Significance of Data Protection

Sumeer Sodhi, Partner, VSA Legal Headquartered in New Delhi, VSA Legal is a fully fledged law firm which excels in providing result-driven legal services to individual and corporate clients. The firm provides highest degree of involvement and availability in all undertaken cases and adheres to the advocate’s code of ethics to the highest degree whilst providing legal services.

The concept of data protection is alien to a substantial chunk of the Indian population even today. If we roll ourselves back by a few years, our approach towards preserving and storage of data, holding some relevance, either electronically or as a soft copy was completely naïve and unheard of. At the time, the far sighted thought of protecting it from any third party access or breach didn’t even cross our minds. A leaf could easily be drawn from the fact that the first legislation introduced on the subject matter (usage, transmission and storing of data electronically) i.e. the Information Technology Act, 2000, did not even cover the aspect of ‘Data Protection’ in its essence. The Act, as reflected from its Statement of Objects and Reasons, clearly enunciates that the intent with which it was proposed to be implemented, was related to e-commerce. The preamble to the act goes as – ‘An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as ‘electronic commerce’, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further……’.

In such circumstance, the provisions imposing penal consequences for committing identity theft, violating privacy and sharing obscene materials, can be termed as merely incidental to the Information Technology Act, and not as
the actual subject matter which was proposed to be dealt with under the IT Act.

The provisions imposing penal consequences for committing identity theft, violating privacy and sharing obscene materials, can be termed as merely incidental to the Information Technology Act

One would recall that the Government’s flagship scheme of having a unique identification card, popularly known as Aadhar Card, which was launched in the year 2009. In a short span, the scheme, seeking details such as fingerprints, retina scan and our entire existential proof, gained such a momentum that today, even before the Supreme Court of India decided upon the validity and correctness of this scheme, we have more than 100 crore citizens who have already been technologically mapped. We realized its noose getting tightened only after finding ourselves surrounded with the notifications and circulars demanding the linkage of every single personal statistic such as PAN Card, bank and mobile details with the seemingly innocuous scheme of storing the identity of citizens. I would not say that clamor made by several sections of society, questioning the rationality of the Government’s intention, made us aware of the significance our data beholds; rather it just invoked our sub-conscious skepticism behind this entire development which should have been discussed and deliberated before facing a gone by situation and belatedly asking the fundamental question which is, How safe is our Data? In the words of Shyam Divan appearing for certain civil society groups in the Supreme Court, Adhaar is nothing but electronic leashing for our entire lifetimes.

The issue of data protection has attracted further force and relevance post recent developments of sharing of personal information of its users by a social media giant to certain data mining institutions for mapping the behavioral pattern of social media users. This was utilized for effective communication and better election management. The entire controversy has once again raked up the underlying importance of ensuring safety of our personal information and preferences which have been duly profiled and stored in these social media websites. The fact that the servers hosting such domains are located beyond the territorial jurisdiction of our country coupled with a clear vacuum of appropriate legislation intensifies the whole argument of bringing certain imminent measures for protecting any further misuse of one’s personal data.

Imagine a situation where, what one chooses to wear, decides to eat and prefers to follow, will all be formulated by relentless mapping and manipulation of digitally available information surrounding ourselves. Though the phase of liberalization and globalization had its impact which was well within the realm and control of our institutions, however in the absence of a regulatory legislation, I wonder what the impact of unrestrained and ever-expanding digitization is going to be in times to come.