With no privacy code, How safe is your data?

Since the last week of May, a flurry of messages was sent by social network giants such as Facebook and Twitter and every obscure app on your phone about their updated privacy policy.

The sudden upsurge of concern for personal data by these organisations was the result of a new regulation by the European Union. The General Data Protection Regulation (GDPR) was notified in 2016 and it came into effect on May 25, 2018. The new law forced companies to rethink the manner in which they obtain, store and use the personal information of those signing up to use their products and services. Organisations found themselves scrambling to update their infrastructure in order to comply with the new regulations that allowed subjects greater control over their data.

Though India does not fall under the ambit of the GDPR which only applies to citizens of the EU, the implications of it are far-reaching. Almost all global organisations have had to change their information architecture in order to cater to the EU market, which implies that other nations without such stringent regulations have also accrued some benefits.

Close on the heels of the General Data Protection Regulation coming into effect, a ten-member committee headed by retired Supreme Court Judge Justice B N Srikrishna will submit the draft Data Protection Bill for India by the end of this week. The committee was constituted in August 2017 to evolve a framework for data protection in India. The main aim of the bill is to ensure the growth of digital economy in the country while safeguarding the personal data of millions of citizens.

While the draft bill by the Srikrishna committee is under lock and key until submission, a group of privacy activists published a set of guidelines based on the verdict of the Supreme Court in retired judge Puttaswamy Vs Union of India where the apexcourt of the land recognised the right to privacy as a fundamental right. The effort stemmed from the belief that the draft bill might take a narrow view with a fixation on data and ignore the crucial aspects of privacy.

Saveourprivacy.in is a community driven project whose model privacy bill puts the rights of citizens at the heart. The people involved in the effort include lawyers, policy analysts and those in the field of information technology. The Indian Privacy Code released by the group calls for the framework to legally codify principles of privacy so as to avoid it being weaponised against fundamental right to expression and right to information.

The group has called for restrictions on public and private entities collecting data from the people and the manner in which such information is used. Along with it is the need for enforceable rights for the citizens with regard to their data. The code also demands an institutional framework for the same at the central and state levels.

Indians are more vulnerable than ever to data theft, loss of personal information or misuse of data. The threat may come from individuals and organisations exploiting the loopholes in the law and the lax approach to data protection that has been seen thus far. The coming months will be crucial for the country in making comprehensive strides towards data protection.