Open Access Research Article

PDP Bill And The Fight For Data (By-Sanidhya Bajpai)

Author(s):
Sanidhya Bajpai
Journal IJLRA
ISSN 2582-6433
Published 2022/09/05
Access Open Access
Volume 2
Issue 7
Download PDF Open PDF Citation Search Scholar

Published Paper

PDF Preview
Download Open

Article Details

PDP Bill And The Fight For Data
 
Authored By-Sanidhya Bajpai
 
 
Abstract
 
Harvesting of data by tech companies has become a norm of the day. The personal data of the consumers provide the tech companies with a lot of insight into the proclivities of the user and helps them design their products better. The harvested data of consumers is also used for targeted marketing campaigns and personalized products. This process of gathering data by breaching the privacy of the people has a detrimental effect on the individuality and sovereignty of the people. The extending breach of consumer privacy lead to digital privacy awareness and the demand for laws for protecting personal data. The bill aims to provide autonomy to the users by giving them the freedom to consent for the data they want to give. It aims to protect the personal data of the individuals from the tech companies by giving them a plethora of rights but on the other hand, it infringes the privacy of the people disguised as exemptions in the name of security of the state. The bill aims to give unrestricted powers to the government to infringe people’s privacy in the name of the security of the state without any recourse to the afflicted. The bill negates the rights which it provides and does away with the Supreme Court’s privacy judgment.
In response to the growing concern over data privacy, the Indian government introduced Personal Data Protection Bill, 2020 in the parliament, which was later sent to Joint Parliamentary Committee for recommendations. This legislative comment analyzes the bill and looks into the deficiencies in the bill with respect to data protection.
 
 
 
 
 
 
 
 
 
 
 
Pdp Bill And The Fight For Data
Whoever owns the data owns the world in today's globalized world. The race between tech behemoths to amass more data than the competitors has been underway for some time. Data privacy is gradually becoming a pipe dream that only those without smartphones can afford, perhaps they also can't. The battle for data has transcended national lines; data is the new money, and digital giants are leaving no stone unturned in their quest to possess the most of it. In such a hostile atmosphere, a stringent and citizen-centric data protection measure is critical, so that citizens do not become pawns in the hands of multinational corporations. The government of India introduced a Data Protection Bill namely Personal protection Bill in Lok Sabha. This article tries to expose certain serious problems in the Bill that could jeopardise people's privacy and violate the Indian Constitution.
 
Right To Privacy In India
The supreme court of India held in KS Puttaswamy v Union of India[1] the right to privacy as a basic fundamental right under article 21 of the Indian constitution. Following the decision, discussions for enacting a data protection act in India began to gain pace. In 2019, the Lok Sabha passed the Personal Data Protection Bill, which was then forwarded to the Joint Parliamentary Committee, which issued its report in December 2021. The measure aims to protect individual data as well as establish a Data Protection Authority in India.
 
Overview Of The Bill
The PDP bill aims to give citizens a lot of power over their personal data, including the right to control their data and choose where to give their consent. It also makes it mandatory for data principals (the term given to the person to whom data relates) to give explicit consent to each part separately. There are a lot of other rights that the bill provides, but given that privacy is such a layered and nuanced topic, and the data protection law was made in such a short time, some fallibility was expected. The PDP bill, which meant to give citizens control over their data in a variety of areas, contradicts this objective and goes against the fundamental value of privacy. It offers the data principle some autonomy in terms of data processing and the freedom to choose whether or not his data is processed, but it also gives employers and, of course, the government a lot of unlimited power through exemptions.
The bill in its venture to protect the data of the citizens of India from the breach of privacy tech giants, IT companies and numerous other sources makes it somewhat difficult for them to operate[2] and it allows the state to exempt its authorities from the bill. This makes the bill, a bit counter progressive. The bill bestows authority with a lot of power, from allowing the collection
 of data of the people without any notification to them, to exempting its authorities from the bill.
 
Concerns In The Bill
Section 11[3] of the PDP states that the personal data shall not be processed unless the consent from the data principal is taken, 11(2)[4] makes it clear that the consent should be free, informed, specific, and clear. However, the bill goes on to say in Section 11 (6)[5] that if the data principal withdraws consent without any valid reason, the legal consequences shall be borne by the data principal. The term without any valid reason leaves a huge scope of ambiguity and misinterpretation, also what would be considered a valid reason is not defined. Moreover, it negates the prospects for which the bill was introduced by threatening consequences without any explanation.
Section 12[6] of the bill grants the power to the state to process information without the consent of the data principle for the performance of the function of the state as authorized by law. The said section gives the government the authority to process personal data with blatant disregard for privacy, for purposes of provision of any service or benefit to the principal, for medical purposes, and for compliance with judgment among others. By authorizing the government to process the personal data without consent the bill takes away the primordial reason to bring in the law, which is to protect the right to privacy of the citizens.
Section 13[7] of the bill gives employers the immense power to process the employee’s personal data without consent. It authorizes the employer to process personal data for the purpose of recruitment and termination without any consent from the data principal. By giving employers the right to process personal information the bill here again jeopardizes the right to privacy of the employees.
Section 33[8] of the PDP Bill makes it mandatory for the companies to store sensitive personal data in India, it allowed the companies to transfer that data outside India, but the storage of data should be localised. This means that the tech companies like WhatsApp, Facebook, Instagram, telegram need to have a localised space in India to store our personal data. Facebook and Google have expressed their apprehensions regarding the localised storage of personal data[9]. The proponents of this bill have supported the localisation of personal data stating that the localisation of data will bring tax benefits[10] and economic opportunities. Meanwhile this has been criticised by the privacy rights champion, as pushing for storage of personal data in India or localisation of data will lead to easy access of personal data to local law enforcement agencies, which seems to be the perceptible motive[11].
 
 
 
Seemingly the most unfathomable part of the bill is the section 35[12] which bestows the central government with the power to exempt any of its agency from applicability of this bill for processing data without any consent in order to protect the integrity, sovereignty, security of the state and public order.
The loose wording of this section gives the state unrestrained powers under the garb of national security. The powers under this section gives a huge scope for misuse by the state and a minuscule recourse for the aggrieved. By giving itself the unquestioned right to process data of absolutely anyone on mere the satisfaction of the central government, the bill somewhat negates the rights which it bestows. Right to privacy as envisioned by the supreme court of India is primordial, basic, fundamental right under article 21[13] and it cannot be taken away on the mere assumption of threat and state needs to provide reasons for its actions and follow a due diligence but this bill authorizes the government to exempt its authorities from the bill on mere satisfaction of the government, which is flagrant abuse of the right to privacy of the citizens, although the bill makes the government record the reasons in writing but without any overruling authority that is going to make little or no difference, when in the name of security of the state the state will try to infringe the privacy of its citizens.
The Supreme Court in KS Puttaswamy[14] gave threefold condition which any law infringing fundamental rights needs to pass. The conditions which are to be passed, for a fundamental right to be infringed are (i) existence of a law; (ii) legitimate state aim; (iii) proportionality. And in this Bill the Central Government overlooks these conditions laid by the Supreme Court and allows its authorities to be exempted from the bill on mere satisfaction of government for maintaining public order by recording the reasons in writing.
The Joint Parliamentary committee has made a slew of suggestions[15] including development of indigenous systems for financial transaction on the line of Ripple (USA), a statutory body for the regulation of media, a fixed transition period through which the act would be implemented in India, and the change of name from Personal Data Protection Bill to The Data Protection Bill, to also include processing of non-personal data. The most glaring recommendation of JPC is in the case of government surveillance, where it says that the surveillance must be based on necessity as laid in legislation. The JPC's recommendations do not provide individuals with the much-needed data autonomy and sovereignty.
 
 
 
 
 
 
 
 
 
 
Conclusion
Overall, the bill gives citizens a lot of data autonomy, but it's still a long way from being a perfect bill that protects people's personal data and the state's security, and despite the JPC's valuable recommendations, the country is still a long way from enacting a comprehensive individual-centric data protection act.
In the midst of the global struggle for data ownership, billions of people's privacy and individuality have lost their worth. Individuals' personal information has become a trading product for businesses, and dare I say, the government isn't wasting any time in depriving individuals of their fundamental rights[16] and infringing on their privacy. The bill establishes central power over the masses and IT behemoths, in the name of defending individual autonomy.
Individuals should have more autonomy, less infringing powers, and a sovereign committee to oversee the operation of the Data Protection Authority. The liberal nature of the constitution must be retained for a healthy democracy, and the state must not become the big daddy of the masses. The history of the world reminds us that giving unrestricted power to a central authority can be drastic, and the history has a tendency to repeat itself.
 
 

Article Information

PDP Bill And The Fight For Data (By-Sanidhya Bajpai)

Authors: Sanidhya Bajpai

  • Journal IJLRA
  • ISSN 2582-6433
  • Published 2022/09/05
  • Volume 2
  • Issue 7
Citation Download Paper Full Details Search on Google Search on Google Scholar

About Journal

International Journal for Legal Research and Analysis

  • Abbreviation IJLRA
  • ISSN 2582-6433
  • Access Open Access
  • License CC 4.0

All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.

Creative Commons

Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.

Current Issue

Ethics and Policy

For Authors