From UPSC perspective, the following things are important :
Prelims level : MEITY
Mains level : Paper 2- Need for data protection law
The Minister for the Ministry of Electronics and IT withdrew the Personal Data Protection Bill, 2019. The reasons for the withdrawal were circulated in a note to MPs, which stated that,“considering the report of the JPC (Joint Parliamentary Committee), a comprehensive legal framework is being worked upon…”.
Background of Personal Data Protection Bill
- An expert committee headed by Justice (retd) A P Shah recommended in October, 2012,“a detailed framework that serves as the conceptual foundation for the Privacy Act”.
- This did not come to fruition, with proposals buried by 2014 due to objections from the intelligence establishment on surveillance reforms.
- While petitions on the constitutionality of Aadhaar and the right to privacy were pending before the Supreme Court, the Union government constituted an expert group headed by Justice (retd) B N Srikrishna in July, 2017.
- In August, a nine-judge bench unanimously pronounced the Puttaswamy judgment that reaffirmed the fundamental right to privacy for the autonomy, dignity and liberty for every Indian.
- Justice D Y Chandrachud, who authored the majority opinion, noted the formation of the Srikrishna Committee as a positive obligation on the government to enact a law for informational privacy.
- In December 2019, government introduced the Personal Data Protection Bill, 2019 in Parliament.
- The draft law was referred to a JPC of 30 MPs that submitted a report after two years.
- With the withdrawal in Parliament on August 3, it almost seems institutional processes, in which all three branches of government worked for years, are being jettisoned in favour of “a comprehensive legal framework”.
Issues with reasons given for withdrawal of the Bill
- The JPC has nowhere suggested a withdrawal in favour of a “comprehensive legal framework”.
- The proper course was to consider the JPC’s recommendations including the dissent notes and expert analysis, redraft and introduce a new Data Protection Bill.
- Compliance burden concern of government: With the government setting the goal of a one trillion dollar digital economy, fears of a compliance burden can impede innovation and growth.
- Date protection is needed for innovation: Here, detailed reasoning is available in the Srikrishna Committee’s report as well as a growing international consensus suggesting that next-generation innovation in technology needs data protection.
- Regulatory intervention will improve business practices requiring engineering decisions that focus on user trust.
- Imperfections in law argument: With the imperfections within the Personal Data Protection Bill, 2019 and even the JPC report, there exists a reasonable argument that if passed into law, it may institutionalise bad privacy practices.
- Such a line of reasoning fails to recognise that institutional memory develops through reasonable due diligence and experience.
- Legislative foresight is limited and no law is perfect, which is why there exist parliamentary amendments and judicial review.
Today, there is a relentless pace of digitisation that relies on gathering personal data in all spheres of our lives. All of this is done in a legal vacuum without any oversight or remedy. This underscores the urgent need for data protection law.