, data protection law, personal data protection bill, personal data protection, data privacy laws, data protection bill, data protection act India, data protection regulation, data protection authority
