The evolution of India’s personal data protection bill is influenced by the need to protect the interests of businesses, the government and the individual, writes Yukti Sharma
India’s journey to a personal data protection law has its roots in the Aadhaar case, which ultimately led to the formation of the nine-judge bench in the case of KS Puttaswamy and Anr v Union of India, where the right to privacy was declared as a fundamental right.
It was during this case, in 2017, that a committee of experts led by Justice BN Krishna was constituted to propose the data protection framework for India. Cognizant of the economic benefits of innovation and the need for protection of the personal data of individuals, the mandate given by the government to the committee was to unlock the digital economy while keeping the data of citizens secure.
In July 2018, the committee released its draft Data Protection Bill, 2018. At its core, the bill handed the right to informational privacy to the individual. In line with the belief that the individual should be in control of their data, the committee was keen to make this legislation a model for the developing world. The bill proposed by the committee incorporated key concepts from the General Data Protection Regulation (GDPR) to provide Indians with a similar level of protection and rights as in Europe.
Protection from harm
In terms of personal data privacy, the Facebook/Cambridge Analytica scandal was the biggest eye opener for individuals’ lack of control over their data. Of the 87 million users affected worldwide, 500,000 were Indians. The committee recognized the potential for discrimination, exclusion, breach of privacy and harm due to the misuse of personal data. The 2018 bill takes into consideration the quantum of harm that may be caused to an individual while prescribing compliance requirements, protection measures and the manner of taking consent.
Yukti Sharma is the assistant vice president, legal, at Piramal Capital and Housing Finance. The views expressed are personal.