Data Protection (Part 1/3) : Introduction & Background

This series intends to address the loopholes in the Draft Data Protection Bill formulated by the Committee under the Chairmanship of Hon’Ble B.N. Shrikrishna and to analyze the impacts the new Law would have on Financial Institutions. In furtherance of its objectives, the second part of this series traces the aims and objectives of this Bill and draws attention to certain remarkable features of the European Law on the subject. In the third part, it envisages the efforts, that are called for, from the financial sector to be compliant to this law. The series closes by stressing on the need for this much-awaited law despite the various hurdles that may come in the way of its implementation and compliance.

This Series aims to critically examine the Draft Personal Data Protection Bill, 2018 and attempts to provide solutions. If enacted, the law would have significant repercussions over various sectors domestically, similar to the widespread effects created by Europe’s General Data Protection Regulations (‘GDPR’). Financial Institutions such as Banks, non-banking financial institutions process huge amounts of personal data on a daily basis which is handled by various internal departments. Thus, it also aims to analyze the impact this law would have on financial institutions and information.

A Historic Order passed by the Supreme Court of India in Justice K.S. Puttaswamy v. Union of India[1], recognized the Right to Privacy as an integral part of Article 21 and Part III of the Indian Constitution.

A committee of Experts on a Data Protection framework for India under the Chairmanship of Justice B.N. Srikrishna released its white paper on November 27, 2017. The White Paper explored notions such as Fiduciary Relationship between individuals and service provider entities having access to such data and the liability placed by such relationship against abuse of power by service providers. The committee sought to settle for once, the domain of sensitive personal data. A crucial step frontwards has been taken by the Committee by bringing in consent-based processing and stipulating the unambiguous grounds for immunity from compliance. The Draft bill leads in array concepts such as autonomy, transparency and accountability presently absent in the Indian Jurisdiction. The Draft Bill formulated by the Committee is projected to be tabled in the Parliament in December 2018.

            In Karmanya Singh Sareen and Anr. v. Union of India and Ors.[2] a privacy policy rolled out by the popular smartphone app ‘Whatsapp’ in 2016 was challenged. Whatsapp was launched in 2010 and purchased by Facebook in 2014. It was contended that the challenged policy was pervasive to user privacy, in that it permitted retention of past information for the undefined period despite deletion of the app by users. The Delhi High Court rejected this petition on September 23, 2016, while ordering the deletion of data collected up to September 25, 2016, and directing the Telecom Regulatory Authority of India to consider bringing similar smartphone apps under its regulatory ambit. Aggrieved by this order, a Special Leave Petition was filed in the Supreme Court seeking firstly, whether the privacy policy violate Right to Privacy of its users, secondly, Is omission of an option to the user of not sharing their data with Facebook contrary to law and thirdly, whether the manner of obtaining user consent by Whatsapp deceitful. By its Order dated September 06, 2017, The Apex Court required Facebook and Whatsapp to file affidavits explaining what data is being shared by them and. The Court emphasized the need for this law and highlighted the efforts made by Shrikrishna Committee.

            Though previously an unsuccessful attempt was made to formulate a framework on data protection by a committee headed by A.P. Shah in 2012, the odds are in favour of passing the present draft bill, in light of the decisions such as Puttaswamy and Whatsapp Privacy Case.

Manal Shah

[1] Karmanya Singh Sareen and Anr. v. Union of India and Ors, (2018)1SCC809, Order dated 24 August 2017.

[2] Karmanya Singh Sareen v. Union of India Ministry of Communications Department of Telecommunications Secretary, SLP No. 804/2017 Diary No.- 42134 – 2016. (pending).

Leave a Reply

Your email address will not be published. Required fields are marked *