India does not have a dedicated data privacy law, but the Supreme Court of India had declared the Right to Privacy as a Fundamental Right back in August last year. To that effect, the Ministry of Electronics and Information Technology (MeitY) had appointed an expert panel headed by former SC judge BN Srikrishna to draft a data protection law.
The Srikrishna committee had presented a white paper pertaining to the data protection legislation, you can read our complete breakdown of it in our 'Understanding the Data Protection White Paper' series.
While the deadline for presenting the first draft of the data protection law is approaching—by the end of the month— a group of private individuals and organisations have come together to create a site called Save Our Privacy. This is a collection of 11 organisations such as the Internet Freedom Foundation, Indian Kanoon, Youth Ki Awaaz, The Indian Liberals, among others. At the time of writing around 468 individuals have also expressed support for the initiative. You can pledge your support as well, by heading over to the site and registering. You can also donate money if you want to support the cause.
The site is divided into two basic parts which include the Indian Privacy Code 2018, which is a draft of a model bill, and 7 privacy principles.
The Indian Privacy Code 2018 is a model draft law which has been put together by the organisations and experts behind the site. This document comprises 24 pages of guidelines which is divided into 10 chapters covering various aspects pertaining to data privacy. This Code is just a means to spread the word on the importance of data privacy even as the BN Srikrishna committee presents its first draft. According to the site, "This draft hopes to build awareness, knowledge and discussion on specific and nuanced issues of privacy, data protection, interception and surveillance."
Since it is a citizen-driven initiative, it is not a hardcoded final document. If you feel you want to comment on certain aspects of the guidelines, you are more than welcome to do it and there is an email ID to respond to as well, with your suggestions.
The major points in the Code have been inspired by the Privacy (Protection) Bill, 2013 and the people behind the draft include a list of legal experts. Since it is a public advocacy initiative, the buck stops with you, the concerned citizen, of how far and wide you want to spread the word, and maybe nudge the government to do more on the matter.
The 7 privacy principles
As the Code is a lengthy document, with finer aspects of privacy detailed neatly, Save Our Privacy site has also added a section which distils the major takeaways from the Indian Privacy Code. Points that are inspired heavily by the Justice KS Puttuswamy v Union of India judgement which declared Right to Privacy as a Fundamental Right. The seven principles state the following:
- Individual rights are at the centre of privacy and data protection, which includes the right to autonomy and dignity.
- Data protection law must be based on privacy principles, should take into consideration advances in technology and global best practices from laws such as the EU's General Data Protection Regulation (GDPR). Any exceptions must be clearly worded.
- Need for a strong, independent Privacy Commission which ensures that these privacy principles are enforced, which ensures that disputes and violation of privacy incidents are dealt with in the right manner.
- The government should respect user privacy. While the use of technology for public benefits is understandable, the same cannot over-ride fundamental rights. "Individuals cannot be forced to trade away their data and citizenship at the altar of being permitted to use government services and access legal entitlements on welfare," it says.
- There shouldn't be a mass collection of data for surveillance purposes and it should abide by the principles of proportionality, which means that only that data which is required must be used for a specific purpose. And if an individual's data is used for surveillance, then it needs to be communicated to the person.
- Right to information needs to be protected
- Care should be taken to protect the global character of the open internet so that net neutrality is maintained. Any suggestions pertaining to blanket data localisation proposals which could threaten open internet should be resisted.