While discussing any legislation affecting Cyber Space, we discuss “Privacy” and “Data Protection” as important aspects for consideration. In India we are presently banking on ITA 2000/8 for “Data Protection” and “Constitutional Rights” for “Privacy Protection”. ITA 2000/8 can indirectly provide some relief for privacy breach from electronic space under sections such as 43A ,72 and 72A.
However the “Data Privacy Bill” is yet to be passed and hence statutory protection is still not available to the citizens of India for privacy protection beyond the principles established by earlier Supreme Court decisions as part of the constitutional rights.
Further some of the recent developments on Section 66A and the actions taken by police indicate that provisions of ITA 2000/8 are likely to be misapplied from time to time by uninformed police who may also be motivated by other considerations such as political influence.
These twin aspects of “Lack of Privacy Law” and “Mis use of law” when applied to the corporate scenario present “Risks” which cannot be properly assessed,mitigated, absorbed or transferred. They remain as uncovered risks of business and could badly hurt any business.
While Indian companies have to live with such bad implementation of law, in the context of attracting international investments into IT in India, these risks are considered huge barriers that may put off most of the international operators intending to invest in India.
In the global scenario, “Cloud Computing” is on a growth path and either as part of such “Cloud Computing” initiatives or as an increased attention to the DRP requirements the need for “Secured Data Centers” in India have been growing. This also offers an opportunity for international players to invest in huge data center facilities in India at least in some states where “quality power” is not an issue. This is also an opportunity for Indian companies to operate Data Centers as a part of “Service Exports”.
However the lack of “Privacy Protection” coupled with the enormous administrative powers that ITA 2000/8 bestows on lower echelons of bureaucracy and law enforcement make it difficult for reputed international players to seriously consider India as an offshore destination for their data center projects.
In this context we would like to place a suggestion before the community if it is time to set up designated “Privacy Protection Zones” where units will be provided privacy protection on par with the best global practices such as EU. In these zones special IT laws will be applicable which can be drafted specifically as “Special Cyber Space Laws”. Alternatively a “Privacy Protection Law” exclusively applicable to such zones can be drafted to work in conjunction with but overriding ITA 2000/8.
This being a high level policy decision, needs to be part of large consultative process. Naavi.org invites public comments on the proposal.