Data gathering by Public Agencies

Context: Data gathering by public agencies picks up even as law hangs fire.

Data gathering by Public Agencies

• The Customs department mandating airlines to share personal details of international flyers,
• The Civil Aviation Ministry’s facial recognition system DigiYatra,
• The MeitY’s proposal to share non-personal data collected by the government with start-ups and researchers,
• CERT-In’s mandate asking virtual private network (VPN) service providers to store data of their users.

These are among a rising number of moves made by the Central government and its agencies to collect and process citizens’ data — all in the absence of a data protection law.

Recently the Centre withdrew the Data Protection Bill, 2021, saying that it will soon come out with a “comprehensive legal framework” for the online ecosystem.

Concerns

• There is a fundamental issue in treating citizens’ data as a “wealth resource”.
• With this approach of trying to treat data as a ‘sovereign wealth resource’ which then creates incentives for attempts to accumulate, and subsequently monetise large volumes of data.
• The government’s primary concern should be service delivery and safeguarding the information it gathers from citizens towards this end. Its key objective should not be to monetise this data for profit.
• The 2018-2019 Economic Survey of India referred to data as a ‘public good’. By definition, that means it should be treated as ‘non-excludable and non-rivalrous public good’ and not traded as if it were a commodity.

Laws for Data Protection across the Globe:

• European Union: The primary aim of the General Data Protection Regulation (GDPR) is to give individuals control over their personal data.
• US: It has sectoral laws to deal with matters of digital privacy such as the US Privacy Act, 1974, Gramm-Leach-Bliley Act etc.

Need for Data Protection law in India:

• For efficient management of data in the age of digitisation, a data protection law is needed.
• To check unauthorised leaks, hacking, cyber crimes, and frauds. Economic cost of data loss/theft is high.
• Large amounts of personal data have been collected by state agencies and private companies and their flow across national boundaries has been a cause for concern.
• The state and private agencies that are using the personal data are not transparent on the purpose for which the data is being utilised.
• To uphold the landmark judgement of Supreme Court (SC) in Justice K.S Puttaswamy vs Union of India case, that maintained the right to privacy as an inherent part of the fundamental right under Article 21 of the constitution.
• To improve business process, and for securing digital transactions and addressing customer and privacy protection issues.
• India has the 2^nd highest internet user base in the world. A strong data protection law is needed to protect their personal data.
• To curtail the perils of unregulated and arbitrary use of personal data. As most of the servers like Google, Facebook is outside India.

Way Forward

• In this digital age, data is a valuable resource that should not be left unregulated. In this context, the time is ripe for India to have a robust data protection regime.
• It is important to strike a right balance between digital economy and privacy protection. The law should encompass all the aspects- data collection, processing and sharing practices.
• Government should ensure that the law focuses on user rights with an emphasis on user privacy.
• The technological leaps made in the last two to three years also need to be addressed knowing that they have the capacity of turning the law redundant.

Source: Indian Express

The Hindu