Introduction
The Lok Sabha and the Rajya Sabha allegedly granted an allowance parliamentary committee to submit its report on the Personal Data Protection Bill, 2019[1] (PDP Bill) for the fourth time recently. The previous suggestion report’s deadline was extended till the latter half of the Budget Session. According to numerous sources, the Committee would present its account along with the complete draught of the PDP Bill during the Budget Session. Parliament, on the other hand, was adjourned, putting the Budget Session to a close, earlier than scheduled. Because informational privacy is of low importance in the legislative flow of business, technology implementation is at an all-time high, and data-driven governance is growing more common by the day, especially during the pandemic. While the government of India is taking steps to embrace technical capabilities in its endeavours, these initiatives are attended by the unrestricted collecting of an insuperable amount of personal data on Indian residents, which are usually unregulated.
The Importance of a Data Protection Law
The basic right to privacy does not specify claims which must accumulate till the case is decided. In the lack of a data protection statute, the courts adopted different positions on the breadth of fundamental aspects of privacy, such as the right to be forgotten. Because there is no data protection regulation in place, it is hard to tell what rights we have, rendering the fundamental right practically worthless. In addition, the lack of a standardized basis for prerogatives aggravates inconsistency throughout the courts and in our collective perception of this right Secondly, data protection rules encompass within themselves the capacity to offer powerful felony treatments, provide enamel to the essential proper, and offer disincentives for records fiduciaries to unlawfully acquire private records. Article 12 of the constitution does not include private individuals under its definition. The Indian charter, therefore, does not allow writ treatments in opposition to them.[2]
Furthermore, our data may comprise a variety of other categories that are expected or suspected to be delicate, such as contact numbers, residential addresses, political views, religious views, and so on. Although most of these are currently protected by the Bill, the Privacy Rules do not consider them to be “sensitive personal data”. Even in the case of sensitive personal data, although section 46 of the IT Act establishes a mechanism for adjudicating complaints, including under section 43A, there have been few recorded cases of individuals successfully claiming compensation. One of the reasons why there are so few cases of privacy enforcement is because there is little inducement to spend energy and a part of the day filing a complaint under current law. This is because the IT Act now only enables persons to “compensation” for actual losses, rather than genuine “damages”. Damages, on the other hand, can conceivably be punitive along with the restorative remedy of compensation. Apart from those constrained redress tools, it isn’t always feasible to convey a writ petition in opposition to the nation whenever a personal actor infringes citizens’ privacy, putting forward that the authorities are accountable for such failure to save you such breaches.
The right to privacy, like any other right, is meaningless unless we can properly enforce it. Thus, it remains a toothless right that does not provide enough incentive for corporations or the government to protect our privacy. The adoption of this concept of our fundamental rights by Indian courts, as well as the imposition of such duty on the state, is not unprecedented. In the case of Vishakha and Others v. State of Rajasthan and Others[3] which eventually led to the “vishakha guidelines”, the Supreme Court held the state circuitously liable for failing to enact legislation that effectively safeguarded females from sexual harassment at work, a violation of their fundamental right to dignity. The Supreme Court even published its instructions to fill the legal gap till the Sexual Harassment of Women at Workplace Act was passed in 2013. As each day passes in the absence of a data protection law, the government fails to fulfil its affirmative commitment to building an agenda that allows the citizens to successfully use the fundamental right to privacy.
The PDP Bill and the Delay
What adds to the delay is that even if the PDP Bill is passed by parliament and receives presidential approval, various clauses will only take effect as and when the Central government notifies them. While introducing a complex law is difficult, enforcing it all at once is even more so; to the advantage of the committee of experts headed by Justice B.N. Srikrishna, an earlier draught of the Bill (PDP Bill, 2018) intended a definite plan within which various provisions will be implemented, a delicate stability must be struck between accounting for managerial authenticities and intentionally seeking to make privacy an actual right.
However, as per the 2019 form of the PDP Bill, it is completely likely that certain provisions will go unnoticed for an indeterminate period, consequential in those provisions just existing on paper and never actually being practised in reality. Certainly, the government’s excessive postponement in proposing the PDP Bill, as well as its power to further postpone the PDP Bill’s implementation by informing various clauses individually and indeterminately, breaches the right to privacy of citizens. The linking among the due process and postponement, as well as how justice delayed is justice denied, has already been written about extensively.[4] The contest for a right to privacy has been slow and steady. One is left to ask if, in the four years since we recognised privacy as a basic right, the legislation could have been enacted to aid in its effective realisation.
Author(s) Name: Khushi Saxena (Symbiosis International University, Pune)
References:
[1] Bill No. 373 of 2019
[2] Agarwal, V. (2012). Privacy and data protection laws in India. International Journal of Liability and Scientific Enquiry, 5(3-4), 205-212.
[3] (1997) 6 SCC 241
[4] Singh, K. (2019). Legal Analysis of Data Protection and Privacy Laws in India. Review of Management, 9.