Data Protection and Privacy Laws – A Wake up Call
Data protection and Privacy laws go hand in hand, and many developed countries have a proper legislation in place and some are in the process of examining the adequacy of the existing laws. UK enacted the Data Protection Act as far back as in 1984 which was subsequently repealed and the Data Protection Act, 1998 was put in place. This Act aims to protect the personal information of individuals, collected or stored for specified and lawful purposes alone. Dissemination of such information is restricted except with the consent of the individuals. I am sure most of us do recall the fine print and the tick mark to be put in a box, giving our consent to abide by the terms and conditions.
In other words, the Data protection Act places restrictions on the collection and distribution of personal data of individuals. No entity can do away with this requirement. The term entity is all encompassing, to include companies, firms, association of persons, clubs etc including online service providers and website operators. It doesn’t matter who collects the information, the crux is that the information thus collected falls under the purview of the key principles of ‘information handling’ under the Act.
Needless to say the EU Directive offers clear cut objectives and principles on the basis of which this piece of legislation has been modelled.
The next obvious question that pops in our minds is - who is responsible for regulation and compliance of this legislation? Under the UK Act, it is the Information Commissioner’s Office which is an independent authority appointed by the Crown as the regulatory authority.
It is interesting to note that the US has adopted a very different approach for protecting the privacy of individuals. The Act is more comprehensive in the sense that data protection and privacy is dealt with by a combination of enactments with separate laws for restricting and protecting privacy of electronic communications, as well; unlike the EU which focuses or relies on a single piece of legislation for both electronic and non electronic data protection.
Further for proper enforcement, US stresses on a combination of both regulation and self regulation. This is owing to the comprehensive nature of the various enactments. For instance, the United States has ensured online privacy protection of children where parental consent has to be obtained by website operators before they can collect information pertaining to them. They also have a consumer internet privacy protection act where the service providers are required to get permission of the subscribers before they can pass on the information to third parties. This is precisely the reason as to why self regulation was also thought necessary in the US context. However, in spite of all this, the digital era is a serious threat to privacy.
Smaller nations such as New Zealand also have a robust Act in place called the Privacy Act of 1993 in accordance with the OECD (Organisation for Economic Cooperation and Development) principles and are in the process of examining the adequacy of their laws in the quest of protecting and preserving the personal information of all individuals, including those visiting the country.
In sharp contrast to the above, the data protection and privacy law in India is very sketchy. In this rapidly advancing techie era and more particularly as we awake to new scams each day, it is imperative that the legislators revisit the Personal Data Protection Bill which was passed in 2006 but since then has been put in the backburner. A short while ago the nation took pride in the statement made by Obama that ‘India is not an emerging nation, it has emerged’. Well, as encouraging as this may sound, the irony is that since the time the US President departed, we have seen scams unfolding one after another like a Bollywood drama and each leaves a mindboggling figure that has disappeared in thin air, from our financial system.
It is amusing to know that all of a sudden, the corporate bigwigs are concerned about privacy laws. Again for the right reasons or the wrong ones, time alone can tell. It goes without saying that the Radia gate spark has kindled the fire and the media has not spared in exposing those who seemingly have played mischief in getting their share of the 2G spectrum for a song. Thanks to media power for empowering the common man who have started wondering whether one of the biggest democracy is being reduced to a banana republic.
Does it not sound a bit sad that it takes a scandal to trigger an interest in the long forgotten 2006 Bill? Today magazines splash articles as to how privacy is being impinged and that our country does not have the legislation to protect the same. People are not going to forget the fact that the driving force is the Radia gate scandal and the tapes which were released implicating businessmen, politicians and even media personnel. Cases are being filed in the courts for violation of the fundamental right granted by our Constitution, as they cannot take recourse under a separate legislation, which we do not have as yet. Had the law been in place these bigwigs may have gotten away with all this? Food for thought it sure is.
Majority of the people in India do not understand the meaning of the term privacy and that they have a right to have the same protected. We have to wait and see as to how the Privacy Laws are going to shape up, as a well intended enactment or a cover up operation for the protection of the data and privacy of a select few?
