Context:
-
The government is discussing a new data protection law to protect personal data of citizens, while also creating an enabling framework to allow public data to be mined effectively.
-
The move assumes significance amid the debate over security of individuals’ private data, including Aadhaar-linked biometrics, and the rising number of cyber-crimes in the country.
-
A proposal to this effect has been sent to the Prime Ministers’ Office for approval.
Why such law is needed?
-
The underlying infrastructure of the digital economy is data.
-
India is woefully unprepared to protect its citizens from the avalanche of companies that offer services in exchange for their data, with no comprehensive framework to protect users.
What is the present situation?
-
Currently, India does not have a separate law for data protection, and there is no body that specifically regulates data privacy.
-
There is nominally a data protection law in India in the form of the Reasonable Security Guidelines under Section 43A of the Information Technology Act. However, it is a toothless law and is never used.
-
Some redress for misuse of personal data by commercial entities is also available under the Consumer Protection Act enacted in 2015. As per the Act, the disclosure of personal information given in confidence is an unfair trade practice.
-
However, none of these has been effective.