Data Governance Within The Personal Data Protection Bill & Criminal Law And Privacy

The third working session at the Bar Association of India's Seminar on the Personal Data Protection Bill, 2021 held on 3rd May 2022 at New Delhi and looked into the data governance and criminal law aspect of the data protection bill. The session was chaired by Shri Shyam Divan - Senior Advocate & Vice President, BAI. He started the discussion introducing all the speakers. Rajeev Dutta: Mr. Rajeev Dutta is a senior advocate at the Supreme Court. He is also an arbitrator and mediator for multiple national and international dispute resolutions. He is the country representative for India at the International Bar Association Mediation committee. Mr. Dutta noted that a lot of tinkering has been done with the bill that was drafted by the BN Srikrishna committee, and this process of evolution will continue at the hands of the joint parliamentary committee. He invited the attention of the panel to the question of how this bill will affect the working of the courts. The impugned bill would potentially give rise to a stream of litigations and that would mean that advocates need to be well versed with all aspects of the bill. Mr. Dutta believes that as litigators, we have two articles of the constitution etched in our minds; Article 21, and Article 20(3). He marked the unanimous Puttaswamy judgment as the starting point of this conversation and laws on data privacy. The Supreme Court had stated that the right to privacy can only be limited by state action, and this bill can be seen as a step in that direction. He emphasised that this bill must ensure three things: State action has to come from a legislative mandateSuch action must pursue a legitimate state interest, and cannot be arbitraryThe action must be proportional to the cause both in its nature and extent, and ought to be the least intrusive of all alternative means. The purpose of the PDP bill is to prevent the breach of privacy and to classify data into personal, sensitive and critical to provide adequate protection for each. Mr. Dutta noted a few merits of the bill; all personal data offline and online shall require the explicit and informed consent of the individual before it is analysed or shared. Further, section 6 of the bill restricts data collection to be done only to the extent necessary for the purposes of processing such personal data. Section 7 gives detailed contents of the notice that is to be given to the data principles to inform them about the processing specifics. Uday Prakash Warunjikar Mr. Uday Warunjikar is the President of the Consumer Courts Advocates Association, Maharashtra and is the Vice President of the BAI. He started the discussion taking the panel to few examples of personal data breaches that have been happening across the country. Cases of identity theft via Aadhar details for committing fraud was recounted to emphasis the need for a data protection legislation. The need for specific legislations grows with a developing society. In the absence of the IT Act, 2000 offences of that nature would have to be filed as trespass under the Indian Penal Code. Similarly, the current legal framework lacks proper legislation to deal with data breaches and privacy. Section 66E of the IT Act punishes privacy violations on the internet, and Section 43A punishes negligent handling of personal data, however, these provisions prove insufficient and having a specific legislation like the current bill is imperative. Mr. Warunjikar noted that "No law is perfect; it will be ever developing". This bill being passed will also have a huge impact on our neighboring states that do not have a legislation on data protection so far. It will become a benchmark that countries like Bangladesh, Cambodia, Sri Lanka, Fiji, Kuwait etc. can take inspiration from while drafting their own laws on the matter. He concluded his speech noting a major flaw we have seen in recent cyber offenses, wherein the victim and the injury is proven, but the accused remains untraceable. The electronic evidence provisions must be read in line with the recent technological developments to enable maximum justice delivery in such matters. Anita Gurumurthy: Ms. Anita Gurumurthy is the founding member and executive director of 'IT for change'. She leads the research on economy, data, AI governance and the feminist aspect of digital justice. She is associated with many international organizations including the United Nations Secretary-General's 10-Member Group in support of the Technology Facilitation Mechanism. Ms. Gurumurthy's discussion on the bill was on lines of public interest and social justice. India's data governance approach is focused on utilizing the economic value of data. The inherent tension that exists in data laws is that they implicate natural rights like that of right to personhood but must also make provisions for utilizing data as a resource. The question that arises ...

Data Governance Within The Personal Data Protection Bill & Criminal Law And Privacy

Parvati Nambiar

Tags