Monday, March 28, 2011

Data Protection Law In India

This is the updated version of my previous article on data protection law in India. Although data protection law in India is urgently required yet Indian government has slept over the issue. Instead of protecting the civil liberties of Indians, it has chosen the opposite method of illegal e-surveillance and eavesdropping.

Even the projects of government of India have been victim of lack of privacy and data protection safeguards in India. Recently, the proposal to establish national counter terrorism centre (NCTC) of India was rejected by Finance Ministry of India citing privacy concerns.

Similarly, the proposal to launch national intelligence grid (Natgrid) in India was recently put on hold by Cabinet Committee on Security (CCS) of India. The CCS took a clue from precautionary advice given by techno-legal experts regarding the possible political misuse and violation of civil liberties of the Indian citizens.

As a result, the CCS withheld its nod and asked the Home Ministry to come back after further consultation with all stakeholders and incorporating adequate safeguards in this regard. CCS must be more proactive regarding data protection and privacy protection requirements of India.

Data protection is an important aspect of privacy rights protection and commercial expediency. On the one hand it ensures that privacy rights are respected by not divulging the sensitive information whereas on the other hand it is “must have” requirement of many business models.

Outsourcing industry relies heavily upon a sufficient and strong data protection law. In the Indian context, outsourcing industry is relying upon contractual terms as there is no dedicated data protection law in India. This is also hampering the outsourcing business to a great extent.

However, although commercial aspects of data protection can be ignored to a certain limit, this cannot be said about the constitutional requirements of privacy protection in India.

According to Praveen Dalal, a Supreme Court lawyers and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

If we analyse this situation in the light of recent e-surveillance projects of Indian government, the matter becomes worst. E-surveillance projects like Aadhar/UID, national intelligence grid (Natgrid), crime and criminals tracking networks and systems (CCTNS), central monitoring system (CMS), etc are not supported by any legal framework and parliamentary oversight.

What is ironical is that Intelligence Agencies of India and Law Enforcement Agencies of India themselves are not subject to any “Parliamentary Scrutiny”, informs Praveen Dalal. Indian Government must maintain a “Balance” between National Security and Civil Liberties, suggests Dalal.

When intelligence agencies are themselves outside the purview of parliamentary oversight and there are no privacy laws, data protection laws and data security laws, we cannot trust Indian government and its agencies much. Even the phone tapping in India is done in an unconstitutional manner in India.

In this background, it becomes absolutely essential for the Supreme Court of India to interfere. A writ petition regarding protection of privacy rights of an individual is already pending before the Supreme Court of India. I hope the court would do the justice once more.