“Privacy is an inherent human right and requirement for maintaining the human condition with dignity and respect” – Bruce Schiener
We are starting this blog with a positive quote but this is very ironic in the current situation. Right to privacy is interconnected with data protection because in the current scenario our data is on the web, if a tech giant company wants to access the data it can access it easily. In India, there is no cyber law or any data protection law which can protect our data. The personal data protection bill is on hold for almost two years.
Recently, Social media Platform Whatsapp introduced a new policy. It introduced a new policy to connect and share data with its subsidiaries. WhatsApp’s end-to-end encryption provision stays flawless, however, this just guarantees that it can’t see your messages, or offer them to anybody. With the refreshed protection strategy, WhatsApp would now be able to share one’s metadata – which is everything past the genuine content of the discussion.
In this blog, we will look into the constitutional provisions and also evaluate the personal data protection bill.
CONSTITUTIONAL PROVISION REGARDING PRIVACY
The nine Judge bench of the supreme court gave a unanimous decision in 2017 that “Right to privacy is intrinsic to right to life and personal liberty granted under article 21 of the Indian constitution”. It bases the order on the issues raised in the other case. Privacy had emerged when the apex court was dealing with the petitions challenging the government’s move to make biometric-based Aadhar mandatory for availing benefits of government services. Fear arose that data could be misused as Aadhar details being leaked were reported. The bench decided in favour of the fundamental right to privacy but did not decide the fate of aadhaar and did not comment on whether the government’s demand to link financial transactions to aadhaar was a violation of privacy.
The Right to Privacy is a fundamental right under Art. 21 and comes under Part 3 of the Indian constitution. “It is available to both citizens and non-citizens. It declares that no person shall be deprived of his life and personal liberty except according to the procedure established by law”.
Privacy means a range of things like the right to be left alone, protection or dissent of state surveillance, etc. It is also called a Human right by dome legal experts. But this right is not absolute. In this digital era, we are living now with advancement in technology, It can not advance without its users, and hence to protect one’s private information some rules and regulations need to be made. The government of India introduced the data protection bill.
PERSONAL DATA PROTECTION BILL, 2019
Data protection especially in a digital era where personal information is collected by both government as well as non-government entities is really difficult. When a service provider takes information from the user or when the state collects information from its citizen thus far there was no statutory protection of users interest, there was large power asymmetry, this situation was controlled by ordinary contract law and there was no legislative protection per se.
There was a large power asymmetry between users and service providers because the users have no idea to know about the harms that can be caused by the information gathered. The user had no idea why the information is collected, he has no idea with whom will the service provider share the information, he has no clue as to how long will the data be stored. Moreover sharing this information has become so common like for example whenever now you visit a supermarket you are asked to share your email idea, mobile number, etc, but this wasn’t the case when you used to visit your local grocery store.
Every service provider has now become data hungry because the collection of these data gives them the superiority of power as now they will be able to profile people and combine different databases and sense of people’s behaviour and various other things. First, it is important to understand what is meant by data. It is information related to a person that can bring you back to the person. Now to fix this asymmetry of power several countries now have various legislations to protect the data related to people. The Government of India also proposed a law known as Personal Data Protection Bill, 2019. The history of data protection starts with the aadhaar case. This bill borrows a lot from a bill of 2018 although the bill of 2018 was rejected and hence came the bill of 2019. The bill was drafted under the supervision of BN Srikrishna.
PROVISIONS & PROBLEMS WITH THE BILL
This bill promises to protect people’s data from entities collecting these data. The bill places obligations on data fiduciaries i.e those collecting the data and using it, It establishes a Data Protection Authority that will oversee and regulates the fiduciaries.
Under the provision of the bill, the data entities can’t collect personal data of the individual consent. Personal data is any piece of information that can be used to identify a person’s identity. When the government ID is the only source of providing information then no consent of the individual is required. But when the public, as well as private entities, can give services or benefits like health Insurance consent is important. The question that arises is that why is the government exempted from taking consent whereas private entities are required to.
Entities collecting the data will have to specify the purpose of data collection and ensure that the data is not stored beyond the necessary period. But the problems arise here because that when they collect the data for prosecution or investigation of offence, they be exempted to take consent by only ensuring that the data is processed for a clear, specific, and lawful purpose. This will imply that the fiduciary can now retain the data for longer than necessary and individuals will not have any rights over the data. Also, why can’t an individual file a complaint about just a violation of the right, and why infliction of harm is necessary? When a fiduciary collects data for his profit and that collection of data doesn’t harm the individual but to file a complaint the user will have to demonstrate the harm likely to be caused. Currently, the bill remains pending with the Joint Parliamentary Committee on Personal Data Protection.
WhatsApp has been an aim of discussion and analysis since the time it reported the new security strategy a month ago, which would connect the client information from WhatsApp to unique items and administrations of parent organization Facebook. Inconvenience is as yet thumping on its entryway, it appears because now; the government is looking at just as assessing the recent changes.
The commotion started after WhatsApp, in the most recent protection strategy update it turned out universally, itemized the way the Facebook-claimed informing stage measures the information of the clients and works with the online media goliath to offer incorporated types of help across Facebook items. What made the analysis deteriorate was how they required clients to consent to these terms of administration and security strategy.
WhatsApp, recently explained the refreshed security strategy, saying that the refreshed arrangement would not the slightest bit sway the private talks of people, which would keep on being ensured by end-to-end encryption. Comparable sort of security would likewise stay set up for bunch visits and brings made over WhatsApp.
As the right to privacy is a fundamental right then in this digital era, we strictly need a data protection law because everything is on the web from our location to our personal chats. On the off chance that India had a data information protection law set up, WhatsApp would not have had the option to proceed with this update in any case. Indeed, India’s data protection law has been moping for a very long time at this point. For example, WhatsApp’s new strategy rules will not be appropriate on the off chance that you live in the European Region because of the data protection law set up there.
Author(s) Name: Shivendra Nath Mishra (Chanakya National Law University, Patna)
Aamna Munaima (Chanakya National Law University, Patna)