Do you spend sleepless nights over loads of personal information — be it photos, videos or sensitive data — flooding various social media platforms? Have you been irked by the often little choice you have to grant access to your camera, microphone, contact list etc.? Well, some of these niggling worries could soon ease. The Justice Srikrishna Committee’s much-awaited draft Personal Data Protection Bill 2018, is out and if implemented could address some of the burning issues around privacy of personal information in India.
What is it?
Up until now, privacy laws in India offer little protection against misuse of your personal information. The transfer of personal data is currently governed by the SPD Rules (Sensitive Personal Data and information, 2011), which has increasingly proved to be inadequate.
The proposed Data Protection Bill 2018 essentially makes individual consent central to data sharing. The report notes that the right to privacy is a fundamental right. Unless you have given your explicit consent, your personal data cannot be shared or processed. Of course, this also means that the onus lies on you to make an informed choice.
Next, the draft bill also states that any person processing your personal data is obligated to do so in a fair and reasonable manner. In other words, your data should be processed only for the purposes it was intended for in the first place.
Failing to meet these provisions can cost companies dear, with the bill laying down penalties that can go up to ₹15 crore or 4 per cent of a company’s total worldwide turnover.
Why is it important?
Remember the recent admission by Facebook that the data of 87 million users, including 5 lakh Indian users, was shared with Cambridge Analytica? The very thought of personal data being used for unknown intentions, had sent ripples across the globe. Very recently, the EU had enacted the General Data Protection Regulation (GDPR) which establishes the right to privacy as one of the fundamental rights. It requires explicit consent from consumers for usage of their data. The Personal Data Protection Bill 2018 in India follows the implementation of the GDPR and has also taken cues from the legal frameworks in other countries.
There are some who feel that the India’s draft on data protection lacks the needed punch and does not address some of the key issues. Ownership of data for one has been completely ignored. The Telecom Regulatory Authority of India (TRAI) in its recent recommendations, had stated that each user owns his data and the entities processing such data are mere custodians. But the draft only treats data as a matter of ‘trust’ and not property unlike under the GDPR. Also under GDPR, the consumers have the right to demand deletion of their past records any time.
Under Srikrishna Committee’s draft, the ‘right to be forgotten’, is defined differently — right to restrict or prevent continuing disclosure of personal data. The process of justifying why the consumer does not want to continue giving consent is also long-winded.
Why should I care?
If you are an ardent user of social media platforms, then the prevalent privacy laws in the country, no doubt have far reaching implications for you. Facebook like incidents, pre-set or default consent forms that hardly give you a choice on sharing data or the constant messages asking for your permission to access your camera, location, contact list— call for a robust data privacy law that encompasses all players in the ecosystem.
The bottomline
Be sure you have gone through the fine print before giving consent for using your personal data.