Current Affairs


Indian data protection norms insufficient: report

  • Indian data protection laws are inadequate and only address some of the security, privacy and other issues addressed by similar laws in other countries, a report said.
  • At time when India is seeking to develop as digital economy, it is imperative to have in place an effective regime for protection of personal information..
  • India is pushing digital (and cashless) transactions, some linked to the biometricsbased Aadhaar number which has been assigned to around a billion Indians by the Unique Identification Authority of India.
  • The paper identified lack of a statute expressly recognizing privacy rights of an individual and rights over their personal data, especially in an interplay with nonstate actors and firms.
  • The paper enumerated important components of a robust data protection regime: entities required to comply with data protection norms; the kind of information to be protected; consent for collecting information; and the individual’s right to access his or her information held by another organization.
  • The paper argued for extension of data protection to all personal data and not merely sensitive personal data (the first includes passwords, financial information, health conditions, medical history, sexual orientation, biometric information).
  • It also suggested seeking consent of individuals before collecting all personal information.
  • The consent framework, which is a world standard, is universally recognized as flawed and very hard to administer given the amount of data being collected from us and in the context of the Internet of Things where machines collect data automatically.
  • The paper did not delve into a 2012 report of a group of experts on privacy chaired by justice A.P. Shah.
  • The report made suggestions including a technology-neutral law on privacy applicable to both government and private agencies.