The Right to (Pry)-vacy: Understanding India’s Dystopian Data Protection Legislation
The Right to (Pry)-vacy: Understanding India’s Dystopian Data Protection Legislation
Bharat Manwani, 3rd Year Student – BBA LLB, Gujarat National Law University
Abhiraj Rana, 3rd Year Student – BA LLB, Gujarat National Law University
On 24th August 2017, the Supreme Court of India recognized the Right to Privacy, as a fundamental right enshrined within the Indian Constitution. This was a watershed for the evolution of the nation’s data protection laws. The judicial pronouncement was followed by several iterations of legislative proposals, until the Parliament eventually settled for the Digital Personal Data Protection Act, 2023 (DPDP Act). The Indian Government has championed the DPDP Act as a robust framework, aimed towards safeguarding the individual’s personal data and upholding their Right to Privacy. A wide latitude for executive discretion, however, forms a large part of the statute. Within the 44 Sections of the Act, the phrase “as may be prescribed” makes a staggering total of 26 appearances, facilitating blanket exemptions for consent and the lack of an oversight mechanism. The enactment thus discreetly deviates from the very objectives that have underpinned its creation. In legislative or judicial frameworks where such unfettered discretionary powers are unchecked, the Right to Privacy often turns into a casualty.
Key Features and Obligations within the DPDP Act
The DPDP Act is an attempt at balancing the right of individuals to protect their personal data along with the need to process their data. The framework identifies duties and obligations of 2 key parties to the regime; Data Principals and Data Fiduciaries. The former is the individual to whom the personal data belongs, whereas the latter collects and processes that data. Echoing the tenets of the General Data Protection Regulation (GDPR), the DPDP Act requires data fiduciaries to either obtain consent or identify a legitimate cause before collecting or processing such data. By limiting data processing with separate consent requirements specific to each purpose, the DPDP Act ensures that fiduciaries no longer, rely upon “bundled consent” and use that consent to exploit data principals. The framework further obligates fiduciaries to ensure accuracy of data, along with having security safeguards in the event of a data breach. On its face then, the DPDP Act appears to effectively fulfil its proposed objectives. Nevertheless, it cannot possibly fulfil at its intended objective, when simultaneously bestowing excessive discretionary powers at the hands of the executive. The DPDP Act instead raises concerns about the potential misuse of the statute and the erosion of individual freedoms, conflicting with principles of equality and the rule of law.
‘Exempting’ the Right to Privacy
Although a laudable step, the DPDP Act is nevertheless filled with exemptions and waivers, leaving ample scope for the government to engage in arbitrary conduct. Section 7 of the DPDP Act, for example, allows data fiduciaries to process personal data at specific instances, such as when required by law, in order to comply with a court’s decree, or when data principals voluntarily provide their personal data. Section 7(b) of the Act, however, enables government entities to sidestep consent requirements, exempting them from having purpose limitations upon personal data. This in turn could be exceedingly detrimental as it allows state instrumentalities to aggregate databases in the garb of administrative convenience. Regrettably, Section 7(b) is only a minor concern when compared to broader exemptions further laid down within the statute.
India’s data protection law does not merely waive government agencies from the application of certain provisions but exempts them from complying with the whole of the DPDP Act itself. Section 17(2) of the Act provides the Central Government with the above immunity for the sake of maintaining the nation’s sovereignty, integrity, public order, etc. Scholars responsible for the early drafts of India’s data protection laws have already raised concerns upon this newly added provision, remarking, “These are just broad words. What is the sovereignty of the nation?” Section 17(2) brings along severe and far-reaching consequences, offering government agencies the freedom to dispense with obtaining consent, ensuring data security and other such prescribed safeguards within the DPDP Act. The lack of oversight upon state instrumentalities allows the interests of the government to surpass the right to privacy, gradually establishing a modern-day Orwellian state.
Moreover, Section 17(2) of the DPDP Act is superfluous in view of exemptions already laid out within the previous subsection of the statute. Section 17(1)(c) already waives requirements of notice and consent, among others, for the purposes of processing data for the “prevention, detection, investigation or prosecution of any offence or contravention of any law.” In view of Section 17(1)(c) permitting sufficient latitude, the redundant inclusion of Section 17(2) of the Act only signals the government’s desire to ensure a complete non-application of the DPDP Act. Section 17(2) moreover facilitates the establishment of a segregated sphere of activities positioned outside the jurisdiction of data privacy norms, subverting democratic principles and civil liberties. In essence, the DPDP Act is far from “balancing” rights of individuals, and instead shifts the balance towards surveillance and the interests of the government.
The Oversight Vacuum
The Supreme Court of India has historically mandated safeguards for intercepting communication on the grounds as national security, with safeguards including establishing necessity, purpose limitation and storage limitation of said data. The DPDP Act, however, flagrantly undermines these safeguards, leaving absolutely no oversight upon the government’s use of personal data. The United Kingdom’s Data Protection Act of 2018 (UK’s Data Protection Act) is a noteworthy exemplar in this regard. Chapter 3 of the UK Act mandates warrants to be issued by judicial officers, before government agencies can process any personal datasets in the interest of national security. Furthermore, such administrative actions require establishing their necessity and proportionality, along with adequate parliamentary oversight upon the agency’s conduct. The contrast between the UK and the Indian approach underscores the significance of incorporating effective restraints in order to actually “balance” security imperatives and individual liberties.
Lost Expectations
In an earnest legal regime upholding the Right of Privacy, compensation should exist to address instances where such a right has been infringed. The UK’s Data Protection Act as well as the GDPR outrightly provide for compensation, by compensating data principals as much as $20,000 in the event of damages.
Within the Indian context, Section 43A of the Information Technology Act 2000 (IT Act), earlier reflected such expectations and consequently provided the right to be compensated in the event of a failure to protect data. The DPDP Act, as opposed to existing frameworks, omits any such mechanism for compensating data principals. The legislation, in fact, goes a step further in curtailing the data principal’s right to be compensated by revoking the application of Section 43A of the IT Act. Data principals under the new regime are, in effect, bereft of the ability to be compensated. By solely imposing liabilities upon organizations responsible for breaches, the DPDP disincentivizes data principals from filing complaints altogether. This warrants a careful evaluation of whether the DPDP Act sincerely upholds the right to privacy, while it discards the fundamental legitimate expectations of data protection frameworks.
“…Where discretion is absolute, man has always suffered. Absolute discretion is more destructive of freedom than any of man’s other inventions. Absolute discretion, like corruption, marks the beginning of the end of liberty…” J. Douglas in New York v. United States (1951).
On 11th August 2023, the Digital Personal Data Protection Act received presidential assent, thereby being enacted as India’s first ever data protection legislation. The Indian Parliament while passing the legislation, has debated upon the provisions of the DPDP Act for only a span of two hours. Blanket exemptions and the lack of oversight mechanisms hold potential for significant debate, yet the Parliament has overlooked the opportunity. The DPDP Act, while undoubtedly essential in addressing contemporary privacy challenges, strays into the realm of excessive discretion. These powers are further amplified, with the lack of effective checks and balances upon the government’s conduct. Last but not the least, revoking a data principal’s right to be compensated is far from upholding the individual’s right to privacy. An unfettered discretion, as stipulated within the DPDP Act, may just be the silent architect of a digital totalitarian regime.
This entry is unbelievable. The brilliant substance reveals the distributer’s interest. I’m stunned and anticipate more such astonishing sections.
This platform is phenomenal. The magnificent data uncovers the maker’s excitement. I’m shocked and expect additional such astonishing sections.
This asset is phenomenal. The wonderful information exhibits the proprietor’s earnestness. I’m stunned and anticipate more such astonishing sections.
It seems like you’re repeating a set of comments that you might have come across on various websites or social media platforms. These comments typically include praise for the content, requests for improvement, and expressions of gratitude. Is there anything specific you’d like to discuss or inquire about regarding these comments? Feel free to let me know how I can assist you further!
Thank you for reaching out! If you have any specific questions or topics in mind, please feel free to share them, and I’ll do my best to assist you. Whether you’re curious about a particular technology, scientific concept, literary work, or anything else, I’m here to provide information, advice, or engage in a discussion. Don’t hesitate to let me know how I can help you further!
Hello i think that i saw you visited my weblog so i came to Return the favore Im trying to find things to improve my web siteI suppose its ok to use some of your ideas
Hi i think that i saw you visited my web site thus i came to Return the favore Im attempting to find things to enhance my siteI suppose its ok to use a few of your ideas
I do not even know how I ended up here but I thought this post was great I dont know who you are but definitely youre going to a famous blogger if you arent already Cheers.
Hi i think that i saw you visited my web site thus i came to Return the favore Im attempting to find things to enhance my siteI suppose its ok to use a few of your ideas
I’ve learned so much from this blog and have implemented many of the tips and advice into my daily routine Thank you for sharing your knowledge!
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
I was suggested this web site by my cousin Im not sure whether this post is written by him as no one else know such detailed about my trouble You are incredible Thanks.
I genuinely admired what you’ve accomplished here. The outline is elegant, your written content fashionable, however, you seem to have acquired some unease about what you wish to present going forward. Undoubtedly, I’ll revisit more often, similar to I have nearly all the time, in case you sustain this ascent.
I sincerely enjoyed what you’ve accomplished here. The sketch is fashionable, your written content chic, yet you appear to have developed some apprehension regarding what you aim to offer thereafter. Certainly, I shall return more frequently, just as I have been doing almost constantly, should you uphold this upswing.
The breadth of knowledge compiled on this website is astounding. Every article is a well-crafted masterpiece brimming with insights. I’m grateful to have discovered such a rich educational resource. You’ve gained a lifelong fan!
This website has quickly become my go-to source for [topic]. The content is consistently top-notch, covering diverse angles with clarity and expertise. I’m constantly recommending it to colleagues and friends. Keep inspiring us!
Thank you for your response! I’m grateful for your willingness to engage in discussions. If there’s anything specific you’d like to explore or if you have any questions, please feel free to share them. Whether it’s about emerging trends in technology, recent breakthroughs in science, intriguing literary analyses, or any other topic, I’m here to assist you. Just let me know how I can be of help, and I’ll do my best to provide valuable insights and information!
What a fantastic resource! The articles are meticulously crafted, offering a perfect balance of depth and accessibility. I always walk away having gained new understanding. My sincere appreciation to the team behind this outstanding website.
Its like you read my mind You appear to know so much about this like you wrote the book in it or something I think that you can do with a few pics to drive the message home a little bit but other than that this is fantastic blog A great read Ill certainly be back
I share your level of appreciation for the work you have produced. The visual you have displayed is tasteful, and the content you have written is stylish. However, you seem to be uneasy about the possibility of delivering something that may be viewed as dubious in the near future. I agree that you will be able to address this concern in a timely manner.
Optimal Irrigation Solutions by Bwer Pipes: Bwer Pipes offers state-of-the-art irrigation solutions tailored to the unique requirements of Iraqi agriculture. Our innovative sprinkler systems and durable pipes are designed to enhance water efficiency and maximize crop yields, empowering farmers across Iraq. Learn More