In the land mark Putt Swami Case (2017), the Supreme Court had unanimously decided that right to privacy is a fundamental right and part of Right to Life. It also mandated that the government must put in place a Data Protection Act, which provides adequate protection to citizens against potential misuse of sensitive data by corporates and government agencies. Justice Sri Krishna Committee (2018) made important suggestions like, obtaining data by lawful means, consent of data subject, fair and lawful processing and non-disclosure of data to others without consent of the data subject. Justice Sri Krishna also made an important recommendation that sensitive data must be located in India only. This recommendation was hugely contested by many MNCs as they believe that it would be far less expensive to store data outside the jurisdiction of the country concerned.
Consequent on the above recommendations, the Government of India has come up with a Data Protection Bill in 2021\, which envisages creation of Data Protection Authority and a penalty of 4 % of total world turnover of the MNC, in the event of infringement of data protection provisions. However, the proposed bill makes exceptions for eventualities like public welfare, law and order and exercise of any function of the State, and evidence-based research. Besides, the bill envisages that it is for the state to decide what constitutes a critical data. Justice Sri Krishna has been dismayed by the proposed bill which runs contrary to his recommendations, gives arbitrary power to intrude in to sensitive personal data under the subterfuge of national security & research. It is also against best global practices.
The Data Protection Act 2018 of U.K. gives special protection to race, religious belief, sex life and political belief. The European countries do not allow data sharing with other non-European countries. Justice Sri Krishna believes that the bill in its present form will turn India into an Orwellian state and India will become a surveillance state where Right to Privacy would be compromised due to arbitrary exercise of authority by the State.
It would be in the fitness of things to recount various misuse by social intermediaries to commercially profit and play political gamesmanship. In the IT Act of 2000, Section 79 of the Act has a Safe Harbour Protection to social intermediaries, provided they not actively involved in the dissemination of the message or modified the text in any way. In practice, however, the Cambridge Analytics Scandal in 2018 clearly reveals how data from Facebook was used in political slugfest between the Congress part and BJP. In Zoom application for conducting online classes and webinars, e-mail address and passwords of over 5 million zoom users have been compromised and sold in dark web for less than a rupee! Passwords constitute a very sensitive data and as per IT Act 2000, any such misuse of password would attract five-year imprisonment.
With the rise of FAANG (Facebook, Apple, Amazon, Netflix and Google), the whole dynamics of global business, IT application, information storing and entertainment dissemination has changed humongous. Facebook is a data monster which churns out 1.3 lakh photos and 5.1 lakh comments per minute on a global basis. Amazon has reduced processing time and significantly increased shopping time. Covid-19 has been a godsend in boosting e commerce as never before. Netflix has become the prime entertainment channel, with its innovative products like movie prompter. Google has become a way of life for teachers and students.
There is a perception that State Surveillance rather than data protection has become the main motive driver of Data Protection Law. The allegation that Pegasus spyware was used on opposition leaders, journalists, activists and judges has buttressed that apprehension. The famous biologist EO Wilson has observed that, “we have stumbled in to the 21st century with stone age emotion, medieval institutions and God like technology”. However, technology can be a nightmare if it pries in to privacy of citizens and misuses sensitive date to harvest commercially or dabbles in to the murky world of politics and settling scores against people with contrarian viewpoint. The Data Protection Bill must ensure that arbitrary exemptions being sought for by the government agencies to collect and process data under the sweeping shenanigan of national security is best eschewed. Parliamentarians like Jairam Ramesh had evinced strong reservation against the Data Protection Law in the present form in the JPC. The best global practices must be incorporated in the Data protection Bill so that Right to Privacy is respected by the state in letter and spirit. It should be debated properly in the Parliament instead of being purloined by majoritarian dictate.