P.S: We are aware that the suggestions made in this series of articles could be completely ignored by the Government which says that it already has a draft in an advanced stage. Nevertheless, let us go through suggesting a version from our side so that Government can save time in completing its exercise. It could at least be helpful in finetuning the version of the Government.
We are also aware that Privacy law is a very complex law and it is not possible to satisfy all stake holders fully. It is for this reason that the framing of this law has remained pending for over a decade.
The suggestions made here in are work in progress and may be modified and corrected with inputs from others.
The stakeholders for this law are
- Individuals whose Right to Privacy has to be protected
- Business Entities who process data for commercial purpose
- Government agencies
- Non Commercial organizations
The preamble of the Act has to capture the identity of the stake holders and the objectives of the law.
PDPB 2019 recognized the need to protect Privacy and fostering growth of digital economy. It also recorded the objectives as “Protection of digital Privacy” of individuals, facilitation of the “flow and usage of data”, protecting rights of individuals, laying down norms for social media platforms, cross border transfer, accountability of entities, remedies for unauthorised and harmful processing as well as to ensure the interest and security of the State, establish a data protection authority etc.
The Preamble needs to be reworded to properly capture the objectives of the Act without limiting the scope of the Act.
One suggested draft is as follows:
Where As, the Right to Privacy of an individual is a fundamental right of an Individual in the society, and it is the duty of the Government to protect the Right to Privacy in accordance with established international norms of countries respecting human rights,
Where As it is also the duty of the Government to effectively Govern the society and ensure Security of State, Security of individuals in the country, Maintain law and order as well as harmony in the society,
Where As for protecting the Right to Privacy of an individual, it is necessary to protect personal data from unauthorized use causing harm to individuals,
Where As for protecting personal data of Individuals, an appropriate Data Governance mechanism is required to be established for ensuring that data is processed in accordance with the need to protect the right to privacy of an individual without adversely affecting the the legitimate needs of Business and the Government or any other members of the society.
Be it enacted by Parliament ……